Lucene search
K

5312 matches found

OSV
OSV
added 2026/02/19 3:39 p.m.7 views

CVE-2026-25739 Indico affected by Cross-Site-Scripting via material uploads

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a patch. To apply the...

5.4CVSS5.2AI score0.00161EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/31 9:14 p.m.6 views

CVE-2026-1687

A weakness has been identified in Tenda HG10 USHG7HG9HG10re300001138enxpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...

7.5CVSS6.9AI score0.026EPSS
Exploits1References1
NVD
NVD
added 2026/01/30 4:16 p.m.13 views

CVE-2026-1687

A weakness has been identified in Tenda HG10 USHG7HG9HG10re300001138enxpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...

7.5CVSS0.026EPSS
Exploits1References6
EUVD
EUVD
added 2026/01/30 4:2 p.m.10 views

EUVD-2026-5022

A weakness has been identified in Tenda HG10 USHG7HG9HG10re300001138enxpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...

7.5CVSS5.7AI score0.026EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/01/30 4:2 p.m.5 views

CVE-2026-1687

A weakness has been identified in Tenda HG10 USHG7HG9HG10re300001138enxpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...

7.5CVSS5.7AI score0.026EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/30 4:2 p.m.5 views

CVE-2026-1687 Tenda HG10 Boa Webserver formSamba command injection

A weakness has been identified in Tenda HG10 USHG7HG9HG10re300001138enxpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...

7.5CVSS7AI score0.026EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/30 4:2 p.m.38 views

CVE-2026-1687 Tenda HG10 Boa Webserver formSamba command injection

A weakness has been identified in Tenda HG10 USHG7HG9HG10re300001138enxpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...

7.5CVSS0.026EPSS
Exploits1References6
CVE
CVE
added 2026/01/30 4:2 p.m.19 views

CVE-2026-1687

CVE-2026-1687 concerns Tenda HG10 devices with Boa Webserver, where an issue in the /boaform/formSamba handler allows remote command injection by manipulating the serverString argument. The vulnerability affects the Boa Webserver component and could enable an attacker to execute arbitrary command...

7.5CVSS5.7AI score0.026EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.7 views

Tenda HG10 command injection vulnerability

The Tenda HG10 is a fiber-optic router produced by the Chinese company Tenda. The Tenda HG10 USHG7HG9HG10re300001138enxpon has a command injection vulnerability. This vulnerability arises from an unknown function in the Boa Webserver component, which manipulates the parameter “serverString” in th...

7.5CVSS7.2AI score0.026EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.15 views

PT-2026-5423

A weakness has been identified in Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...

7.5CVSS6.9AI score0.026EPSS
Exploits1References7
Packet Storm
Packet Storm
added 2026/01/29 12:0 a.m.221 views

📄 FreePBX Endpoint SQL Injection / Remote Code Execution

FreePBX is an open-source IP PBX management tool that provides a modern phone system for businesses that use VoIP to make and receive phone calls. Versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039, while versions before 16.0.92 and 17.0.6 are vulnerable to CVE-2025-61675. The...

9.8CVSS6.5AI score0.3896EPSS
Exploits8
Packet Storm
Packet Storm
added 2026/01/28 12:0 a.m.163 views

📄 FreePBX Firmware Shell Upload

FreePBX versions prior to 16.0.44,16.0.92 and 17.0.6,17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61678, in the context of this Metasploit module. The versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039, while versions before 16.0.92 and 17.0....

9.8CVSS6.5AI score0.50159EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2026/01/27 9:23 p.m.8 views

CVE-2025-57784

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

4CVSS5.8AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/27 9:23 p.m.6 views

CVE-2025-57783

Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver...

5.3CVSS5.8AI score0.00449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/27 9:23 p.m.10 views

CVE-2025-57785

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

6.5CVSS6AI score0.00344EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 6:16 p.m.4 views

CVE-2025-57785

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

6.5CVSS6AI score0.00344EPSS
Exploits0References1
NVD
NVD
added 2026/01/26 6:16 p.m.6 views

CVE-2025-57785

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

6.5CVSS0.00344EPSS
Exploits0References1
NVD
NVD
added 2026/01/26 6:16 p.m.6 views

CVE-2025-57783

Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver...

5.3CVSS0.00449EPSS
Exploits0References1
NVD
NVD
added 2026/01/26 6:16 p.m.5 views

CVE-2025-57784

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

4CVSS0.00148EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 5:47 p.m.7 views

CVE-2025-57784 Tomahawk authentication timing attack due to usage of 'strcmp'

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

4CVSS6.1AI score0.00148EPSS
Exploits0References3
Rows per page
Query Builder