Lucene search
K

1453 matches found

Vulnrichment
Vulnrichment
added 2026/01/13 12:0 a.m.3 views

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

6.6AI score0.0071EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/01/13 12:0 a.m.22 views

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

0.0071EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.6 views

PT-2026-2449

Name of the Vulnerable Software and Affected Versions Eptura Archibus version 2024.03.01.109 Description The “Run script” and “Server File” components within the “Database Update Wizard” are susceptible to directory traversal. This allows unauthorized access to files and directories...

6.5AI score0.0071EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.3 views

PT-2026-2398

Name of the Vulnerable Software and Affected Versions Audio Conversion Wizard version 2.01 Description Audio Conversion Wizard version 2.01 contains a buffer overflow issue. An attacker can execute arbitrary code by providing a specially crafted registration code that overwrites memory. This can...

9.8CVSS8.4AI score0.00792EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.7 views

Eptura Archibus 安全漏洞

Eptura Archibus is an all-in-one workspace management system platform from Eptura Corporation, USA. A security vulnerability exists in Eptura Archibus version 2024.03.01.109, which stems from a directory traversal in the Run script and Server File components of the Database Update Wizard...

7.5CVSS5.8AI score0.0071EPSS
Exploits2References3
CNVD
CNVD
added 2026/01/12 12:0 a.m.5 views

TRENDnet TEW-800MB Command Injection Vulnerability

The TRENDnet TEW-800MB is a dual-band wireless router from TRENDnet. The TRENDnet TEW-800MB suffers from a command injection vulnerability that originates from a misbehavior of the parameter WizardConfigured in the file /goform/wizardset, which can be exploited by an attacker to execute arbitrary...

9CVSS7.4AI score0.09753EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.6 views

CVE-2021-28160

Wireless-N WiFi Repeater REV 1.0 28.08.06.1 suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page "Repeater Wizard" homepage section...

6.1CVSS6.3AI score0.00818EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:16 a.m.9 views

CVE-2019-2113

In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122597079...

5.5CVSS6.9AI score0.00134EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:16 a.m.7 views

CVE-2019-2599

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products subcomponent: Pagelet Wizard. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

6.5CVSS6.1AI score0.01348EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/01/09 12:0 a.m.164 views

📄 Eptura Archibus Directory Traversal

In Eptura Archibus versions before version 2025.01, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. Title: Eptura Archibus Directory Traversal Description: In Eptura Archibus versions before v2025.01, the "Run script" and "Serve...

7.5CVSS7AI score0.0071EPSS
Exploits2
CVE
CVE
added 2026/01/08 4:21 p.m.15 views

CVE-2026-0671

The CVE-2026-0671 affects the MediaWiki UploadWizard extension, specifically versions 1.39–1.45. The root cause is improper input neutralization during web page generation, enabling Cross-Site Scripting (XSS). Impact is potential exploitation of XSS in web pages viewed by other users. Remediation...

6.1CVSS5.5AI score0.00202EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/06 3:52 p.m.2 views

CVE-2020-36910 Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizardsystem.cgi pages. Attackers can exploit the 'NTPServerIP' parameter with default credentials to execute arbitrary shell commands as root...

8.8CVSS7.9AI score0.01277EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/12/29 12:57 p.m.5 views

CVE-2025-15136

A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function dosetWizardasp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely...

9CVSS6.8AI score0.09753EPSS
Exploits1References1
CVE
CVE
added 2025/12/28 12:32 p.m.19 views

CVE-2025-15136

TRENDnet TEW-800MB (firmware 1.0.1.0) contains a command injection flaw in the Management Interface. The affected function is do_setWizard_asp in /goform/wizardset, where manipulating the WizardConfigured argument can trigger arbitrary command execution. The issue is exploitable remotely over the...

9CVSS6.6AI score0.09753EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/18 7:44 p.m.6 views

CVE-2025-62521

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS8.3AI score0.04151EPSS
Exploits3References1
CVE
CVE
added 2025/12/18 3:10 p.m.10 views

CVE-2025-65010

CVE-2025-65010 (WODESYS WD-R608U router / WDR122B V2.0 / WDR28) is documented with concrete details: multiple Red Hat and NVD entries describe vulnerabilities tied to the WD-R608U platform. Affected issues include Broken Access Control in the initial configuration wizard.cgi endpoint, where an at...

7.1CVSS6.8AI score0.00165EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/18 3:10 p.m.23 views

CVE-2025-65010 Missing authorizations for admin panel password change in WODESYS WD-R608U router

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

7.1CVSS0.00165EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/18 3:10 p.m.2 views

CVE-2025-65010 Missing authorizations for admin panel password change in WODESYS WD-R608U router

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

7.1CVSS6.8AI score0.00165EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52249

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

8.7CVSS7.1AI score0.00262EPSS
Exploits0References4
NVD
NVD
added 2025/12/17 7:16 p.m.7 views

CVE-2025-62521

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS0.04151EPSS
Exploits3References1
Rows per page
Query Builder