Lucene search
K
Bdu FstecRecent

90709 matches found

BDU FSTEC
BDU FSTEC
added 2026/01/13 12:0 a.m.3 views

The vulnerability of the Firmware Update Service software in D-Link DCS-850L video surveillance cameras allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Firmware Update Service in D-Link DCS-850L video surveillance cameras is related to an incorrect limit on the path to the restricted directory during the processing of the DownloadFile parameter. Exploiting this vulnerability can allow an attacker to gain unauthorized...

3.5CVSS5.8AI score0.00536EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/13 12:0 a.m.1 views

The vulnerability of the ping function in the iputils utility, which allows a hacker to cause a service failure

The vulnerability of the ping function in the iputils utility is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to cause a service failure using a specially created ICMP Echo Reply packet...

6.5CVSS7.4AI score0.00324EPSS
Exploits0References7Affected Software6
BDU FSTEC
BDU FSTEC
added 2026/01/13 12:0 a.m.3 views

The vulnerability of the formSetRemoteInternetLanInfo() function (/goform/setInternetLanInfo) in the Tenda M3 router software allows a hacker to cause a service failure.

The vulnerability of the formSetRemoteInternetLanInfo function /goform/setInternetLanInfo in the Tenda M3 router software lies in the issue of the operation going beyond the buffer in memory when processing parameters such as portIp, portMask, portGateWay, portDns, and portSecDns. Exploiting this...

9CVSS7.5AI score0.02475EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2026/01/13 12:0 a.m.4 views

The vulnerability in the cmdOk.xml script of the “Smart Home” system creation platform Lares 4.0 allows a hacker to redirect a user to an arbitrary URL address.

The vulnerability in the cmdOk.xml script of the “Smart Home” system Lares 4.0 involves redirecting the URL to an unreliable website when processing the redirectPage parameter. Exploiting this vulnerability allows a malicious actor to redirect users to any given URL address...

5CVSS5.8AI score0.00234EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/13 12:0 a.m.3 views

The vulnerability of the Lares 4.0 platform for creating a “Smart Home” system, which stems from the use of strictly encrypted user data, allows a intruder to gain full control over the system or cause service interruptions.

The vulnerability of the Lares 4.0 platform for creating a “Smart Home” system lies in the use of strictly encrypted user credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the system or cause service interruptions...

10CVSS5.8AI score0.0053EPSS
Exploits2References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.7 views

The vulnerability of the Windows Operating System’s Telephony Service allows attackers to exploit their privileges.

The vulnerability of the Windows Operating System’s Telephony Service is related to improper external management of file names or file paths. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

8CVSS5.7AI score0.0075EPSS
Exploits0References2Affected Software24
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.4 views

The vulnerability of the MongoDB database management system’s server allows a hacker to cause a service failure.

The vulnerability of the MongoDB database management system server is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

6.8CVSS5.8AI score0.00249EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.2 views

The vulnerability of the microprogrammed software of the DVP-12SE11T controllers, related to bypassing authentication using an alternative path or channel, allows a perpetrator to circumvent security restrictions.

The vulnerability of the DVP-12SE11T controller’s microprogramming software relates to the ability to bypass authentication using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions from a remote location...

9.4CVSS6.1AI score0.00273EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.2 views

The vulnerability in the `makeProcessFunction()` function of the `/applications/core/modules/front/system/themeeditor.php` file of the Invision Community (formerly IPS Community Suite) software allows a malicious user to execute arbitrary PHP code.

The vulnerability of the makeProcessFunction function in the /applications/core/modules/front/system/themeeditor.php file of the Invision Community formerly IPS Community Suite software for managing web forums involves a lack of measures to eliminate special elements in the template creation...

10CVSS7.5AI score0.84803EPSS
Exploits6References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.4 views

The vulnerability of the LenelS2 NetBox access control and event monitoring system, due to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of the LenelS2 NetBox access control and event monitoring system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...

7.8CVSS5.5AI score0.00386EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.1 views

The vulnerability of the Remote Access Connection Manager (RASMan) service on Windows operating systems allows a hacker to induce a service failure.

