CVE-2020-37143 - ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service
CVE ID : CVE-2020-37143
Published : Feb. 5, 2026, 4:13 p.m. | 27 minutes ago
Description : ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37143
Published : Feb. 5, 2026, 4:13 p.m. | 27 minutes ago
Description : ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37144 - Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)
CVE ID : CVE-2020-37144
Published : Feb. 5, 2026, 4:13 p.m. | 27 minutes ago
Description : Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without the victim's consent.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37144
Published : Feb. 5, 2026, 4:13 p.m. | 27 minutes ago
Description : Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without the victim's consent.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37145 - HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)
CVE ID : CVE-2020-37145
Published : Feb. 5, 2026, 4:13 p.m. | 27 minutes ago
Description : HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37145
Published : Feb. 5, 2026, 4:13 p.m. | 27 minutes ago
Description : HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37149 - Edimax Technology EW-7438RPn-v3 Mini 1.27 - Cross-Site Request Forgery (CSRF) to Command Execution
CVE ID : CVE-2020-37149
Published : Feb. 5, 2026, 4:13 p.m. | 27 minutes ago
Description : Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's privileges.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37149
Published : Feb. 5, 2026, 4:13 p.m. | 27 minutes ago
Description : Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's privileges.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37150 - Edimax Technology EW-7438RPn-v3 Mini 1.27 - Unauthorized Access: Wi-Fi Password Disclosure
CVE ID : CVE-2020-37150
Published : Feb. 5, 2026, 4:13 p.m. | 27 minutes ago
Description : Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37150
Published : Feb. 5, 2026, 4:13 p.m. | 27 minutes ago
Description : Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37152 - PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS)
CVE ID : CVE-2020-37152
Published : Feb. 5, 2026, 4:13 p.m. | 27 minutes ago
Description : PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37152
Published : Feb. 5, 2026, 4:13 p.m. | 27 minutes ago
Description : PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37148 - P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2020-37148
Published : Feb. 5, 2026, 4:14 p.m. | 26 minutes ago
Description : P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37148
Published : Feb. 5, 2026, 4:14 p.m. | 26 minutes ago
Description : P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37151 - phpMyChat Plus 1.98 'deluser.php' SQL Injection
CVE ID : CVE-2020-37151
Published : Feb. 5, 2026, 4:15 p.m. | 25 minutes ago
Description : phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37151
Published : Feb. 5, 2026, 4:15 p.m. | 25 minutes ago
Description : phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68721 - Axigen Mail Server SSL Certificate Access Control Bypass
CVE ID : CVE-2025-68721
Published : Feb. 5, 2026, 4:15 p.m. | 25 minutes ago
Description : Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68721
Published : Feb. 5, 2026, 4:15 p.m. | 25 minutes ago
Description : Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68722 - Axigen Mail Server CSRF
CVE ID : CVE-2025-68722
Published : Feb. 5, 2026, 4:15 p.m. | 25 minutes ago
Description : Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes base64-encoded commands queued in the _s parameter immediately after administrator authentication. Attackers can craft malicious URLs that, when clicked by administrators, execute arbitrary administrative actions upon login without further user interaction, including creating rogue administrator accounts or modifying critical server configurations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68722
Published : Feb. 5, 2026, 4:15 p.m. | 25 minutes ago
Description : Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes base64-encoded commands queued in the _s parameter immediately after administrator authentication. Attackers can craft malicious URLs that, when clicked by administrators, execute arbitrary administrative actions upon login without further user interaction, including creating rogue administrator accounts or modifying critical server configurations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15324 - Tanium addressed a local privilege escalation vulnerability in Engage.
CVE ID : CVE-2025-15324
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed a documentation issue in Engage.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15324
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed a documentation issue in Engage.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15325 - Tanium addressed an improper input validation vulnerability in Discover.
CVE ID : CVE-2025-15325
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an improper input validation vulnerability in Discover.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15325
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an improper input validation vulnerability in Discover.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15326 - Tanium addressed an improper access controls vulnerability in Patch.
CVE ID : CVE-2025-15326
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an improper access controls vulnerability in Patch.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15326
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an improper access controls vulnerability in Patch.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15327 - Tanium addressed an improper access controls vulnerability in Deploy.
CVE ID : CVE-2025-15327
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an improper access controls vulnerability in Deploy.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15327
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an improper access controls vulnerability in Deploy.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15328 - Tanium addressed an improper link resolution before file access vulnerability in Enforce.
CVE ID : CVE-2025-15328
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an improper link resolution before file access vulnerability in Enforce.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15328
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an improper link resolution before file access vulnerability in Enforce.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15329 - Tanium addressed an information disclosure vulnerability in Threat Response.
CVE ID : CVE-2025-15329
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an information disclosure vulnerability in Threat Response.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15329
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an information disclosure vulnerability in Threat Response.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15330 - Tanium addressed an improper input validation vulnerability in Deploy.
CVE ID : CVE-2025-15330
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an improper input validation vulnerability in Deploy.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15330
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an improper input validation vulnerability in Deploy.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15331 - Tanium addressed an uncontrolled resource consumption vulnerability in Connect.
CVE ID : CVE-2025-15331
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an uncontrolled resource consumption vulnerability in Connect.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15331
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an uncontrolled resource consumption vulnerability in Connect.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15332 - Tanium addressed an information disclosure vulnerability in Threat Response.
CVE ID : CVE-2025-15332
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an information disclosure vulnerability in Threat Response.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15332
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an information disclosure vulnerability in Threat Response.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15333 - Tanium addressed an information disclosure vulnerability in Threat Response.
CVE ID : CVE-2025-15333
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an information disclosure vulnerability in Threat Response.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15333
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an information disclosure vulnerability in Threat Response.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15334 - Tanium addressed an information disclosure vulnerability in Threat Response.
CVE ID : CVE-2025-15334
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an information disclosure vulnerability in Threat Response.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15334
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an information disclosure vulnerability in Threat Response.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...