Lucene search
K

16831 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:18 p.m.16 views

CVE-2025-4008

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

8.7CVSS7.8AI score0.94376EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:12 p.m.11 views

CVE-2025-48414

There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack surface...

6.5CVSS7AI score0.00303EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:12 p.m.15 views

CVE-2025-48417

The certificate and private key used for providing transport layer security for connections to the web interface TCP port 443 is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin...

6.5CVSS7.1AI score0.00188EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:43 a.m.8 views

CVE-2025-23055

A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the...

5.5CVSS5.6AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:46 a.m.7 views

CVE-2024-20462

A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML conte...

5.5CVSS6.5AI score0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:33 a.m.4 views

CVE-2024-45103

A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges...

4.3CVSS6.7AI score0.00344EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.16 views

CVE-2024-24972

Buffer Copy without Checking Size of Input CWE-120 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnostic web page is not enabled default is off...

6.5CVSS6.7AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.3 views

CVE-2024-45172

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery CSRF attacks. The C-MOR web interface offers no protection against cross-site request forgery CSRF attacks...

6.8CVSS7AI score0.0037EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:21 a.m.8 views

CVE-2024-7470

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpnconfigmod of the file /vpn/vpntemplatestyle.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os...

9.8CVSS7.4AI score0.24873EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:15 a.m.4 views

CVE-2024-3873

A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has been classified as problematic. This affects an unknown part of the component Web Interface. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to t...

5CVSS6.8AI score0.00317EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:56 a.m.7 views

CVE-2024-20336

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...

6.5CVSS8.2AI score0.00793EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:52 a.m.6 views

CVE-2024-6329

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...

7.5CVSS6.4AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:51 a.m.9 views

CVE-2024-7468

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been classified as critical. This affects the function sslvpnconfigmod of the file /vpn/listservicemanage.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os...

9.8CVSS9.8AI score0.24873EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:50 a.m.10 views

CVE-2024-7469

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpnconfigmod of the file /vpn/listvpnwebcustom.php of the component Web Interface. The manipulation of the argument template/stylenum lea...

9.8CVSS9.8AI score0.24873EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.8 views

CVE-2024-7467

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpnconfigmod of the file /vpn/listipnetwork.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os...

9.8CVSS9.8AI score0.23402EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:40 a.m.5 views

CVE-2024-1431

A vulnerability was found in Netgear R7000 1.0.11.13610.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed ...

6.5CVSS4.5AI score0.00525EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:37 a.m.7 views

CVE-2024-24301

Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges...

8.8CVSS7.5AI score0.02098EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:36 a.m.4 views

CVE-2024-20287

A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point AP with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validatio...

7.2CVSS8.2AI score0.01358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:36 a.m.8 views

CVE-2024-20305

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly valida...

4.8CVSS6AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:32 a.m.9 views

CVE-2024-0921

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command...

9.8CVSS9.9AI score0.37598EPSS
Exploits1References1
Rows per page
Query Builder