16831 matches found
CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...
CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...
CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...
CVE-2025-39204
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user...
CVE-2025-39204
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user...
CVE-2025-39204
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user...
CVE-2025-39204
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user...
CVE-2025-39204
The CVE-2025-39204 entry affects Hitachi MicroSCADA X SYS600, specifically a vulnerability in the Web interface where a malformed filtering query can leak file content via the Web UI. Affected component: the Web interface filtering logic; root cause: malformed queries exposing data. Impact: infor...
CVE-2025-34033 5VTechnologies Blue Angel Software Suite OS Command Injection
An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the pingaddr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can...
Hitachi MicroSCADA X SYS600 安全漏洞
Hitachi MicroSCADA X SYS600 is a Hitachi MicroSCADA X SYS600 data acquisition and monitoring control system mainly used in power systems. A security vulnerability exists in the Hitachi MicroSCADA X SYS600, which is caused by an improperly filtered web interface query that results in information...
Hikka 授权问题漏洞
Hikka is a developer-oriented Telegram user bot by Daniil Gazizullin Personal Developer. Hikka suffers from an authorization issue vulnerability that stems from an unauthenticated session or insufficient authentication message warning in the web interface, which could lead to remote code executio...
PT-2025-26719 · Unknown · Microscada X Sys600
Name of the Vulnerable Software and Affected Versions: MicroSCADA X SYS600 affected versions not specified Description: A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product, where the filtering query can be malformed, leading to unauthorized information leakage to the...
Quest KACE Systems Management Appliance 14.1 Unauthenticated License Replacement
Seralys Security Advisory - Quest KACE SMA allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service. Version 14.1 is confirmed...
PT-2025-26660 · Unknown · Blue Angel Software Suite
Name of the Vulnerable Software and Affected Versions: Blue Angel Software Suite affected versions not specified Description: An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the ping addr parameter in the webctrl.cgi script. The...
The vulnerability in the web interface of Cisco BroadWorks Application Delivery Platform allows a attacker to execute XSS attacks.
The vulnerability in the web interface of the Cisco BroadWorks Application Delivery Platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
VulnCheck KEV: CVE-2025-34034
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...
Cisco Evolved Programmable Network Manager XSS (CVE-2025-20203)
The version of Cisco Evolved Programmable Network Manager installed on the remote host is affected by a stored cross site scripting XSS vulnerability. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this...
CVE-2025-25038
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to...
VulnCheck KEV: CVE-2025-25038
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to...
Aquatronica Controller System 安全漏洞
Aquatronica Controller System is a comprehensive electronic control platform for aquarium hobbyists from Aquatronica, Italy. A security vulnerability exists in the Aquatronica Controller System that originates from unrestricted unauthenticated access to the tcp.php endpoint, which could lead to...