An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters avail
TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the `Open Object in Tree` endpoint, allowing attackers to steal session cookies and potentially escalate privileges
Cognex In-Sight Explorer and In-Sight Camera Firmware expose
a telnet-based service on port 23 to allow management operations such as
firmware upgrades and device reboots, which require authenticati
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profile
Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This issue affects Salon booking system: from n/a through <= 10.9.
A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known.
External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON
Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject a
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may
A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view
Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI applicati
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can supply HTML/JavaScript in the ctl00$Cont
A vulnerability was found in Cianet ONU GW24AC up to 20250127. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Login. The manipulation
Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path detail
A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the ar
An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users
CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unau
An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters av
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote auth
An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 withou