Lucene search
K

16831 matches found

CNNVD
CNNVD
added 2025/07/02 12:0 a.m.2 views

Xinference 安全漏洞

Xinference is an application by Endeavor's Xiao Yang Personal Developer. A security vulnerability exists in Xinference versions prior to 1.4.0, which stems from improper access control and could lead to unauthorized access to the Web GUI...

5.3CVSS6.4AI score0.00344EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.7 views

PT-2025-28805 · D Link · D-Link Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 version 2.10 Description: A critical vulnerability exists in the D-Link DIR-825 router. This issue affects the sub 410DDC function within the switch language.cgi file of the httpd component. Manipulation of the Language paramet...

10CVSS9.6AI score0.1598EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.7 views

PT-2025-27669 · Unknown · Nos Client

Name of the Vulnerable Software and Affected Versions: NSClient++ version 0.5.2.35 Description: A local privilege escalation issue exists when both the web interface and ExternalScripts features are enabled. The configuration file nsclient.ini stores the administrative password in plaintext and i...

7.3CVSS7.4AI score0.00501EPSS
Exploits2References9
Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.7 views

PT-2025-27654 · Cisco · Cisco Broadworks Application Delivery Platform

Name of the Vulnerable Software and Affected Versions: Cisco BroadWorks Application Delivery Platform affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks agains...

5.5CVSS5.5AI score0.00209EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/01 2:42 p.m.4 views

CVE-2025-34050 AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration...

5.1CVSS7.1AI score0.00246EPSS
Exploits0References5
CVE
CVE
added 2025/07/01 2:42 p.m.25 views

CVE-2025-34050

Technical details about affected products/versions and fixes are not publicly available in the provided connected documents. Monitor for updates.

5.1CVSS6.5AI score0.00246EPSS
Exploits0References5
OSV
OSV
added 2025/07/01 1:15 a.m.6 views

CVE-2025-36056

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI...

5.4CVSS5.5AI score0.00167EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/01 12:0 a.m.7 views

PT-2025-27534 · Avtech · Avtech Dvr +2

Name of the Vulnerable Software and Affected Versions: AVTECH IP camera, DVR, and NVR devices affected versions not specified Description: A cross-site request forgery CSRF issue exists in the web interface of the devices. An attacker can craft malicious requests that, when executed in the contex...

5.1CVSS6.2AI score0.00246EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2025/06/30 12:0 a.m.2 views

ZigStrike 2.0

ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike includes a...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/06/30 12:0 a.m.6 views

The vulnerability in the online business analytics web interface of IBM Cognos Analytics allows a perpetrator to execute arbitrary JavaScript code and expose account information.

The vulnerability of the online business analytics web interface of IBM Cognos Analytics relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and disclose user credentials...

5.5CVSS6.7AI score0.00178EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/06/30 12:0 a.m.5 views

The vulnerability of the web interface of the Hitachi Energy MicroSCADA X SYS600 software allows a intruder to gain unauthorized access to protected information.

The vulnerability of the web interface of the Hitachi Energy MicroSCADA X SYS600 system management software relates to the disclosure of information. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

6.8CVSS5.5AI score0.00311EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2025/06/28 2:43 p.m.67 views

Patient-Record-Management-System-SQL

It is an offensive tool for database exploitation. This reposito...

8.1AI score
Exploits0
OSV
OSV
added 2025/06/27 12:15 p.m.5 views

CVE-2025-6763

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing...

9.2CVSS5AI score0.01157EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.4 views

PT-2025-27143

Name of the Vulnerable Software and Affected Versions: Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 version 1.60 Description: A critical vulnerability was found in the Web-based Management Interface component of the affected systems, specifically affecting...

9.2CVSS7.2AI score0.01157EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/06/26 8:18 p.m.14 views

CVE-2025-52572

Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...

10CVSS8.1AI score0.00619EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/26 12:25 p.m.6 views

CVE-2025-39204

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user...

8.5CVSS6.8AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/26 3:12 a.m.9 views

CVE-2025-34034

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...

9.3CVSS6.9AI score0.00565EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/26 3:12 a.m.9 views

CVE-2025-34033

An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the pingaddr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can...

8.8CVSS7.8AI score0.03916EPSS
Exploits1References1
NVD
NVD
added 2025/06/25 4:15 p.m.7 views

CVE-2025-20264

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms fo...

6.4CVSS0.00277EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/25 12:0 a.m.11 views

VulnCheck KEV: CVE-2025-4009

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

9.3CVSS6.1AI score0.74884EPSS
In wildExploits0References148
Rows per page
Query Builder