16831 matches found
CVE-2025-0325
CVE-2025-0325 affects Axis devices with the Guard Tour VAPIX API. The vulnerability arises from a parameter that allows arbitrary values and can be invoked inappropriately, enabling an attacker to block access to the guard tour configuration page in the Axis device web interface. The primary impa...
CVE-2025-0325
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device...
CVE-2025-4010
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with...
CVE-2025-5113 Authenticated Remote Command Injection in Diviotec NBR IP Cameras
The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used...
CVE-2025-5113
CVE-2025-5113 affects the Diviotec professional series IP cameras with a web interface. The issue is an authenticated remote command-injection vulnerability in one exposed endpoint, combined with hardcoded passwords. CVSS 4.0 base score 8.6 (HIGH) indicates significant impact on confidentiality, ...
CVE-2025-4010 Arbitrary Command Injection in Netcom NTC-6200 & NWL-222
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with...
CVE-2025-4010
CVE-2025-4010 affects Netcomm NTC 6200 and NWL-222 series where the web interface endpoints are vulnerable to arbitrary command injection and rely on insecure hardcoded passwords. The vulnerability enables remote authenticated attackers to gain arbitrary code execution with elevated privileges. T...
CVE-2025-4010 Arbitrary Command Injection in Netcom NTC-6200 & NWL-222
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with...
Diviotec professional series 命令注入漏洞
Diviotec professional series is a series of professional video surveillance products from Diviotec Corporation, USA. A security vulnerability exists in Diviotec professional series, which is caused by arbitrary command injection and hard-coded passwords in the exposed web interface...
PT-2025-23474 · Diviotec · Diviotec Professional Series
Name of the Vulnerable Software and Affected Versions: The Diviotec professional series affected versions not specified Description: The issue concerns the exposure of a web interface in the Diviotec professional series, where one endpoint is vulnerable to arbitrary command injection. Additionall...
PT-2025-23477 · Axis · Axis Device
Name of the Vulnerable Software and Affected Versions: Axis device affected versions not specified Description: A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web...
PT-2025-23473 · Netcomm · Netcom Ntc 6200 +1
Name of the Vulnerable Software and Affected Versions: Netcom NTC 6200 and NWL 222 series affected versions not specified Description: The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to...
The vulnerability in the web interface of the software for automating application deployment by IBM UrbanCode Deploy (UCD) allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the software web interface for IBM UrbanCode Deploy UCD automation of application releases is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
Exploit for Incorrect Default Permissions in Jrohy Trojan
Jrohy-trojan-RCE-POC Vulnerability Type: Command Injection R...
The vulnerability in the web interface of the corporate information archiving platform, HashiCorp Vault and Vault Enterprise, allows a attacker to perform XSS attacks.
The vulnerability of the web interface of the corporate information archiving platform, HashiCorp Vault and Vault Enterprise, is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...
Evertz SDVN 3080ipx-10G 安全漏洞
The Evertz SDVN 3080ipx-10G is a high-bandwidth Ethernet switching fabric for video applications from Evertz. A security vulnerability exists in the Evertz SDVN 3080ipx-10G that stems from a command injection and authentication bypass in the web management interface, which could lead to the...
CVE-2025-48827
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...
Mobatime AMX MTAPI 安全漏洞
Mobatime AMX MTAPI is a time recording and access control system from Mobatime, Inc. A security vulnerability exists in Mobatime AMX MTAPI version v6, which stems from a lack of authentication and authorization in the Web-API and could lead to unrestricted access to the network...
Cisco Identity Services Web Interface Cross-Site Scripting Vulnerability
Cisco Identity Services Engine is an identity-centric solution designed to provide comprehensive identity and access management IAM capabilities. A cross-site scripting vulnerability exists in the Cisco Identity Services web interface, which can be exploited by remote attackers to inject maliciou...
CVE-2025-20256
A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating...