Lucene search
K

16830 matches found

BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.14 views

The vulnerability in the web interface of Qtech switches, related to incorrect processing of cookie files, allows attackers to elevate their privileges to the level of administrators.

A vulnerability in the web interface of Qtech switches, related to improper handling of cookie files. Exploiting this vulnerability can allow a remote attacker to elevate their privileges to the level of an administrator...

10CVSS5.5AI score
Exploits0Affected Software4
NVD
NVD
added 2025/07/15 9:15 p.m.12 views

CVE-2025-49834

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py opendenoise function. denoiseinpdir and denoiseoptdir take user input, which is passed to the opendenoise function, which concatenates the user...

9.8CVSS0.033EPSS
Exploits1References5
OSV
OSV
added 2025/07/15 8:29 p.m.6 views

CVE-2025-49835 GHSL-2025-047: GPT-SoVITS Command Injection vulnerability

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py openasr function. asrinpdir and a number of other variables takes user input, which is passed to the openasr function, which concatenates the...

9.3CVSS7.8AI score0.03377EPSS
Exploits1References7
NVD
NVD
added 2025/07/15 1:15 p.m.6 views

CVE-2025-34115

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

8.7CVSS0.02321EPSS
Exploits0References4
NVD
NVD
added 2025/07/15 1:15 p.m.5 views

CVE-2025-34105

A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote...

10CVSS0.00999EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/15 1:4 p.m.10 views

CVE-2025-34115 OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

8.7CVSS0.02321EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/07/15 1:4 p.m.3 views

CVE-2025-34115

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

8.7CVSS6.1AI score0.02321EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/15 12:0 a.m.5 views

PT-2025-29556 · Op5 · Op5 Monitor

Name of the Vulnerable Software and Affected Versions: OP5 Monitor versions through 7.1.9 Description: An authenticated command injection vulnerability exists in OP5 Monitor. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as...

8.7CVSS7.6AI score0.02321EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/07/14 5:2 a.m.4 views

CVE-2025-7574 LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to...

10CVSS7AI score0.00745EPSS
Exploits0References5
CVE
CVE
added 2025/07/14 5:2 a.m.33 views

CVE-2025-7574

The CVE-2025-7574 affects LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000, up to version 20250702. The Web Interface’s /cgi-bin/lighttpd.cgi reboot/restore function is susceptible to improper authentication, enabling remote exploitation. Public disclosures exist; ...

10CVSS9.5AI score0.00745EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/14 5:2 a.m.12 views

CVE-2025-7574 LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to...

10CVSS0.00745EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/07/14 12:0 a.m.7 views

The vulnerability of the sub_410DDC() function in the web interface of the D-Link DIR-825 router’s microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the sub410DDC function in the web interface of the D-Link DIR-825 router’s microprogramming software is related to the reading of data beyond the buffer boundaries in memory during the processing of the language parameter. Exploiting this vulnerability allows a remote attacke...

10CVSS8.7AI score0.1598EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/14 12:0 a.m.6 views

The vulnerability in the FTP server’s web interface of Wing allows a hacker to elevate their privileges and execute arbitrary code.

The vulnerability of the FTP server’s web interface in Wing involves the insertion of a zero byte %00 into the user’s username string during the processing of the loginok.html endpoint. Exploiting this vulnerability allows an attacker to enhance their privileges and execute arbitrary code...

10CVSS7.3AI score0.95343EPSS
Exploits23References4Affected Software1
Snyk
Snyk
added 2025/07/13 8:15 p.m.3 views

Cross-site Scripting (XSS)

Overview roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interaction between URLs and issue tracker templates. An attacker can execute arbitrary scripts...

6.4CVSS5.4AI score0.00184EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/13 9:22 a.m.3 views

CVE-2025-50121

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default...

9.5CVSS7.4AI score0.15311EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/07/12 12:28 a.m.11 views

CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface listening by default on port 5466 runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands i.e., through the web console or the task scheduler, and they are...

10CVSS9.7AI score0.95343EPSS
Exploits24References1
NVD
NVD
added 2025/07/11 3:15 p.m.3 views

CVE-2025-52950

A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and...

9.6CVSS0.00373EPSS
Exploits0References1
OSV
OSV
added 2025/07/11 3:15 p.m.3 views

CVE-2025-52950

A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and...

6.4CVSS5.8AI score0.00373EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/11 2:40 p.m.5 views

CVE-2025-52950 Juniper Security Director: Insufficient authorization for multiple endpoints in web interface

A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and...

9.6CVSS0.00373EPSS
Exploits0References1
CVE
CVE
added 2025/07/11 2:40 p.m.31 views

CVE-2025-52950

Juniper Networks Security Director has a Missing Authorization vulnerability (CVE-2025-52950) where an unauthenticated network-based attacker can read or tamper with sensitive resources through the web interface. The issue arises from endpoints that do not validate authorization, allowing access ...

9.6CVSS6.5AI score0.00373EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder