Lucene search
K

16831 matches found

CVE
CVE
added 2025/07/11 2:40 p.m.31 views

CVE-2025-52950

Juniper Networks Security Director has a Missing Authorization vulnerability (CVE-2025-52950) where an unauthenticated network-based attacker can read or tamper with sensitive resources through the web interface. The issue arises from endpoints that do not validate authorization, allowing access ...

9.6CVSS6.5AI score0.00373EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/11 2:40 p.m.4 views

CVE-2025-52950 Juniper Security Director: Insufficient authorization for multiple endpoints in web interface

A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and...

9.6CVSS7.1AI score0.00373EPSS
Exploits0References1
NCSC
NCSC
added 2025/07/11 9:55 a.m.4 views

Vulnerability fixed in Juniper Networks Security Director

Juniper has fixed a vulnerability in Juniper Networks Security Director. The vulnerability is located in the web interface of Juniper Networks Security Director, where insufficient authorization validation allows unauthenticated attackers to access and manipulate sensitive resources. This can lea...

9.6CVSS6.9AI score0.00373EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/11 9:14 a.m.4 views

CVE-2025-50121

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default...

9.5CVSS7.4AI score0.15311EPSS
Exploits1References1
CVE
CVE
added 2025/07/11 9:14 a.m.40 views

CVE-2025-50121

Schneider Electric EcoStruxure IT Data Center Expert (DCE)

9.5CVSS7.4AI score0.15311EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/11 9:14 a.m.9 views

CVE-2025-50121

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by default...

9.5CVSS0.15311EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/07/11 12:0 a.m.10 views

The vulnerability of the web interface of the software for managing the infrastructure of the EcoStruxure IT Data Center Expert allows a perpetrator to execute arbitrary code.

The vulnerability of the web interface of the software for managing the infrastructure of the EcoStruxure IT Data Center Expert is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by creating ...

10CVSS6AI score0.15311EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/07/10 5:15 p.m.11 views

CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface listening by default on port 5466 runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands i.e., through the web console or the task scheduler, and they are...

6.6CVSS0.03513EPSS
Exploits24References2
OSV
OSV
added 2025/07/10 5:15 p.m.6 views

CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface listening by default on port 5466 runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands i.e., through the web console or the task scheduler, and they are...

6.6CVSS6.1AI score0.95343EPSS
Exploits23References2
CVE
CVE
added 2025/07/10 12:0 a.m.48 views

CVE-2025-47811

Wing FTP Server (versions up to 7.4.4) is affected by CVE-2025-47811: the admin web interface runs as root/SYSTEM by default, and the web app exposes legitimate ways to execute system commands which are executed with the highest privileges. This creates a potential privilege escalation via the we...

6.6CVSS9.7AI score0.95343EPSS
Exploits24References2Affected Software1
NCSC
NCSC
added 2025/07/09 8:33 a.m.23 views

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an information leak in the SD-WAN feature, which allows unauthorized users to intercept packets and access unsecured data from the firewall. This poses a risk to sensitive information being transmitted. In additio...

8.6CVSS7.9AI score0.01024EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.7 views

The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controller ABB RMC-100 and RMC-100-LITE allows a intruder to gain unauthorized access to protected information.

The vulnerability of the MQTT protocol web interface implementation for microprogrammable controllers ABB RMC-100 and RMC-100-LITE lies in the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

5.3CVSS5.5AI score0.00228EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.6 views

The vulnerability of the web interface of IP camera software and digital/netscreen video recorders from Avtech allows a intruder to perform a CSRF attack.

The vulnerability of the web interface of IP camera software and digital/netscreen recorders from Avtech relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...

5CVSS5.5AI score0.00246EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.6 views

The vulnerability in the web interface of the software for monitoring social networks on the Cisco Customer Collaboration Platform (formerly Cisco SocialMiner) allows a perpetrator to disclose protected information.

The vulnerability of the web interface of the software for monitoring social networks on the Cisco Customer Collaboration Platform formerly Cisco SocialMiner is related to errors in information processing. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

5CVSS5.5AI score0.00302EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.8 views

The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controller ABB RMC-100 and RMC-100-LITE allows a intruder to trigger a service failure.

The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controllers ABB RMC-100 and RMC-100-LITE lies in the fact that the operation data is written outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause...

7.8CVSS5.7AI score0.00326EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.7 views

The vulnerability in the web interface of the software platform for managing calls in the Cisco Unified Intelligent Contact Management Enterprise system allows a perpetrator to perform cross-site scripting attacks.

The vulnerability in the web interface of the software platform for managing calls in the Cisco Unified Intelligent Contact Management Enterprise system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform...

6.4CVSS5.2AI score0.00227EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.5 views

The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controller ABB RMC-100 and RMC-100-LITE allows a intruder to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the MQTT protocol implementation in the web interface of the microprogrammable controller ABB RMC-100 and RMC-100-LITE devices lies in the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to bypass security restrictions and...

6.5CVSS5.4AI score0.00245EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2025/07/08 7:15 p.m.1 views

CVE-2023-43039

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.1CVSS5.4AI score0.00183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.5 views

PT-2025-29220 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: A flaw exists that may allow unauthenticated remote code execution when a malicious folder is created via the web interface HTTP when it is enabled. HTTP is disabled by default...

10CVSS7AI score0.15311EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/07/07 7:2 a.m.7 views

CVE-2025-7117 UTT HiPER 840G websWhiteList buffer overflow

A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328. This vulnerability affects unknown code of the file /goform/websWhiteList. The manipulation of the argument addHostFilter leads to buffer overflow. The attack can be initiated remotely. The exploit has been...

9CVSS0.00795EPSS
Exploits1References5
Rows per page
Query Builder