16831 matches found
ROS-20250616-22
A vulnerability in the Zabbix Universal Monitoring System server is related to excessive data output by an by the application. Exploitation of the vulnerability could allow a remote attacker to gain access to potentially sensitive information. to potentially sensitive information. A vulnerability...
CVE-2025-1349
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
The vulnerability in the web interface of the operating system PAN-OS, which allows a perpetrator to execute arbitrary commands
The vulnerability in the web interface of the operating system PAN-OS is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with root privileges...
The vulnerability in the web interface for managing Tenda FH1202 micro-program software routers allows a hacker to escalate their privileges.
The vulnerability of the web-based management interface for Tenda FH1202 micro-programmed routing software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by sending specially crafted POST requests...
The vulnerability in the web interface for managing Tenda FH1202 micro-program software routers allows a hacker to escalate their privileges.
The vulnerability of the web-based management interface for Tenda FH1202 micro-programmed router software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by sending a specially crafted POST request...
The vulnerability in the web interface of the risk management platforms IBM OpenPages and IBM OpenPages with Watson allows a hacker to execute arbitrary HTML code.
The vulnerability of the web interface of IBM OpenPages and IBM OpenPages with Watson relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code remotely...
The vulnerability in the web interface of the risk management platforms IBM OpenPages and IBM OpenPages with Watson allows attackers to carry out XXE attacks.
The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...
The vulnerability of the web interface of IBM OpenPages and IBM OpenPages with Watson allows a hacker to inject any command they desire.
The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to improper processing of output data for registration logs. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability in the web interface of the “Termide Virtual Desktops Connection Manager” software allows a attacker to perform XSS attacks.
The vulnerability of the software interface “Termide Virtual Desktops Connection Manager” is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
CVE-2025-4231
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access...
CVE-2025-41661
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery CSRF protection...
CVE-2025-4231
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a attacker to execute XSS attacks.
The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform is related to deficiencies in the security measures used to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
CVE-2025-4231
Palo Alto Networks PAN-OS is affected by CVE-2025-4231: an authenticated administrative user can execute commands as root via the management Web interface. Exploitation requires network access to the PAN-OS management UI and successful authentication. Cloud NGFW and Prisma Access are not impacted...
CVE-2025-4231 PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access...
CVE-2025-5485
User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through enumerating random digit sequenc...
Palo Alto Networks PAN-OS 10.2.x < 10.2.8 / 11.0.x < 11.0.3 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.8 or 11.0.x prior to 11.0.3. It is, therefore, affected by a vulnerability. A command injection vulnerability in Palo Alto Networks PAN-OS enables an authenticated administrative user to perform actions as...
CVE-2025-30184
CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path...
CVE-2025-5871
A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclos...
CVE-2025-41661
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery CSRF protection...