CVE-2023-29119

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php...

CVE-2023-29118

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php...

EUVD-2023-32723

Malicious code in bioql PyPI...

EUVD-2023-32721

Malicious code in bioql PyPI...

EUVD-2023-32722

Malicious code in bioql PyPI...

CVE-2025-11146

Reflected Cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts XSS in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”...

CVE-2023-29126

The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication...

CVE-2023-29120

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system...

CVE-2023-29118 Unauthorized SQLite Injection in Enel X Juicebox

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php...

CVE-2023-29118 Unauthorized SQLite Injection in Enel X Juicebox

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php...

CVE-2023-29116 PHP Information Disclosure in Enel X JuiceBox

Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained...

PT-2024-12196 · Enel X · Waybox Enel X

Name of the Vulnerable Software and Affected Versions: Waybox Enel X versions prior to the latest version Description: Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be...

CVE-2022-23475

CVE-2022-23475 affects daloRADIUS (versions 1.3 and prior). The issue is a combined XSS and CSRF vulnerability in the mng-del.php flow caused by an unescaped variable reflected in the DOM (line 116), enabling account takeover. The vulnerability has been addressed in commit ec3b4a419e; mitigation ...

CVE-2020-6627

The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...

Command injection

The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...

CVE-2020-6627

The CVE-2020-6627 issue affects Seagate Central NAS devices STCG2000300, STCG3000300, and STCG4000300 where the web-management application is vulnerable to OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php when in the "start" state and a check_device_n...

EUVD-2020-27775

The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...

Multiple NetGear ProSafe Switches Information Disclosure Vulnerability

Multiple NetGear ProSafe switches are prone to an information- disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...