16831 matches found
CVE-2025-52950
Juniper Networks Security Director has a Missing Authorization vulnerability (CVE-2025-52950) where an unauthenticated network-based attacker can read or tamper with sensitive resources through the web interface. The issue arises from endpoints that do not validate authorization, allowing access ...
CVE-2025-52950 Juniper Security Director: Insufficient authorization for multiple endpoints in web interface
A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and...
Vulnerability fixed in Juniper Networks Security Director
Juniper has fixed a vulnerability in Juniper Networks Security Director. The vulnerability is located in the web interface of Juniper Networks Security Director, where insufficient authorization validation allows unauthenticated attackers to access and manipulate sensitive resources. This can lea...
CVE-2025-50121
A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default...
CVE-2025-50121
Schneider Electric EcoStruxure IT Data Center Expert (DCE)
CVE-2025-50121
A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default...
The vulnerability of the web interface of the software for managing the infrastructure of the EcoStruxure IT Data Center Expert allows a perpetrator to execute arbitrary code.
The vulnerability of the web interface of the software for managing the infrastructure of the EcoStruxure IT Data Center Expert is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by creating ...
CVE-2025-47811
In Wing FTP Server through 7.4.4, the administrative web interface listening by default on port 5466 runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands i.e., through the web console or the task scheduler, and they are...
CVE-2025-47811
In Wing FTP Server through 7.4.4, the administrative web interface listening by default on port 5466 runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands i.e., through the web console or the task scheduler, and they are...
CVE-2025-47811
Wing FTP Server (versions up to 7.4.4) is affected by CVE-2025-47811: the admin web interface runs as root/SYSTEM by default, and the web app exposes legitimate ways to execute system commands which are executed with the highest privileges. This creates a potential privilege escalation via the we...
Vulnerabilities fixed in Palo Alto PAN OS
Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an information leak in the SD-WAN feature, which allows unauthorized users to intercept packets and access unsecured data from the firewall. This poses a risk to sensitive information being transmitted. In additio...
The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controller ABB RMC-100 and RMC-100-LITE allows a intruder to gain unauthorized access to protected information.
The vulnerability of the MQTT protocol web interface implementation for microprogrammable controllers ABB RMC-100 and RMC-100-LITE lies in the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the web interface of IP camera software and digital/netscreen video recorders from Avtech allows a intruder to perform a CSRF attack.
The vulnerability of the web interface of IP camera software and digital/netscreen recorders from Avtech relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...
The vulnerability in the web interface of the software for monitoring social networks on the Cisco Customer Collaboration Platform (formerly Cisco SocialMiner) allows a perpetrator to disclose protected information.
The vulnerability of the web interface of the software for monitoring social networks on the Cisco Customer Collaboration Platform formerly Cisco SocialMiner is related to errors in information processing. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controller ABB RMC-100 and RMC-100-LITE allows a intruder to trigger a service failure.
The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controllers ABB RMC-100 and RMC-100-LITE lies in the fact that the operation data is written outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause...
The vulnerability in the web interface of the software platform for managing calls in the Cisco Unified Intelligent Contact Management Enterprise system allows a perpetrator to perform cross-site scripting attacks.
The vulnerability in the web interface of the software platform for managing calls in the Cisco Unified Intelligent Contact Management Enterprise system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform...
The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controller ABB RMC-100 and RMC-100-LITE allows a intruder to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the MQTT protocol implementation in the web interface of the microprogrammable controller ABB RMC-100 and RMC-100-LITE devices lies in the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to bypass security restrictions and...
CVE-2023-43039
IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
PT-2025-29220 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: A flaw exists that may allow unauthenticated remote code execution when a malicious folder is created via the web interface HTTP when it is enabled. HTTP is disabled by default...
CVE-2025-7117 UTT HiPER 840G websWhiteList buffer overflow
A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328. This vulnerability affects unknown code of the file /goform/websWhiteList. The manipulation of the argument addHostFilter leads to buffer overflow. The attack can be initiated remotely. The exploit has been...