Lucene search
K

16831 matches found

CVE
CVE
added 2025/06/02 7:36 a.m.48 views

CVE-2025-0325

CVE-2025-0325 affects Axis devices with the Guard Tour VAPIX API. The vulnerability arises from a parameter that allows arbitrary values and can be invoked inappropriately, enabling an attacker to block access to the guard tour configuration page in the Axis device web interface. The primary impa...

4.3CVSS4.7AI score0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/02 7:36 a.m.23 views

CVE-2025-0325

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device...

4.3CVSS0.00322EPSS
Exploits0References1
NVD
NVD
added 2025/06/02 7:15 a.m.9 views

CVE-2025-4010

The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with...

8.6CVSS0.00646EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/02 7:13 a.m.18 views

CVE-2025-5113 Authenticated Remote Command Injection in Diviotec NBR IP Cameras

The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used...

8.6CVSS0.06793EPSS
Exploits0References1
CVE
CVE
added 2025/06/02 7:13 a.m.61 views

CVE-2025-5113

CVE-2025-5113 affects the Diviotec professional series IP cameras with a web interface. The issue is an authenticated remote command-injection vulnerability in one exposed endpoint, combined with hardcoded passwords. CVSS 4.0 base score 8.6 (HIGH) indicates significant impact on confidentiality, ...

8.6CVSS7.2AI score0.06793EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/02 7:0 a.m.6 views

CVE-2025-4010 Arbitrary Command Injection in Netcom NTC-6200 & NWL-222

The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with...

8.6CVSS8.2AI score0.00646EPSS
Exploits0References1
CVE
CVE
added 2025/06/02 7:0 a.m.50 views

CVE-2025-4010

CVE-2025-4010 affects Netcomm NTC 6200 and NWL-222 series where the web interface endpoints are vulnerable to arbitrary command injection and rely on insecure hardcoded passwords. The vulnerability enables remote authenticated attackers to gain arbitrary code execution with elevated privileges. T...

8.6CVSS8.3AI score0.00646EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/02 7:0 a.m.13 views

CVE-2025-4010 Arbitrary Command Injection in Netcom NTC-6200 & NWL-222

The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with...

8.6CVSS0.00646EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/02 12:0 a.m.3 views

Diviotec professional series 命令注入漏洞

Diviotec professional series is a series of professional video surveillance products from Diviotec Corporation, USA. A security vulnerability exists in Diviotec professional series, which is caused by arbitrary command injection and hard-coded passwords in the exposed web interface...

8.6CVSS7.5AI score0.06793EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.4 views

PT-2025-23474 · Diviotec · Diviotec Professional Series

Name of the Vulnerable Software and Affected Versions: The Diviotec professional series affected versions not specified Description: The issue concerns the exposure of a web interface in the Diviotec professional series, where one endpoint is vulnerable to arbitrary command injection. Additionall...

8.6CVSS6.7AI score0.06793EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.6 views

PT-2025-23477 · Axis · Axis Device

Name of the Vulnerable Software and Affected Versions: Axis device affected versions not specified Description: A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web...

4.3CVSS6.2AI score0.00322EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.5 views

PT-2025-23473 · Netcomm · Netcom Ntc 6200 +1

Name of the Vulnerable Software and Affected Versions: Netcom NTC 6200 and NWL 222 series affected versions not specified Description: The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to...

8.6CVSS7.5AI score0.00646EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2025/05/30 12:0 a.m.6 views

The vulnerability in the web interface of the software for automating application deployment by IBM UrbanCode Deploy (UCD) allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the software web interface for IBM UrbanCode Deploy UCD automation of application releases is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

3.1CVSS5.2AI score0.00244EPSS
Exploits0References3Affected Software2
GithubExploit
GithubExploit
added 2025/05/29 6:3 a.m.101 views

Exploit for Incorrect Default Permissions in Jrohy Trojan

Jrohy-trojan-RCE-POC Vulnerability Type: Command Injection R...

9.8CVSS9.3AI score0.01267EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.4 views

The vulnerability in the web interface of the corporate information archiving platform, HashiCorp Vault and Vault Enterprise, allows a attacker to perform XSS attacks.

The vulnerability of the web interface of the corporate information archiving platform, HashiCorp Vault and Vault Enterprise, is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...

5.5CVSS5.7AI score0.00417EPSS
Exploits0References3Affected Software3
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.2 views

Evertz SDVN 3080ipx-10G 安全漏洞

The Evertz SDVN 3080ipx-10G is a high-bandwidth Ethernet switching fabric for video applications from Evertz. A security vulnerability exists in the Evertz SDVN 3080ipx-10G that stems from a command injection and authentication bypass in the web management interface, which could lead to the...

9.3CVSS7.4AI score0.74884EPSS
Exploits0References2
OSV
OSV
added 2025/05/27 4:15 a.m.4 views

CVE-2025-48827

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...

9.8CVSS5.8AI score0.69649EPSS
Exploits4References3
CNNVD
CNNVD
added 2025/05/27 12:0 a.m.4 views

Mobatime AMX MTAPI 安全漏洞

Mobatime AMX MTAPI is a time recording and access control system from Mobatime, Inc. A security vulnerability exists in Mobatime AMX MTAPI version v6, which stems from a lack of authentication and authorization in the Web-API and could lead to unrestricted access to the network...

9.3CVSS9.3AI score0.00445EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/27 12:0 a.m.9 views

Cisco Identity Services Web Interface Cross-Site Scripting Vulnerability

Cisco Identity Services Engine is an identity-centric solution designed to provide comprehensive identity and access management IAM capabilities. A cross-site scripting vulnerability exists in the Cisco Identity Services web interface, which can be exploited by remote attackers to inject maliciou...

4.8CVSS6.2AI score0.00222EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 5:23 p.m.9 views

CVE-2025-20256

A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating...

7.2CVSS7.8AI score0.00498EPSS
Exploits0References1
Rows per page
Query Builder