TP-Link WA850RE 安全漏洞

TP-Link WA850RE is a wireless signal extender from China P&L TP-Link. A security vulnerability exists in the TP-Link WA850RE V2160527 and prior versions, which stems from improper authentication of the httpd module and could result in the downloading of configuration files...

PT-2025-47026

Name of the Vulnerable Software and Affected Versions General Industrial Controls Lynx+ Gateway affected versions not specified Description The embedded web server lacks critical authentication, potentially allowing a remote attacker to reset the device. This could lead to a complete remote...

EUVD-2002-0621

Malware in sbrugna...

EUVD-2012-6293

Malware in sbrugna...

EUVD-2024-42717

Malicious code in bioql PyPI...

EUVD-2023-31483

Malicious code in bioql PyPI...

CVE-2025-57808 ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correc...

ESPHome 安全漏洞

ESPHome is an ESPHome open source system for configuring and managing smart hardware. It is used to control Esp8266/Esp32 hardware for home automation control. A security vulnerability exists in ESPHome version 2025.8.0, which stems from improper webserver authentication checking and could lead t...

CVE-2020-9352

An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the transaction parameter. NOTE: the documentation states "These tools are, by...

CVE-2012-6440

The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell...

CVE-2024-11022

The CVE-2024-11022 entry relates to SICK InspectorP61x/InspectorP62x (and potentially related TiM3xx) where the web server authentication uses a challenge–response that includes nonce and other data, allowing replay of login attempts. Connected documents from SICK PSIRT and CVE records confirm a ...

CVE-2023-29447

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

OPTO 22 SNAP PAC S1 安全漏洞

The OPTO 22 SNAP PAC S1 is a controller from OPTO 22 USA. A security vulnerability exists in the OPTO 22 SNAP PAC S1 R10.3b firmware version that stems from an improperly restricted built-in web server authentication attempt that does not mandate a complex password, which could lead to brute forc...

CVE-2023-27747

BlackVue DR750-2CH LTE v.1.0122022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings...

Netgear ProSAFE FS726TP 安全漏洞

The NETGEAR ProSAFE FS726TP is a smart switch. A security vulnerability exists in the NETGEAR ProSAFE FS726TP that originates when an unspecified endpoint in the switch's web server fails to properly authenticate a user's identity, allowing configuration pages with passwords to be downloaded to t...

PT-2023-19644 · Switch · Switch

Name of the Vulnerable Software and Affected Versions: Switch affected versions not specified Description: The issue concerns an unspecified endpoint in the switch's web server that fails to properly authenticate user identity. This may allow an attacker to download a configuration page containin...

PT-2020-6288 · NetGear · Netgear Dgn2200V1

Name of the Vulnerable Software and Affected Versions: NETGEAR DGN2200v1 devices version 1.0.0.59 and earlier Description: The issue is related to the mishandling of HTTPd authentication in the NETGEAR DGN2200v1 devices, which can be exploited by a remote attacker to execute arbitrary code. This ...

Directory traversal

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML...

CVE-2018-0251

A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of that portal on an...

Cisco ASA Cross-Site Scripting Vulnerability

Cisco 3000 Series Industrial Security Appliances etc. are different series of security appliances from Cisco.Adaptive Security Appliance ASA Software is one of the operating systems.Clientless Secure Sockets Layer SSL VPN is one of the SSL Secure Sockets Layer VPN applications. A cross-site...