The vulnerability of the Remote Access Connection Manager RASMan service for Windows operating systems is related to pointer swapping errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

7.8CVSS5.8AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.5 views

The vulnerability of the Special Character Handler component in the Radware Cloud software firewall allows attackers to disclose protected information.

The vulnerability of the Special Character Handler component in the Radware Cloud software firewall is related to access control errors. Exploiting this vulnerability can allow a malicious actor to disclose protected information through a specially created HTTP request...

5.3CVSS7.5AI score0.00543EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.5 views

The vulnerability of the web interface of Tenda 4G03 Pro software for routers allows a perpetrator to execute arbitrary commands.

The vulnerability of the web interface of Tenda 4G03 Pro microprogramming software for routers is related to the lack of measures taken to protect data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a specially crafted...

9CVSS6.4AI score
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the Snapshots module of the Nagios Log Server monitoring and analysis software allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Snapshots module of the Nagios Log Server monitoring and analysis software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS5.5AI score0.00466EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the user interface of the Headlamp software for controlling clusters of virtual machines in Kubernetes allows a hacker to execute arbitrary commands.

The vulnerability of the user interface of the Headlamp software for controlling clusters of virtual machines in Kubernetes is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows an attacker to execute...

7.7CVSS6AI score0.00672EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.8 views

The vulnerability of the user interface of Cisco WebEx Meetings software allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of the user interface of Cisco WebEx Meetings software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

5.5CVSS5.5AI score0.00197EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.2 views

The vulnerability of the crypto++ C++ programming language library, related to incorrect authorization, allows attackers to execute arbitrary code.

The vulnerability of the crypto++ C++ programming language library is related to incorrect authorization. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS6.1AI score0.00505EPSS
Exploits0References3Affected Software6
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.4 views

The vulnerability of the microprogrammed network device UTT 1200GW and UTT 1250GW lies in the copying of buffers without checking the size of the input data. This allows a hacker to execute arbitrary code.

The vulnerability of the microprogrammed network devices UTT 1200GW and UTT 1250GW lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS7.6AI score0.0441EPSS
Exploits1References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.2 views

The vulnerability of the fromDhcpListClient() function in the Tenda CH22 router software allows a attacker to trigger a service failure.

The vulnerability of the fromDhcpListClient function in the Tenda CH22 router software relates to the improper release of resources. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failure by sending a specially crafted POST request...

5.3CVSS6.1AI score0.03942EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.2 views

The vulnerability of the Go programming language, related to the shortcomings in the authentication process, allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Go programming language is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker, operating remotely, to compromise the confidentiality and integrity of the protected information...

6.5CVSS7.1AI score0.00274EPSS
Exploits0References6Affected Software4
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.2 views

The vulnerabilities of the functions bind_interdomain_evtchn_to_irq_lateeoi(), find_virq(), and bind_virq_to_irq() (drivers/xen/events/events_base.c) in the Linux operating system kernel allow a malicious actor to trigger a service failure.

The vulnerabilities of the functions bindinterdomainevtchntoirqlateeoi, findvirq, and bindvirqtoirq drivers/xen/events/eventsbase.c in the Linux kernel are related to resource management errors. Exploiting these vulnerabilities can allow an attacker to cause service failures...

3.3CVSS5.8AI score0.00182EPSS
Exploits0References7Affected Software5
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.1 views

The vulnerability of the 389-ds-base package for Debian GNU/Linux and Red Hat Enterprise Linux systems allows a hacker to trigger a service failure.

The vulnerability of the 389-ds-base package for Debian GNU/Linux and Red Hat Enterprise Linux relates to the use of a zero pointer. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service interruptions...

6.8CVSS5.8AI score0.00553EPSS
Exploits0References9Affected Software6
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the JWT Signing Key Handler component in the OneLogin software, which allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the JWT Signing Key Handler component in the OneLogin AD Connector software involves bypassing authentication through spoofing. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

10CVSS5.8AI score0.00535EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the ate_ifconfig_set() function in Tenda AC7 router software allows a hacker to execute arbitrary commands.

