16831 matches found
Xinference 安全漏洞
Xinference is an application by Endeavor's Xiao Yang Personal Developer. A security vulnerability exists in Xinference versions prior to 1.4.0, which stems from improper access control and could lead to unauthorized access to the Web GUI...
PT-2025-28805 · D Link · D-Link Dir-825
Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 version 2.10 Description: A critical vulnerability exists in the D-Link DIR-825 router. This issue affects the sub 410DDC function within the switch language.cgi file of the httpd component. Manipulation of the Language paramet...
PT-2025-27669 · Unknown · Nos Client
Name of the Vulnerable Software and Affected Versions: NSClient++ version 0.5.2.35 Description: A local privilege escalation issue exists when both the web interface and ExternalScripts features are enabled. The configuration file nsclient.ini stores the administrative password in plaintext and i...
PT-2025-27654 · Cisco · Cisco Broadworks Application Delivery Platform
Name of the Vulnerable Software and Affected Versions: Cisco BroadWorks Application Delivery Platform affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks agains...
CVE-2025-34050 AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery
A cross-site request forgery CSRF vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration...
CVE-2025-34050
Technical details about affected products/versions and fixes are not publicly available in the provided connected documents. Monitor for updates.
CVE-2025-36056
IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI...
PT-2025-27534 · Avtech · Avtech Dvr +2
Name of the Vulnerable Software and Affected Versions: AVTECH IP camera, DVR, and NVR devices affected versions not specified Description: A cross-site request forgery CSRF issue exists in the web interface of the devices. An attacker can craft malicious requests that, when executed in the contex...
ZigStrike 2.0
ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike includes a...
The vulnerability in the online business analytics web interface of IBM Cognos Analytics allows a perpetrator to execute arbitrary JavaScript code and expose account information.
The vulnerability of the online business analytics web interface of IBM Cognos Analytics relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and disclose user credentials...
The vulnerability of the web interface of the Hitachi Energy MicroSCADA X SYS600 software allows a intruder to gain unauthorized access to protected information.
The vulnerability of the web interface of the Hitachi Energy MicroSCADA X SYS600 system management software relates to the disclosure of information. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
Patient-Record-Management-System-SQL
It is an offensive tool for database exploitation. This reposito...
CVE-2025-6763
A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing...
PT-2025-27143
Name of the Vulnerable Software and Affected Versions: Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 version 1.60 Description: A critical vulnerability was found in the Web-based Management Interface component of the affected systems, specifically affecting...
CVE-2025-52572
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...
CVE-2025-39204
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user...
CVE-2025-34034
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...
CVE-2025-34033
An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the pingaddr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can...
CVE-2025-20264
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms fo...
VulnCheck KEV: CVE-2025-4009
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...