Lucene search
K

255 matches found

Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.11 views

PT-2026-22274

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An operating system command injection issue exists in XWEB Pro, allowing an authenticated attacker to execute code remotely on the system. This is achieved by providing a manipulated template file ...

8.8CVSS6.1AI score0.01897EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.12 views

PT-2026-22271

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A stack-based buffer overflow exists in an API route of XWEB Pro. This allows unauthenticated attackers to cause stack corruption and program termination. The vulnerable API route is not specified...

9.8CVSS6.1AI score0.00777EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.11 views

Copeland XWEB PRO 操作系统命令注入漏洞

Copeland XWEB PRO is an advanced commercial and industrial refrigeration monitoring and management system developed by the American company Copeland. Versions of Copeland XWEB PRO prior to 1.12.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed...

8.8CVSS6.2AI score0.01934EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.15 views

PT-2026-22256

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An unauthenticated attacker can execute commands on the system remotely. This is possible by sending a specially crafted request to the libraries installation route and injecting malicious input in...

9.8CVSS6.6AI score0.0226EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

Copeland XWEB PRO 操作系统命令注入漏洞

Copeland XWEB PRO is an advanced commercial and industrial refrigeration monitoring and management system developed by the American company Copeland. Versions of Copeland XWEB PRO prior to 1.12.1 contained a vulnerability related to operating system command injection. This vulnerability arises fr...

8.8CVSS6.2AI score0.01897EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22273

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code on the system. This is possible by submitting crafted input into the username field of the import preconfiguration action via the API ...

8.8CVSS6.1AI score0.01897EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.15 views

PT-2026-22277

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code on the system remotely. This is achieved by injecting malicious input into the Wi-Fi SSID and/or password fields. Processing the...

8.8CVSS6.3AI score0.01897EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

Copeland多款产品 操作系统命令注入漏洞

Copeland XWEB 500D PRO and Copeland XWEB 500B PRO are advanced commercial and industrial refrigeration monitoring and management systems from the American company Copeland. Several products of Copeland have vulnerabilities related to operating system command injection. This vulnerability arises...

8.8CVSS6.2AI score0.01934EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

Copeland多款产品 操作系统命令注入漏洞

Copeland XWEB 300D PRO, among others, are advanced commercial and industrial refrigeration monitoring and management systems developed by the American company Copeland. Several Copeland products have vulnerabilities related to operating system command injection. These vulnerabilities stem from...

8.8CVSS6.2AI score0.01489EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

Copeland多款产品 操作系统命令注入漏洞

Both the Copeland XWEB 500D PRO and Copeland XWEB 500B PRO are advanced commercial and industrial refrigeration monitoring and management systems from the American company Copeland. Several Copeland products have a vulnerability related to operating system command injection. This vulnerability...

8CVSS6.2AI score0.01447EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.8 views

PT-2026-22257

Name of the Vulnerable Software and Affected Versions XWEB Pro versions 1.12.1 and earlier Description A flaw exists that allows a logged-in attacker to execute code remotely on a system. This is possible by injecting malicious input into the devices field within the firmware update apply action...

8.8CVSS6.1AI score0.01518EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

Copeland XWEB PRO 操作系统命令注入漏洞

Copeland XWEB PRO is an advanced commercial and industrial refrigeration monitoring and management system developed by the American company Copeland. Versions of Copeland XWEB PRO prior to 1.12.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed...

8.8CVSS6.3AI score0.01518EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.11 views

Copeland XWEB PRO 操作系统命令注入漏洞

Copeland XWEB PRO is an advanced commercial and industrial refrigeration monitoring and management system developed by the American company Copeland. Versions of Copeland XWEB PRO prior to 1.12.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed...

9.8CVSS6.2AI score0.0226EPSS
Exploits0References3
ICS
ICS
added 2026/02/26 7:0 a.m.13 views

Copeland XWEB and XWEB Pro

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, cause a denial-of-service condition, cause memory corruption, and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...

7.1AI score
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-4709

Malware in sbrugna...

6.8CVSS6.4AI score0.06898EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 9:10 p.m.8 views

CVE-2021-45427

Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal...

9.8CVSS7.4AI score0.19038EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/01/31 12:0 a.m.7 views

The vulnerability of the server for computer control and monitoring of Emerson Dixell XWEB-500 allows a intruder to execute arbitrary code.

The vulnerability of the server for computer control and monitoring of refrigeration equipment from Emerson Dixell XWEB-500 is related to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

10CVSS7.4AI score0.1755EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/01/31 12:0 a.m.7 views

The vulnerability of the server for computer control and monitoring systems of Emerson Dixell XWEB-500 allows a intruder to disclose protected information.

The vulnerability of the server used for computer control and monitoring of Emerson Dixell XWEB-500 relates to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose the protected information...

7.8CVSS7AI score0.01264EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2024/01/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can...

10CVSS7.4AI score0.1755EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/09/12 8:18 a.m.3 views

Malicious code in xweb_3.0_component_lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f6b7e56dbb18ea6a0d7b22a4334b7303140d6c041322360074890df204e941a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder