Lucene search
K

255 matches found

Cvelist
Cvelist
added 2026/02/27 12:59 a.m.24 views

CVE-2026-25037 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...

8CVSS0.01897EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 12:59 a.m.31 views

CVE-2026-25037

CVE-2026-25037 affects Copeland/ XWEB Pro software, with OS command injection in XWEB Pro 1.12.1 and earlier. The vulnerability arises when a specially crafted LCD state is processed during system setup, allowing an authenticated attacker to achieve remote code execution on the affected system. P...

8.8CVSS6.5AI score0.01897EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:59 a.m.3 views

CVE-2026-25037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...

8.8CVSS6.5AI score0.01897EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 12:58 a.m.7 views

CVE-2026-25196 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

8CVSS6.6AI score0.01897EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/27 12:58 a.m.22 views

CVE-2026-25196 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

8CVSS0.01897EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 12:58 a.m.22 views

CVE-2026-25196

CVE-2026-25196 is an OS command injection affecting XWEB Pro before 1.12.1. An authenticated attacker can achieve remote code execution by supplying malicious input in the Wi‑Fi SSID and/or password fields during configuration processing. Multiple sources (Red Hat, NVD, EUVD, CVE records) describ...

8.8CVSS6.3AI score0.01897EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:58 a.m.4 views

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

8.8CVSS6.4AI score0.01897EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 12:56 a.m.5 views

CVE-2026-20764 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

8CVSS6.6AI score0.01934EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 12:56 a.m.15 views

CVE-2026-20764

CVE-2026-20764 affects Copeland XWEB Pro (versions prior to 1.12.1). An authenticated user can supply malicious input through the device hostname configuration, which is processed during system setup, resulting in OS command injection and remote code execution. Red Hat security notes the same vul...

8.8CVSS6.3AI score0.01934EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/27 12:56 a.m.20 views

CVE-2026-20764 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

8CVSS0.01934EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:56 a.m.4 views

CVE-2026-20764

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

8.8CVSS6.4AI score0.01934EPSS
Exploits0References4
CVE
CVE
added 2026/02/27 12:55 a.m.21 views

CVE-2026-25721

CVE-2026-25721 affects XWEB Pro ≤ 1.12.1. An authenticated user can exploit OS command injection via the restore action in API V1 by injecting input into the server username and/or password fields, enabling remote code execution. Red Hat and ENISA references corroborate the weakness. Remediation ...

8.8CVSS6.3AI score0.01897EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 12:55 a.m.6 views

CVE-2026-25721 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...

8CVSS6.6AI score0.01897EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:55 a.m.3 views

CVE-2026-25721

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...

8.8CVSS6.4AI score0.01897EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 12:54 a.m.26 views

CVE-2026-23702 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...

8CVSS0.01897EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:54 a.m.2 views

CVE-2026-23702

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...

8.8CVSS6.4AI score0.01897EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 12:54 a.m.5 views

CVE-2026-23702 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...

8CVSS6.6AI score0.01897EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 12:54 a.m.13 views

CVE-2026-23702

CVE-2026-23702 affects XWEB Pro (v1.12.1 and earlier). AOS command injection in the API V1 route’s import preconfiguration action allows an authenticated attacker to achieve remote code execution by sending crafted input in the server username field. Impact is high (remote code execution, post-au...

8.8CVSS6.4AI score0.01897EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 12:53 a.m.4 views

CVE-2026-24452 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...

8CVSS6.6AI score0.01897EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:53 a.m.4 views

CVE-2026-24452

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...

8.8CVSS6.4AI score0.01897EPSS
Exploits0References4
Rows per page
Query Builder