EisBaer Scada - CWE-285: Improper Authorization
Soundminer – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges.
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges.
SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user
SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method
SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element
A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.
StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352)
StarTrinity Softswitch version 2023-02-16 - Open Redirect (CWE-601)
StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79)
StarTrinity Softswitch version 2023-02-16 - Multiple Reflected XSS (CWE-79)
Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials
Farsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities (CWE-79) can be exploited by a user with administrator privilege.
7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
Synel Terminals - CWE-494: Download of Code Without Integrity Check
Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File
Tadiran Telecom Aeonix - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy
AnaSystem SensMini M4 – Using the configuration tool, an authenticated user can cause Denial of Service for the device
JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials
Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025.
Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection'
Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials
Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method.
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.
D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method.
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts
EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation.
A Mazda model (2015-2016) can be unlocked via an unspecified method.
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.
ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified request.
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
ROZCOM client CWE-798: Use of Hard-coded Credentials
Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint.
AgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request.
WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request.
WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal
EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method.
AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request.
AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request.
Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive information through an unspecified request.
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request.
Electra Central AC unit – The unit opens an AP with an easily calculated password.
Electra Central AC unit – Adjacent attacker may cause the unit to load unauthorized FW.