Lucene search
K

420 matches found

NVD
NVD
added 2026/02/18 10:16 p.m.11 views

CVE-2026-2670

A vulnerability was identified in Advantech WISE-6610 1.2.120251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpnapply of the component Background Management. Such manipulation of the argument deletefile leads to os command injection. The attack can be executed remotely...

8.6CVSS0.17217EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/02/18 9:2 p.m.25 views

CVE-2026-2670 Advantech WISE-6610 Background Management openvpn_apply os command injection

A vulnerability was identified in Advantech WISE-6610 1.2.120251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpnapply of the component Background Management. Such manipulation of the argument deletefile leads to os command injection. The attack can be executed remotely...

8.6CVSS0.17217EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/02/18 9:2 p.m.5 views

CVE-2026-2670 Advantech WISE-6610 Background Management openvpn_apply os command injection

A vulnerability was identified in Advantech WISE-6610 1.2.120251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpnapply of the component Background Management. Such manipulation of the argument deletefile leads to os command injection. The attack can be executed remotely...

8.6CVSS6.8AI score0.17217EPSS
Exploits2References5
CVE
CVE
added 2026/02/18 9:2 p.m.29 views

CVE-2026-2670

Affected product/versions: Advantech WISE-6610 (1.2.1_20251110). Vulnerable component/file: /cgi-bin/luci/admin/openvpn_apply in the Background Management module. Root cause / condition: Manipulation of the argument delete_file enables an OS command injection. Impact: Remote execution possible wi...

8.6CVSS6.9AI score0.17217EPSS
Exploits2References5
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.7 views

Advantech WISE-6610 操作系统命令注入漏洞

Advantech WISE-6610 is a core gateway device from Advantech, Taiwan, China. The Advantech WISE-6610 suffers from an operating system command injection vulnerability that originates from a misuse of the parameter deletefile in the file /cgi-bin/luci/admin/openvpnapply, which can be exploited by an...

8.6CVSS7.3AI score0.17217EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20509

Name of the Vulnerable Software and Affected Versions Advantech WISE-6610 version 1.2.1 20251110 Description A flaw exists in Advantech WISE-6610 that allows remote execution of operating system commands. This is due to improper handling of the delete file argument within an unknown function of t...

8.6CVSS7.2AI score0.17217EPSS
Exploits2References8
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.8 views

CVE-2025-14609

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

5.3CVSS5.5AI score0.00314EPSS
Exploits0References1
NVD
NVD
added 2026/01/24 8:16 a.m.5 views

CVE-2025-14609

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

5.3CVSS0.00314EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.34 views

CVE-2025-14609 Wise Analytics <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

5.3CVSS0.00314EPSS
Exploits0References4
CVE
CVE
added 2026/01/24 7:26 a.m.19 views

CVE-2025-14609

Consolidated: CVE-2025-14609 affects the Wise Analytics WordPress plugin (versions

5.3CVSS5.5AI score0.00314EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/24 1:21 a.m.8 views

WordPress Wise Analytics plugin <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter vulnerability discovered by Lior Yeshayahu in WordPress Plugin Wise Analytics versions = 1.1.9...

5.3CVSS5.5AI score0.00314EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.8 views

WordPress plugin Wise Analytics has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00314EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.7 views

PT-2026-4568

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

5.3CVSS5.5AI score0.00314EPSS
Exploits0References4
NVD
NVD
added 2026/01/16 12:16 a.m.4 views

CVE-2021-47804

Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service...

8.5CVSS0.00154EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.7 views

Wise Care 365 code-related vulnerabilities

Wise Care 365 is a software developed by the Chinese company Wise Care, designed for use with Windows systems to clean registry entries and junk files. Version 5.6.7.568 of Wise Care 365 contains a code vulnerability. This vulnerability stems from the WiseBootAssistant service having a service pa...

8.5CVSS5.9AI score0.00154EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/15 11:25 p.m.2 views

CVE-2021-47804 Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path

Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service...

8.5CVSS6.7AI score0.00154EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/15 11:25 p.m.2 views

CVE-2021-47804

Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service...

8.5CVSS5.5AI score0.00154EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/15 11:25 p.m.26 views

CVE-2021-47804 Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path

Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service...

8.5CVSS0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/01/15 11:25 p.m.12 views

CVE-2021-47804

CVE-2021-47804 concerns Wise Care 365 5.6.7.568, where the WiseBootAssistant service runs as LocalSystem and has an unquoted service path vulnerability. An attacker can insert a malicious executable into the service path, which will execute with elevated system privileges when the service restart...

8.5CVSS6.7AI score0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.4 views

PT-2026-3174

Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious executable in the service path, which will execute with elevated system privileges when the service...

8.5CVSS7.1AI score0.00154EPSS
Exploits0References4
Rows per page
Query Builder