The vulnerability of the ateifconfigset function in Tenda AC7 router software relates to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8CVSS6.1AI score0.01674EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of Cisco WebEx Meetings software lies in the redirection of URLs to unreliable websites, allowing attackers to redirect users to arbitrary URL addresses.

The vulnerability of Cisco WebEx Meetings software relates to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary URL addresses...

6.4CVSS5.9AI score0.00219EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.4 views

The vulnerability of the LenelS2 NetBox access control and event monitoring system, due to the lack of measures taken to protect the website structure, allows unauthorized access by attackers to the protected information.

The vulnerability of the LenelS2 NetBox access control and event monitoring system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

6.4CVSS5.8AI score0.00281EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.4 views

The vulnerability of the HTTP GET Request Handler component in the Radware Cloud software firewall allows attackers to disclose protected information.

The vulnerability of the HTTP GET Request Handler component in the Radware Cloud software firewall is related to access control errors. Exploiting this vulnerability can allow a malicious actor to disclose protected information through a specially created HTTP request...

5.3CVSS7.5AI score0.00543EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.4 views

The vulnerability of the Sitecore Experience Manager (XM), Experience Platform (XP), and the Experience Commerce (XC) platform for personalized purchasing processes lies in errors in processing the relative path to the catalog. This allows attackers to gain access to arbitrary files and execute arbitrary code.

The vulnerability of the Sitecore Experience Manager XM, Experience Platform XP, and the Experience Commerce XC platform for personalized purchasing processes is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow an attacker to gain access to...

9CVSS7.8AI score0.09986EPSS
Exploits3References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.5 views

The vulnerability of the formPictureUrl component in the microprogramming software for UTT HiPER 840G allows a attacker to cause a service failure.

The vulnerability of the formPictureUrl component in the UTT HiPER 840G router microprogramming system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

9CVSS7.3AI score0.00795EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.4 views

The vulnerability of the formSetAdPushInfo() function (/goform/setAdPushInfo) in the Tenda M3 router software allows a hacker to trigger a service failure.

The vulnerability of the formSetAdPushInfo function /goform/setAdPushInfo in the Tenda M3 router software is related to the issue where the operation exits the buffer boundaries into memory when processing parameters like mac and terminal. Exploiting this vulnerability could allow a malicious act...

9CVSS7.5AI score0.00632EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the strcpy() function in the microprogramming software for UTT 512W allows a hacker to execute arbitrary code.

The vulnerability of the strcpy function in the UTT 512W router microprogramming system is related to copying buffers without checking the size of the input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially crafted POST request...

9CVSS7.7AI score0.03409EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.5 views

The vulnerability of the MongoDB database management system’s server allows a hacker to cause a service failure.

The vulnerability of the MongoDB database management system server is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor to cause service interruptions...

6.8CVSS5.8AI score0.00192EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of Google Chrome’s browser, related to improper protection of physical external channels, allows attackers to circumvent existing security restrictions.

The vulnerability of Google Chrome relates to improper protection of physical external channels. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions using a specially created HTML page...

5CVSS5.8AI score0.00168EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the “Create User” function of the Nagios Log Server monitoring and analysis software allows a perpetrator to perform cross-site scripting attacks.

The vulnerability of the “Create User” function in the Nagios Log Server monitoring and analysis software exists due to insufficient validation or filtering of data entered by users. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS5.6AI score0.00466EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.5 views

The vulnerability of the formSetPPTPUserList() function in the Tenda AC23 router software allows a intruder to trigger a service failure.

The vulnerability of the formSetPPTPUserList function in the Tenda AC23 router’s microprogramming software is related to the operation of writing data outside the buffer in memory when processing the list parameter. Exploiting this vulnerability could allow a malicious actor to cause service...

9CVSS7.5AI score0.00635EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the ThreatSonar Anti-Ransomware detection and response mechanism lies in its failure to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary code.

The vulnerability of ThreatSonar Anti-Ransomware in detecting and responding to threats stems from the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS6.1AI score0.01054EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.2 views

The vulnerability of the strcpy() function in the /goform/formTaskEdit file of the UTT HiPER 840G router’s microprogramming system, which allows a attacker to cause a service failure.

