Lucene search
K

255 matches found

EUVD
EUVD
added 2026/02/27 3:30 a.m.6 views

EUVD-2026-8945

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update update action to achieve remote code execution...

8.8CVSS6.5AI score0.01489EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 3:30 a.m.6 views

EUVD-2026-8952

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action...

8CVSS6.4AI score0.01518EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 3:30 a.m.9 views

EUVD-2026-8946

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route...

8.8CVSS6.3AI score0.01489EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 3:30 a.m.7 views

EUVD-2026-8953

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code executio...

8CVSS6.5AI score0.01518EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/27 3:30 a.m.4 views

EUVD-2026-8944

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route...

8.8CVSS6.4AI score0.01489EPSS
Exploits0References4
OSV
OSV
added 2026/02/27 2:16 a.m.3 views

CVE-2026-25721

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...

8.8CVSS6.4AI score0.01897EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 2:16 a.m.4 views

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

8.8CVSS6.4AI score0.01897EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 2:16 a.m.3 views

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8.8CVSS6.1AI score0.01934EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 2:16 a.m.14 views

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

8.8CVSS0.01897EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 2:16 a.m.16 views

CVE-2026-25721

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...

8.8CVSS0.01897EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 2:16 a.m.18 views

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8.8CVSS0.01934EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 2:16 a.m.5 views

CVE-2026-25105

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...

8.8CVSS6.4AI score0.01897EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 2:16 a.m.9 views

CVE-2026-25037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...

8.8CVSS6.5AI score0.01897EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 2:16 a.m.10 views

CVE-2026-25037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...

8.8CVSS0.01897EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 2:16 a.m.5 views

CVE-2026-25105

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...

8.8CVSS0.01897EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 2:16 a.m.3 views

CVE-2026-23702

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...

8.8CVSS6.4AI score0.01897EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 2:16 a.m.4 views

CVE-2026-20764

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

8.8CVSS6.4AI score0.01934EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 2:16 a.m.8 views

CVE-2026-22877

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack...

9.1CVSS5.9AI score0.00552EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 2:16 a.m.6 views

CVE-2026-24452

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...

8.8CVSS6.4AI score0.01897EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 2:16 a.m.4 views

CVE-2026-20797

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program...

9.8CVSS6AI score0.00777EPSS
Exploits0References3
Rows per page
Query Builder