Lucene search
K

16825 matches found

BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.7 views

The vulnerability of the web interface of the microprogrammed software routers DIR-615 allows a hacker to execute arbitrary commands.

The vulnerability of the web interface of the microprogrammed software router DIR-615 arises from the lack of checks on input data in the pingipaddr parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS5.9AI score0.1911EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.5 views

The vulnerability of the web interface of the IBM QRadar SIEM system allows a perpetrator to carry out cross-site scenario attacks.

The vulnerability of the IBM QRadar SIEM’s web interface is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.4CVSS5.2AI score0.00199EPSS
Exploits0References2
ICS
ICS
added 2025/08/07 6:0 a.m.5 views

Packet Power EMX and EG

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full access to the device without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimizing...

9.8CVSS7.6AI score0.00508EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.9 views

PT-2025-32264

Name of the Vulnerable Software and Affected Versions OpenVPN Access Server affected versions not specified Description The vulnerability allows an attacker to perform JavaScript injection via the SAML relaystate. This could potentially lead to Remote Code Execution RCE. Recommendations At the...

7.2AI score0.00204EPSS
Exploits0References6
OSV
OSV
added 2025/08/06 9:15 p.m.6 views

CVE-2025-50740

AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting xss vulnerability. The AutoConnect web interface /ac/config allows HTML/JS code to be executed via a crafted network SSID...

6.1CVSS5.2AI score
Exploits0References2
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.1 views

AutoConnect 安全漏洞

AutoConnect is an Arduino library by the individual developer Hieromon Ikasamo. A security vulnerability exists in AutoConnect version 1.4.2, which stems from the AutoConnect web interface /ac/config that allows execution of HTML/JS code in a specially crafted network SSID, potentially leading to...

6.1CVSS6.3AI score0.00244EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/08/06 12:0 a.m.9 views

The vulnerability in the tmUnblock.cgi script of the wireless router software from Linksys WRT120N allows a intruder to gain unauthorized access to the control web interface.

The vulnerability of the tmUnblock.cgi microprogramming software for wireless routers like Linksys WRT120N is related to buffer overflows in the stack when processing the TMBlockURL parameter. Exploiting this vulnerability allows an attacker to gain unauthorized access to the web-based control...

6.3CVSS5.8AI score0.00727EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/08/06 12:0 a.m.8 views

The vulnerability in the web interface for managing Microprogramming Software on Intelbras RX 1500 and RX 3000 allows attackers to carry out cross-site scripting attacks.

The vulnerability of the web interface for managing Microprogramming Software on Intelbras RX 1500 and RX 3000 is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sendi...

7.5CVSS5.2AI score0.00908EPSS
Exploits2References5Affected Software2
RedhatCVE
RedhatCVE
added 2025/08/04 9:33 a.m.13 views

CVE-2013-10062

A directory traversal vulnerability exists in Linksys router's web interface tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the nextpage POST parameter to access arbitrary files outside the...

6.9CVSS7.3AI score0.01343EPSS
Exploits0References1
OSV
OSV
added 2025/08/01 11:4 p.m.6 views

CVE-2025-54424 1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

8.1CVSS7.2AI score0.00864EPSS
Exploits5References5
NVD
NVD
added 2025/08/01 9:15 p.m.6 views

CVE-2013-10062

A directory traversal vulnerability exists in Linksys router's web interface tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the nextpage POST parameter to access arbitrary files outside the...

6.9CVSS0.01343EPSS
Exploits0References4
CVE
CVE
added 2025/08/01 8:39 p.m.24 views

CVE-2013-10050

CVE-2013-10050 affects D-Link DIR-300 (rev A, v1.05) and DIR-615 (rev D, v4.13). An authenticated user can exploit the tools_vct.xgi CGI endpoint to inject commands via pingIp, leading to full device compromise (telnet daemon and root shell). The flaw is tied to firmware exposing tools_vct.xgi on...

8.8CVSS6.2AI score0.09637EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/31 12:0 a.m.3 views

CVE-2025-51569

A cross-site scripting XSS vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U1406 router's web interface. The /goform/goformgetcmdprocess endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to...

5.5AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.4 views

PT-2025-31550 · Lb Link · Lb-Link Bl-Cpe300M

Name of the Vulnerable Software and Affected Versions: LB-Link BL-CPE300M version 01.01.02P42U14 06 Description: A cross-site scripting XSS vulnerability exists in the web interface of the router. The /goform/goform get cmd process API endpoint fails to sanitize user input in the cmd parameter...

6.1CVSS5.6AI score0.00242EPSS
Exploits0References6
CVE
CVE
added 2025/07/31 12:0 a.m.16 views

CVE-2025-51569

CVE-2025-51569 describes a cross-site scripting (XSS) vulnerability in the LB-Link BL-CPE300M web interface. The issue stems from the endpoint /goform/goform_get_cmd_process, where input in the cmd parameter is not properly sanitized before being reflected into a text/html response, enabling an a...

6.1CVSS5.6AI score0.00242EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/07/31 12:0 a.m.6 views

The vulnerability of the web interface of the IBM Robotic Process Automation software allows a perpetrator to disclose account information during a secure session.

The vulnerability of the web interface of the IBM Robotic Process Automation software lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to obtain login credentials during a secure session by executing the code...

4.4CVSS5.4AI score0.00199EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/29 4:53 p.m.2 views

CVE-2025-31965 HCL BigFix Remote Control is affected by an authorization bypass vulnerability

Improper access restrictions in HCL BigFix Remote Control Server WebUI versions 10.1.0.0248 and lower allow non-admin users to view unauthorized information on certain web pages...

8.2CVSS6.5AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2025/07/29 4:15 p.m.6 views

CVE-2025-28171

An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi...

6.5CVSS5.8AI score0.00399EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.3 views

TP-Link TL-WR841N 安全漏洞

The TP-LINK TL-WR841N is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK TL-WR841N V11 version, which originates from insufficient validation of input parameters in the /userRpm/WlanNetworkRpm.htm file, which could result in a buffer overflow and denial of...

7.5CVSS6.1AI score0.00309EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/07/28 5:32 a.m.4 views

CVE-2025-8259

A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function executeDataObjectProc of the file /grid/vgridserver.php of the component Web interface. Such manipulation of the argument xajaxargs leads to os command injection. The attack can be execut...

9.8CVSS6.8AI score0.03247EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder