Lucene search
K

16830 matches found

RedhatCVE
RedhatCVE
added 2025/07/04 8:27 p.m.12 views

CVE-2025-34078

A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file nsclient.ini stores the administrative password in plaintext and is readable by local users. By extracting this password, an attack...

7.8CVSS7.4AI score0.00501EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/07/04 8:27 p.m.12 views

CVE-2025-34079

An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface default port 8443, inject arbitrary commands as externa...

7.8CVSS7.6AI score0.01277EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/07/04 9:24 a.m.8 views

CVE-2025-27023

Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of...

6.5CVSS6.5AI score0.00451EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/04 12:0 a.m.7 views

The vulnerability in the web interface of the Cisco BroadWorks Application Delivery Platform allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability in the web interface of the Cisco BroadWorks Application Delivery Platform is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS5.2AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2025/07/03 8:15 p.m.6 views

CVE-2025-34087

An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain string. These commands are executed on the...

8.8CVSS6.8AI score
Exploits0References5
NVD
NVD
added 2025/07/03 8:15 p.m.7 views

CVE-2025-34087

An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain string. These commands are executed on the...

9CVSS0.04967EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/07/03 3:23 p.m.14 views

CVE-2025-34050

A cross-site request forgery CSRF vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration...

5.1CVSS7.1AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2025/07/02 8:15 p.m.8 views

CVE-2025-34078

A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file nsclient.ini stores the administrative password in plaintext and is readable by local users. By extracting this password, an attack...

7.8CVSS0.00501EPSS
Exploits2References4
OSV
OSV
added 2025/07/02 8:15 p.m.10 views

CVE-2025-34079

An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface default port 8443, inject arbitrary commands as externa...

7.8CVSS8.3AI score
Exploits0References3
OSV
OSV
added 2025/07/02 8:15 p.m.5 views

CVE-2025-34078

A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file nsclient.ini stores the administrative password in plaintext and is readable by local users. By extracting this password, an attack...

7.8CVSS7.6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/02 7:27 p.m.7 views

CVE-2025-34078 NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface

A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file nsclient.ini stores the administrative password in plaintext and is readable by local users. By extracting this password, an attack...

7.3CVSS8.1AI score0.00501EPSS
Exploits2References4
CVE
CVE
added 2025/07/02 7:27 p.m.67 views

CVE-2025-34078

NSClient++ 0.5.2.35 contains a local privilege-escalation flaw when both web interface and ExternalScripts are enabled. The nsclient.ini file stores the admin password in plaintext and is readable by local users, allowing an attacker to extract the credential, authenticate to the NSClient++ web i...

7.8CVSS7.6AI score0.00501EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2025/07/02 5:15 p.m.5 views

CVE-2025-45424

Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication...

5.3CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2025/07/02 5:15 p.m.11 views

CVE-2025-20307

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

4.8CVSS0.00209EPSS
Exploits0References1
OSV
OSV
added 2025/07/02 5:15 p.m.6 views

CVE-2025-20307

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

4.8CVSS6AI score0.00209EPSS
Exploits0References1
Snyk
Snyk
added 2025/07/02 4:42 p.m.3 views

Missing Authentication for Critical Function

Overview xinference is a Xorbits InferenceXinference is a powerful and versatile library designed to serve language, speech recognition, and multimodal models. With Xorbits Inference, you can effortlessly deploy and serve your or state-of-the-art built-in models using just a single command. Wheth...

7.3CVSS6.9AI score0.00344EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/02 9:7 a.m.7 views

CVE-2025-27023 Improper Input Validation in Infinera G42

Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of...

6.5CVSS0.00451EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/02 9:7 a.m.2 views

CVE-2025-27023 Improper Input Validation in Infinera G42

Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of...

6.5CVSS7AI score0.00451EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/02 12:0 a.m.2 views

Xinference 安全漏洞

Xinference is an application by Endeavor's Xiao Yang Personal Developer. A security vulnerability exists in Xinference versions prior to 1.4.0, which stems from improper access control and could lead to unauthorized access to the Web GUI...

5.3CVSS6.4AI score0.00344EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.7 views

PT-2025-28805 · D Link · D-Link Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 version 2.10 Description: A critical vulnerability exists in the D-Link DIR-825 router. This issue affects the sub 410DDC function within the switch language.cgi file of the httpd component. Manipulation of the Language paramet...

10CVSS9.6AI score0.1598EPSS
Exploits1References17
Rows per page
Query Builder