Lucene search
+L

896 matches found

NVD
NVD
added 2025/07/09 9:15 a.m.7 views

CVE-2025-3499

The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...

10CVSS0.01028EPSS
Exploits0References1
CVE
CVE
added 2025/07/09 8:57 a.m.31 views

CVE-2025-3499

The CVE-2025-3499 issue affects Radiflow iSAP Smart Collector, where two management-network web servers expose unauthenticated REST APIs on ports 8084 and 8086. The underlying root cause is OS command injection via these APIs, allowing an attacker to submit arbitrary commands that execute with ad...

10CVSS7.3AI score0.01028EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/06/09 12:0 a.m.9 views

The vulnerabilities of web servers OZW672 and OZW772 involve a lack of protection for SQL query structures, allowing attackers to circumvent existing security restrictions.

The vulnerabilities of web servers OZW672 and OZW772 are related to the lack of measures taken to protect the SQL query structure. Exploiting these vulnerabilities allows a malicious actor to bypass existing security restrictions remotely...

10CVSS5.6AI score0.00553EPSS
Exploits0References3Affected Software2
OpenVAS
OpenVAS
added 2025/06/05 12:0 a.m.6 views

Nazgul Nostromo nhttpd < 2.1 Path Traversal Vulnerability

Nazgul Nostromo nhttpd is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS6.9AI score0.03406EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:50 a.m.9 views

CVE-2023-2971

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

6.5CVSS6.8AI score0.00446EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:23 p.m.13 views

CVE-1999-0012

Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names...

7CVSS7.1AI score0.18196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:22 p.m.9 views

CVE-1999-0146

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file...

7.5CVSS8AI score0.15053EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/13 12:0 a.m.3 views

Siemens OZW Web Servers Code Execution and SQL Injection Vulnerability

The OZW device web server is used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning status. A code execution and SQL injection vulnerability exists in the Siemens OZW672 and OZW772 web servers, which can be exploited by an attacker to...

9.8CVSS9AI score0.00553EPSS
Exploits0References1
ICS
ICS
added 2025/05/13 12:0 a.m.15 views

Siemens OZW Web Servers

SUMMARY OZW672 and OZW772 Web Server versions contain vulnerabilities that could allow an attacker to execute arbitrary code on the device with root privileges in versions before V8.0 or to authenticate as Administrator user in versions before V6.0. Siemens has released new versions for the...

8.8AI score
Exploits0References10
OpenVAS
OpenVAS
added 2025/04/29 12:0 a.m.29 views

Apache Tomcat Rewrite Rule Bypass Vulnerability (Apr 2025) - Linux

Apache Tomcat is prone to a rewrite rule bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if...

9.8CVSS7.1AI score0.0418EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2025/04/28 12:0 a.m.8 views

Nazgul Nostromo nhttpd < 1.9.7 Multiple Directory Traversal Vulnerabilities

Nazgul Nostromo nhttpd is prone to multiple directory traversal vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS8.7AI score0.99057EPSS
Exploits25References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 1:36 a.m.47 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to Slowloris HTTP DOS attack (CVE-2022-35639)

Summary IBM Sterling Partner Engagement Manager is vulnerable to Slowloris attack is a type of denial-of-service DoS attack which targets threaded web servers. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-35639 DESCRIPTION: IBM Sterling Partner Engagement Manager do not limi...

7.5CVSS7.5AI score0.0086EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2025/02/07 12:0 a.m.17 views

Allowed HTTP Methods Enumeration

Enumerates which HTTP methods are allowed. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2025/02/06 12:0 a.m.48 views

Nginx 1.11.4 - 1.27.3 TLS Session Resumption Vulnerability

Nginx is prone to a TLS session resumption vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx";...

5.3CVSS5.7AI score0.02646EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.11 views

The vulnerabilities of web servers OZW672 and OZW772, related to the protection of user accounts, allow attackers to carry out attacks using cross-site scripting (XSS).

The vulnerabilities of web servers OZW672 and OZW772 are related to the lack of measures taken to protect the structure of web pages. Exploiting these vulnerabilities allows attackers who operate remotely to carry out attacks using cross-site scripting XSS with arbitrary JavaScript code...

6.8CVSS7.4AI score0.00289EPSS
Exploits0References3Affected Software2
OpenVAS
OpenVAS
added 2024/11/20 12:0 a.m.9 views

aiohttp 3.10.6 < 3.10.11 Memory Leak Vulnerability - Windows

aiohttp is prone to a memory leak vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aio-libsproject:aiohttp";...

8.7CVSS7.5AI score0.00563EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/11/19 12:0 a.m.26 views

Apache Tomcat XSS Vulnerability (Nov 2024) - Windows

Apache Tomcat is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat...

6.1CVSS6AI score0.01676EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/11/15 12:0 a.m.9 views

The vulnerability of Siemens SCALANCE and RUGGEDCOM industrial router web servers allows attackers to enhance their privileges.

The vulnerability of Siemens SCALANCE and RUGGEDCOM industrial router web servers lies in the inadequate isolation between user sessions. Exploiting this vulnerability can allow attackers to enhance their privileges...

9CVSS5.5AI score0.00417EPSS
Exploits0References3Affected Software15
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.6 views

Siemens OZW672和OZW772 跨站脚本漏洞

OZW devices web servers are used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning. A cross-site scripting vulnerability exists in Siemens OZW devices web servers, which can be exploited by an attacker to inject arbitrary JavaScript code...

8.2CVSS6.3AI score0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/24 9:39 p.m.16 views

CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled

Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a DELETE request with their current password in a query parameter will be sent. While query parameters are encrypted when using TLS, many webservers including ones...

4.6CVSS7AI score0.0014EPSS
Exploits0References3
Rows per page
Query Builder