Lucene search
K

16831 matches found

Redos
Redos
added 2025/06/19 12:0 a.m.9 views

ROS-20250616-22

A vulnerability in the Zabbix Universal Monitoring System server is related to excessive data output by an by the application. Exploitation of the vulnerability could allow a remote attacker to gain access to potentially sensitive information. to potentially sensitive information. A vulnerability...

7.5CVSS5.1AI score0.00334EPSS
Exploits0
OSV
OSV
added 2025/06/18 5:15 p.m.5 views

CVE-2025-1349

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

4.8CVSS5.5AI score0.00175EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/06/18 12:0 a.m.6 views

The vulnerability in the web interface of the operating system PAN-OS, which allows a perpetrator to execute arbitrary commands

The vulnerability in the web interface of the operating system PAN-OS is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with root privileges...

9.1CVSS5.9AI score0.01024EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/17 12:0 a.m.3 views

The vulnerability in the web interface for managing Tenda FH1202 micro-program software routers allows a hacker to escalate their privileges.

The vulnerability of the web-based management interface for Tenda FH1202 micro-programmed routing software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by sending specially crafted POST requests...

5.3CVSS6AI score0.0069EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2025/06/17 12:0 a.m.5 views

The vulnerability in the web interface for managing Tenda FH1202 micro-program software routers allows a hacker to escalate their privileges.

The vulnerability of the web-based management interface for Tenda FH1202 micro-programmed router software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by sending a specially crafted POST request...

5.3CVSS6AI score0.00556EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2025/06/17 12:0 a.m.4 views

The vulnerability in the web interface of the risk management platforms IBM OpenPages and IBM OpenPages with Watson allows a hacker to execute arbitrary HTML code.

The vulnerability of the web interface of IBM OpenPages and IBM OpenPages with Watson relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code remotely...

5.5CVSS5.8AI score0.00245EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/06/17 12:0 a.m.5 views

The vulnerability in the web interface of the risk management platforms IBM OpenPages and IBM OpenPages with Watson allows attackers to carry out XXE attacks.

The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

7.5CVSS5.5AI score0.00422EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/06/17 12:0 a.m.3 views

The vulnerability of the web interface of IBM OpenPages and IBM OpenPages with Watson allows a hacker to inject any command they desire.

The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to improper processing of output data for registration logs. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/06/16 12:0 a.m.17 views

The vulnerability in the web interface of the “Termide Virtual Desktops Connection Manager” software allows a attacker to perform XSS attacks.

The vulnerability of the software interface “Termide Virtual Desktops Connection Manager” is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

5.2CVSS5.4AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/15 12:21 a.m.8 views

CVE-2025-4231

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access...

8.6CVSS6.8AI score0.01024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/13 8:13 a.m.4 views

CVE-2025-41661

An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery CSRF protection...

8.8CVSS7.7AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2025/06/13 12:15 a.m.5 views

CVE-2025-4231

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access...

7.2CVSS5.8AI score0.01024EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/06/13 12:0 a.m.5 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a attacker to execute XSS attacks.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform is related to deficiencies in the security measures used to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

5.5CVSS5.4AI score0.00222EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/06/12 11:27 p.m.114 views

CVE-2025-4231

Palo Alto Networks PAN-OS is affected by CVE-2025-4231: an authenticated administrative user can execute commands as root via the management Web interface. Exploitation requires network access to the PAN-OS management UI and successful authentication. Cloud NGFW and Prisma Access are not impacted...

8.6CVSS6.9AI score0.01024EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/12 11:27 p.m.10 views

CVE-2025-4231 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface

A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access...

8.6CVSS7.5AI score0.01024EPSS
Exploits0References1
NVD
NVD
added 2025/06/12 8:15 p.m.9 views

CVE-2025-5485

User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through enumerating random digit sequenc...

8.8CVSS0.00393EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.5 views

Palo Alto Networks PAN-OS 10.2.x < 10.2.8 / 11.0.x < 11.0.3 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.8 or 11.0.x prior to 11.0.3. It is, therefore, affected by a vulnerability. A command injection vulnerability in Palo Alto Networks PAN-OS enables an authenticated administrative user to perform actions as...

8.6CVSS5.8AI score0.01024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/11 10:6 p.m.4 views

CVE-2025-30184

CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path...

9.8CVSS9.5AI score0.00467EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/11 10:21 a.m.4 views

CVE-2025-5871

A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclos...

6.9CVSS5.2AI score0.00414EPSS
Exploits0References1
NVD
NVD
added 2025/06/11 9:15 a.m.11 views

CVE-2025-41661

An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery CSRF protection...

8.8CVSS0.00256EPSS
Exploits0References1
Rows per page
Query Builder