| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques. |
| AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated script-management endpoint at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplied data directly to a server-side file path under the privileges of the web service account, which runs as NT AUTHORITY\\SYSTEM on Windows deployments. A remote, unauthenticated attacker can write arbitrary files into the product’s web-accessible directory structure and subsequently execute them. |
| AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates the directory if it does not exist, and then moves an uploaded file to that location using the attacker-controlled filename, without any authentication, authorization, or file-type validation. On default Windows deployments where the backup directory resolves to the system drive, a remote attacker can upload web server or interpreter configuration files that cause a log file or other server-controlled resource to be treated as executable code. This allows subsequent HTTP requests to trigger arbitrary command execution under the web server account, which runs as NT AUTHORITY\\SYSTEM. |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editar_categoria.php endpoint. The application fails to properly validate and sanitize user inputs in the id_categoria parameter, which allows attackers to inject malicious SQL payloads for direct execution. This issue is fixed in version 3.5.5. |
| Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Versions 1.4.0 through 1.4.16 contain a prototype pollution vulnerability in `mergeDeep` after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an any type that is set as a standalone guard, to allow for the `__proto__ prop` to be merged. When combined with GHSA-8vch-m3f4-q8jf this allows for a full RCE by an attacker. This issue is fixed in version 1.4.17. To workaround, remove the `__proto__ key` from body. |
| FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23. |
| Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby Server administration, not at the OS level). Other than network access, no specific preconditions need to be fulfilled for a server to be vulnerable. This issue is fixed in version 4.9.1.81. |
| MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials. |
| Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication. |
| Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite device settings. |
| COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel. |
| COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access. |
| Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload. |
| Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types. |
| Hard-coded cryptographic keys in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI |
| Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role settings without authentication. |
| Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service. |
| Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative users without authentication, bypassing security controls. |
| A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL. |
| Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method.
Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data received, allowing an attacker with access to the local machine or internal network to impersonate the legitimate WebSocket and inject manipulated information.
Exploiting this vulnerability could allow an attacker to authenticate as any user in the domain, without the need for valid credentials, compromising the confidentiality, integrity, and availability of the application and its data. |