The vulnerability of the strcpy function in the /goform/formTaskEdit module of the UTT HiPER 840G microprogramming router software is related to the use of memory after deallocation. Exploiting this vulnerability could allow an attacker to cause service failure...

9CVSS7.3AI score0.00894EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the usbnet_resume_rx() function in the drivers/net/usb/usbnet.c module of the Linux kernel allows a hacker to induce a service failure.

The vulnerability of the usbnetresumerx function in the drivers/net/usb/usbnet.c module of the Linux kernel is related to resource management errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6AI score0.00183EPSS
Exploits0References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the httpd-daemon (/usr/sbin/httpd) of the Tenda 4G03 Pro router’s microprogramming system allows a perpetrator to execute arbitrary commands.

The vulnerability of the httpd-daemon /usr/sbin/httpd of the Tenda 4G03 Pro router’s microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a speciall...

9CVSS6.4AI score
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the internal communication and emergency notification system Zenitel VS-IS, due to the failure to take measures to clean up data at the management level, allows a perpetrator to execute arbitrary commands.

The vulnerability of the internal communication and emergency notification system Zenitel VS-IS is related to the failure to take measures for data cleaning at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS6.1AI score0.00361EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.4 views

The vulnerability of the Logstash data collection system allows a malicious user to execute arbitrary code with root privileges and gain full control over the application. This vulnerability in Nagios Log Server enables a hacker to perform unauthorized actions.

The vulnerability of the Logstash data collection system, a software monitoring and logging analysis tool for Nagios Log Servers, is related to errors in privilege management. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code with root privileges and...

10CVSS6.1AI score0.01893EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.2 views

The vulnerability of the Zimbra Collaboration Suite’s email management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the Zimbra Collaboration Suite email management system is related to the lack of measures taken to protect the structure of the web page during processing of the /h/rest endpoint. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

5.5CVSS5.7AI score0.00256EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the microprogrammed software of the DVP-12SE11T controllers, related to insufficient validation of input data, allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed software of the DVP-12SE11T controllers is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause malfunctions in the system...

7.8CVSS6.1AI score0.00277EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the microprogrammed software of the DVP-12SE11T controllers, related to insufficient protection of operational data, allows a intruder to bypass the authentication process.

The vulnerability of the microprogrammed software of the DVP-12SE11T controllers is related to insufficient protection for operational data. Exploiting this vulnerability could allow a malicious actor to bypass authentication procedures remotely...

8.1CVSS6AI score0.00306EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.5 views

The vulnerability of the JWT Signing Key Handler component in the OneLogin software, which allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the JWT Signing Key Handler component in the OneLogin AD Connector software allows unauthorized access to protected information in the error-prone data area. Exploiting this vulnerability can enable a malicious actor to gain unauthorized access to sensitive data...

9.3CVSS5.8AI score0.00446EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.5 views

The vulnerability of the ate_iwpriv_set() function in Tenda AC7 router software allows a hacker to execute arbitrary commands.

The vulnerability of the ateiwprivset function in Tenda AC7 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8CVSS6.1AI score0.01674EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.2 views

The vulnerability of the Linux operating system’s kernel, related to errors during link counter updates, allows a hacker to trigger a service failure.

The vulnerability of the Linux operating system’s kernel is related to errors during the update of the link counters. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS5.8AI score0.00208EPSS
Exploits0References11Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.4 views

The vulnerability of the LenelS2 NetBox access control and event monitoring system, due to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of the LenelS2 NetBox access control and event monitoring system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...

8.5CVSS5.5AI score0.0033EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.4 views

The vulnerability of the MICROSENS NMP Web+ network management platform lies in the use of pre-installed security-related data, which allows attackers to circumvent existing security restrictions.

The vulnerability of the MICROSENS NMP Web+ network management platform lies in the use of pre-installed data related to security. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...

9.4CVSS7.5AI score0.00536EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/12 12:0 a.m.3 views

The vulnerability of the MICROSENS NMP Web+ network management platform lies in the incorrect limitation of the path name to the restricted directory, allowing an attacker to execute arbitrary codes.

The vulnerability of the MICROSENS NMP Web+ network management platform lies in incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS7.8AI score0.00662EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities90709