16825 matches found
The vulnerability of the web interface of the microprogrammed software routers DIR-615 allows a hacker to execute arbitrary commands.
The vulnerability of the web interface of the microprogrammed software router DIR-615 arises from the lack of checks on input data in the pingipaddr parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the web interface of the IBM QRadar SIEM system allows a perpetrator to carry out cross-site scenario attacks.
The vulnerability of the IBM QRadar SIEM’s web interface is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
Packet Power EMX and EG
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full access to the device without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimizing...
PT-2025-32264
Name of the Vulnerable Software and Affected Versions OpenVPN Access Server affected versions not specified Description The vulnerability allows an attacker to perform JavaScript injection via the SAML relaystate. This could potentially lead to Remote Code Execution RCE. Recommendations At the...
CVE-2025-50740
AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting xss vulnerability. The AutoConnect web interface /ac/config allows HTML/JS code to be executed via a crafted network SSID...
AutoConnect 安全漏洞
AutoConnect is an Arduino library by the individual developer Hieromon Ikasamo. A security vulnerability exists in AutoConnect version 1.4.2, which stems from the AutoConnect web interface /ac/config that allows execution of HTML/JS code in a specially crafted network SSID, potentially leading to...
The vulnerability in the tmUnblock.cgi script of the wireless router software from Linksys WRT120N allows a intruder to gain unauthorized access to the control web interface.
The vulnerability of the tmUnblock.cgi microprogramming software for wireless routers like Linksys WRT120N is related to buffer overflows in the stack when processing the TMBlockURL parameter. Exploiting this vulnerability allows an attacker to gain unauthorized access to the web-based control...
The vulnerability in the web interface for managing Microprogramming Software on Intelbras RX 1500 and RX 3000 allows attackers to carry out cross-site scripting attacks.
The vulnerability of the web interface for managing Microprogramming Software on Intelbras RX 1500 and RX 3000 is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sendi...
CVE-2013-10062
A directory traversal vulnerability exists in Linksys router's web interface tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the nextpage POST parameter to access arbitrary files outside the...
CVE-2025-54424 1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution
1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...
CVE-2013-10062
A directory traversal vulnerability exists in Linksys router's web interface tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the nextpage POST parameter to access arbitrary files outside the...
CVE-2013-10050
CVE-2013-10050 affects D-Link DIR-300 (rev A, v1.05) and DIR-615 (rev D, v4.13). An authenticated user can exploit the tools_vct.xgi CGI endpoint to inject commands via pingIp, leading to full device compromise (telnet daemon and root shell). The flaw is tied to firmware exposing tools_vct.xgi on...
CVE-2025-51569
A cross-site scripting XSS vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U1406 router's web interface. The /goform/goformgetcmdprocess endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to...
PT-2025-31550 · Lb Link · Lb-Link Bl-Cpe300M
Name of the Vulnerable Software and Affected Versions: LB-Link BL-CPE300M version 01.01.02P42U14 06 Description: A cross-site scripting XSS vulnerability exists in the web interface of the router. The /goform/goform get cmd process API endpoint fails to sanitize user input in the cmd parameter...
CVE-2025-51569
CVE-2025-51569 describes a cross-site scripting (XSS) vulnerability in the LB-Link BL-CPE300M web interface. The issue stems from the endpoint /goform/goform_get_cmd_process, where input in the cmd parameter is not properly sanitized before being reflected into a text/html response, enabling an a...
The vulnerability of the web interface of the IBM Robotic Process Automation software allows a perpetrator to disclose account information during a secure session.
The vulnerability of the web interface of the IBM Robotic Process Automation software lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to obtain login credentials during a secure session by executing the code...
CVE-2025-31965 HCL BigFix Remote Control is affected by an authorization bypass vulnerability
Improper access restrictions in HCL BigFix Remote Control Server WebUI versions 10.1.0.0248 and lower allow non-admin users to view unauthorized information on certain web pages...
CVE-2025-28171
An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi...
TP-Link TL-WR841N 安全漏洞
The TP-LINK TL-WR841N is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK TL-WR841N V11 version, which originates from insufficient validation of input parameters in the /userRpm/WlanNetworkRpm.htm file, which could result in a buffer overflow and denial of...
CVE-2025-8259
A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function executeDataObjectProc of the file /grid/vgridserver.php of the component Web interface. Such manipulation of the argument xajaxargs leads to os command injection. The attack can be execut...