Lucene search
K

16831 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:49 a.m.11 views

CVE-2024-20471

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

6.5CVSS7.7AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:49 a.m.4 views

CVE-2024-20534

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks against users. This vulnerabilit...

4.8CVSS5.8AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:46 a.m.6 views

CVE-2024-28144

An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user...

5.5CVSS6.9AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.7 views

CVE-2024-28138

An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msgevents.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized...

7.3CVSS7.3AI score0.00883EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.7 views

CVE-2024-28781

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

5.4CVSS6.1AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:44 a.m.6 views

CVE-2024-45177

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting XSS attacks. It was found out that the camera configuration is vulnerable to a persistent cross-site...

5.4CVSS5.8AI score0.00773EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.8 views

CVE-2024-55515

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /uploadipslib.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded...

9.8CVSS6.9AI score0.00569EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.8 views

CVE-2024-55516

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /uploadsysconfig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissio...

9.1CVSS6.8AI score0.00502EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.5 views

CVE-2024-55514

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /uploadsfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions...

6.3CVSS6.8AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:34 a.m.15 views

CVE-2024-13130

A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to...

5.3CVSS4.7AI score0.00557EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:31 a.m.5 views

CVE-2024-48418

In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands...

8.8CVSS8.8AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:29 a.m.5 views

CVE-2024-57514

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

4.8CVSS6.5AI score0.00875EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:9 a.m.6 views

CVE-2024-48419

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access t...

8.8CVSS9.1AI score0.02076EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:56 a.m.4 views

CVE-2024-48197

Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface...

4.7CVSS6.9AI score0.00506EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:51 a.m.6 views

CVE-2024-55544

Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below...

8.7CVSS6.9AI score0.11717EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:36 a.m.7 views

CVE-2024-28808

An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web applications...

2.7CVSS6.4AI score0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:9 a.m.5 views

CVE-2023-25802

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue...

7.5CVSS6.8AI score0.01012EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.5 views

CVE-2023-30467

This vulnerability exists in Milesight 4K/H.265 Series NVR models MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC, due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially...

9.8CVSS6.8AI score0.01078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:1 a.m.2 views

CVE-2023-28520

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454...

6.4CVSS6.2AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:0 a.m.5 views

CVE-2023-28627

pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute...

8.8CVSS7.4AI score0.00815EPSS
Exploits1References1
Rows per page
Query Builder