Lucene search
K

16831 matches found

Vulnrichment
Vulnrichment
added 2025/06/24 8:10 p.m.3 views

CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface

Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...

10CVSS8AI score0.00619EPSS
Exploits0References2
OSV
OSV
added 2025/06/24 8:10 p.m.4 views

CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface

Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...

10CVSS7.7AI score0.00619EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/24 8:10 p.m.10 views

CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface

Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...

10CVSS0.00619EPSS
Exploits0References2
OSV
OSV
added 2025/06/24 12:15 p.m.1 views

CVE-2025-39204

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user...

8.5CVSS5.8AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2025/06/24 12:15 p.m.22 views

CVE-2025-39204

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user...

8.5CVSS0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/24 12:1 p.m.7 views

CVE-2025-39204

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user...

8.5CVSS0.00311EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/24 12:1 p.m.6 views

CVE-2025-39204

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user...

8.5CVSS6.7AI score0.00311EPSS
Exploits0References1
CVE
CVE
added 2025/06/24 12:1 p.m.20 views

CVE-2025-39204

The CVE-2025-39204 entry affects Hitachi MicroSCADA X SYS600, specifically a vulnerability in the Web interface where a malformed filtering query can leak file content via the Web UI. Affected component: the Web interface filtering logic; root cause: malformed queries exposing data. Impact: infor...

8.5CVSS6.7AI score0.00311EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/24 12:59 a.m.7 views

CVE-2025-34033 5VTechnologies Blue Angel Software Suite OS Command Injection

An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the pingaddr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can...

7.7CVSS7.4AI score0.03916EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.4 views

Hitachi MicroSCADA X SYS600 安全漏洞

Hitachi MicroSCADA X SYS600 is a Hitachi MicroSCADA X SYS600 data acquisition and monitoring control system mainly used in power systems. A security vulnerability exists in the Hitachi MicroSCADA X SYS600, which is caused by an improperly filtered web interface query that results in information...

8.5CVSS6.4AI score0.00311EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.1 views

Hikka 授权问题漏洞

Hikka is a developer-oriented Telegram user bot by Daniil Gazizullin Personal Developer. Hikka suffers from an authorization issue vulnerability that stems from an unauthenticated session or insufficient authentication message warning in the web interface, which could lead to remote code executio...

10CVSS8AI score0.00619EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.8 views

PT-2025-26719 · Unknown · Microscada X Sys600

Name of the Vulnerable Software and Affected Versions: MicroSCADA X SYS600 affected versions not specified Description: A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product, where the filtering query can be malformed, leading to unauthorized information leakage to the...

8.5CVSS6AI score0.00311EPSS
Exploits0References9
Packet Storm News
Packet Storm News
added 2025/06/24 12:0 a.m.2 views

Quest KACE Systems Management Appliance 14.1 Unauthenticated License Replacement

Seralys Security Advisory - Quest KACE SMA allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service. Version 14.1 is confirmed...

7.5CVSS7AI score0.00906EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.7 views

PT-2025-26660 · Unknown · Blue Angel Software Suite

Name of the Vulnerable Software and Affected Versions: Blue Angel Software Suite affected versions not specified Description: An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the ping addr parameter in the webctrl.cgi script. The...

8.8CVSS6.9AI score0.03916EPSS
Exploits1References9
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.5 views

The vulnerability in the web interface of Cisco BroadWorks Application Delivery Platform allows a attacker to execute XSS attacks.

The vulnerability in the web interface of the Cisco BroadWorks Application Delivery Platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS5.4AI score0.00284EPSS
Exploits0References2Affected Software2
VulnCheck KEV
VulnCheck KEV
added 2025/06/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34034

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...

9.3CVSS5.8AI score0.00565EPSS
In wildExploits1References3
Tenable Nessus
Tenable Nessus
added 2025/06/23 12:0 a.m.2 views

Cisco Evolved Programmable Network Manager XSS (CVE-2025-20203)

The version of Cisco Evolved Programmable Network Manager installed on the remote host is affected by a stored cross site scripting XSS vulnerability. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this...

4.8CVSS6.1AI score0.00259EPSS
Exploits0References3
OSV
OSV
added 2025/06/20 7:15 p.m.5 views

CVE-2025-25038

An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to...

9.8CVSS6.2AI score0.05324EPSS
Exploits2References7
VulnCheck KEV
VulnCheck KEV
added 2025/06/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-25038

An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to...

9.8CVSS5.8AI score0.05324EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.3 views

Aquatronica Controller System 安全漏洞

Aquatronica Controller System is a comprehensive electronic control platform for aquarium hobbyists from Aquatronica, Italy. A security vulnerability exists in the Aquatronica Controller System that originates from unrestricted unauthenticated access to the tcp.php endpoint, which could lead to...

9.3CVSS6.2AI score0.01443EPSS
Exploits1References5
Rows per page
Query Builder