16831 matches found
Papendorf Software Engineering GmbH Papendorf SOL Connect Center 访问控制错误漏洞
Papendorf Software Engineering GmbH Papendorf SOL Connect Center is a solar photovoltaic management system from Papendorf Software Engineering GmbH, Germany. An access control error vulnerability exists in Papendorf Software Engineering GmbH Papendorf SOL Connect Center version 3.3.0.0, which ste...
CyberData 011209 Intercom 安全漏洞
CyberData 011209 Intercom is an emergency calling device from CyberData, Inc. A security vulnerability exists in CyberData 011209 Intercom that originates from an unauthorized user being able to access the web interface via an alternate path...
PT-2025-24415 · Trendnet · Trendnet Tv-Ip121Wn
Name of the Vulnerable Software and Affected Versions: TRENDnet TV-IP121W version 1.1.1 Build 36 Description: A critical vulnerability has been found in the Web Interface of TRENDnet TV-IP121W, affecting an unknown functionality of the file /admin/setup.cgi. This vulnerability leads to improper...
PT-2025-24570 · Cyberdata · Cyberdata 011209 Intercom
Name of the Vulnerable Software and Affected Versions: CyberData 011209 Intercom affected versions not specified Description: The issue allows an unauthenticated user to access the Web Interface through an alternate path. Recommendations: At the moment, there is no information about a newer versi...
The vulnerability in the web interface for controlling microprogrammed IP phones of the Cisco Small Business SPA500 series allows attackers to perform cross-site scripting attacks.
The vulnerability in the web interface for managing microprogrammed IP phones of the Cisco Small Business SPA500 series is related to the lack of measures taken to neutralize HTML tags. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
CVE-2025-20129
A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform CCP, formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent...
The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to execute arbitrary code.
The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2025-20279
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
CVE-2025-20277
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper...
CVE-2025-20276
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insecure...
CVE-2025-20273
A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. This...
CVE-2025-20276
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insecure...
CVE-2025-20279 Cisco Unifed Contact Center Express Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
CVE-2025-20129 Cisco Customer Collaboration Platform Information Disclosure Vulnerability
A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform CCP, formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent...
CVE-2025-5113
The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used...
[SECURITY] Fedora 41 Update: nextcloud-31.0.5-1.fc41
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
The vulnerability of the web interface of the IBM Sterling B2B Integrator software allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.
The vulnerability of the web interface of the IBM Sterling B2B Integrator software solution relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code and gain unauthorized access to protected...
PT-2025-23824 · Cisco · Cisco Unified Ccx
Name of the Vulnerable Software and Affected Versions: Cisco Unified CCX affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The attacker must have valid...
CVE-2025-5113
The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used...
CVE-2025-0325
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device...