Lucene search
K

16828 matches found

CVE
CVE
added 2025/07/23 2:48 p.m.33 views

CVE-2025-40597

Summary: CVE-2025-40597 is a heap-based buffer overflow in the SonicWall SMA100 series web interface, allowing remote, unauthenticated attackers to cause DoS or potentially execute code. Affected software: SonicWall SMA100 series (web interface). Impact: Denial of Service and potential code execu...

7.5CVSS7.6AI score0.27599EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/07/23 2:48 p.m.2 views

CVE-2025-40597

A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution...

7.5CVSS6.1AI score0.27599EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/23 2:48 p.m.4 views

CVE-2025-40597

A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution...

7.6AI score0.27599EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/07/23 2:46 p.m.4 views

CVE-2025-40596

A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution...

7.3CVSS6.1AI score0.56063EPSS
Exploits0References2
CVE
CVE
added 2025/07/23 2:46 p.m.38 views

CVE-2025-40596

CVE-2025-40596 affects SonicWall SMA100 series Web Interface: a stack-based buffer overflow in the SMA100 web UI can be triggered remotely (no auth) and may cause DoS or, per the description, potentially enable code execution. The available sources confirm the vulnerability class and impact vecto...

7.3CVSS7.6AI score0.56063EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/07/23 9:15 a.m.3 views

CVE-2025-41684

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint tlsiotgensetting...

8.8CVSS0.00696EPSS
Exploits0References1
CVE
CVE
added 2025/07/23 8:23 a.m.18 views

CVE-2025-41684

An authenticated remote attacker can execute arbitrary commands with root privileges via the tls_iotgen_setting endpoint in the Main Web Interface of affected Apache IoT devices. Root cause is improper sanitizing of user input, enabling command injection. Impact is full control of the device at r...

8.8CVSS7.3AI score0.00696EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/23 8:22 a.m.3 views

CVE-2025-41683 Weidmueller: Root Command Injection via Unsanitized Input in event_mail_test Endpoint

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint eventmailtest...

8.8CVSS7.3AI score0.00696EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/23 12:57 a.m.10 views

CVE-2025-46120

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a...

9.8CVSS8.1AI score0.00998EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.2 views

Weidmueller多款产品 操作系统命令注入漏洞

The Weidmueller IE-SR-2TX-WL, among others, is an industrial-grade security router from Weidmueller, Germany. An operating system command injection vulnerability exists in several Weidmueller products. The vulnerability stems from improper cleanup of user input in the main web interface, which...

8.8CVSS7.6AI score0.00696EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/23 12:0 a.m.6 views

The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface allows a hacker to execute arbitrary commands.

The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface is related to the lack of measures taken to neutralize special elements during the processing of the NTP Server parameter. Exploiting this vulnerability allows a remote attacker to execu...

6.5CVSS5.9AI score0.04165EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.10 views

PT-2025-30589

Name of the Vulnerable Software and Affected Versions SonicWall SMA100 series Description A stack-based buffer overflow vulnerability in the web interface allows a remote, unauthenticated attacker to cause a Denial of Service DoS or potentially achieve code execution. Recommendations At the momen...

7.5CVSS8.2AI score0.56063EPSS
Exploits0References28
BDU FSTEC
BDU FSTEC
added 2025/07/23 12:0 a.m.5 views

The vulnerability in the web interface of the Wi-Fi router TP-Link Archer C1200 allows a hacker to compromise the integrity of the protected information.

The vulnerability of the web interface for managing microprogramming software on the TP-Link Archer C1200 Wi-Fi router is related to improper restrictions on the layers or frames displayed in the user interface. Exploiting this vulnerability allows a malicious actor to compromise the integrity of...

5CVSS5.5AI score0.00392EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.4 views

PT-2025-30593

Name of the Vulnerable Software and Affected Versions SMA100 series affected versions not specified Description A heap-based buffer overflow exists in the web interface. This allows a remote, unauthenticated attacker to cause a Denial of Service DoS or potentially achieve code execution...

7.5CVSS8.2AI score0.56063EPSS
Exploits0References21
NVD
NVD
added 2025/07/22 10:15 p.m.5 views

CVE-2025-41425

DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack. This could allow an attacker to prevent legitimate users from accessing the web interface...

8.1CVSS0.00337EPSS
Exploits0References2
CVE
CVE
added 2025/07/22 9:38 p.m.16 views

CVE-2025-41425

The CVE-2025-41425 entry concerns the DuraComm SPM-500 DP-10iN-100-MU device, with a cross-site scripting (XSS) vulnerability reported across multiple sources (NVD, RH, CVE list, security advisories). Affected component is the web interface; exploitation could prevent legitimate users from access...

8.1CVSS6.4AI score0.00337EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/22 9:38 p.m.8 views

CVE-2025-41425 DuraComm DP-10iN-100-MU Cross-site Scripting

DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack. This could allow an attacker to prevent legitimate users from accessing the web interface...

8.1CVSS0.00337EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/22 9:53 a.m.9 views

CVE-2025-7881

A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument code leads to weak password recovery. The attack can be initiated remotely. The...

5.1CVSS7.3AI score0.00282EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.1 views

ELECOM WRC-BE36QS-B和ELECOM WRC-W701-B 操作系统命令注入漏洞

The ELECOM WRC-BE36QS-B and ELECOM WRC-W701-B are both wireless routers from ELECOM Japan. The ELECOM WRC-BE36QS-B and ELECOM WRC-W701-B suffer from an operating system command injection vulnerability that originates from OS command injection in the WebGUI, which could lead to the execution of...

8.6CVSS7.4AI score0.01051EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.4 views

DuraComm SPM-500 DP-10iN-100-MU 跨站脚本漏洞

The DuraComm SPM-500 DP-10iN-100-MU is a DC power distribution panel from DuraComm USA. A cross-site scripting vulnerability exists in the DuraComm SPM-500 DP-10iN-100-MU, which stems from susceptibility to cross-site scripting attacks that could prevent a legitimate user from accessing the web...

8.1CVSS5.8AI score0.00337EPSS
Exploits0References3
Rows per page
Query Builder