CISA

56 exploits Active since Aug 2014
CVE-2019-19781 NOMISEC CRITICAL SCANNER
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
109 stars
CVSS 9.8
CVE-2019-11510 NOMISEC CRITICAL SCANNER
Pulse Secure PCS <9.0R3.4 - Info Disclosure
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
28 stars
CVSS 10.0
CVE-2019-19781 NOMISEC CRITICAL SCANNER
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
CVSS 9.8
CVE-2026-50005 WRITEUP HIGH WRITEUP
Brickcom Cameras Use of Default Credentials
Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
CVSS 7.7
CVE-2026-50245 WRITEUP HIGH WRITEUP
Brickcom Cameras Missing Authentication for Critical Function
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
CVSS 7.7
CVE-2019-10953 WRITEUP HIGH WRITEUP
ABB PM554-TP-ETH Firmware - Denial of Service via Network Packet Flood
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
CVSS 7.5
CVE-2025-53471 WRITEUP MEDIUM WRITEUP
Emerson ValveLink - Info Disclosure
Emerson ValveLink products receive input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CVSS 5.1
CVE-2026-42929 WRITEUP HIGH WRITEUP
MacGregor Voyage Data Recorder (VDR) G4e Use of Hard-coded Credentials
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
CVSS 8.3
CVE-2026-42941 WRITEUP HIGH WRITEUP
MacGregor Voyage Data Recorder (VDR) G4e Use of Default Credentials
The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.
CVSS 8.3
CVE-2026-42951 WRITEUP MEDIUM WRITEUP
MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.
CVSS 5.4
CVE-2026-44611 WRITEUP MEDIUM WRITEUP
MacGregor Voyage Data Recorder (VDR) G4e Use of Password Hash With Insufficient Computational Effort
Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
CVSS 5.4
CVE-2026-7251 WRITEUP CRITICAL WRITEUP
Eppendorf BioFlo 320 Use of hard-coded password
Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted.
CVSS 9.8
CVE-2021-44228 WRITEUP CRITICAL WRITEUP
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVSS 10.0
CVE-2026-31927 WRITEUP MEDIUM WRITEUP
Anviz CX7 Firmware Relative Path Traversal
Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes
CVSS 4.9
CVE-2026-32324 WRITEUP HIGH WRITEUP
Anviz CX7 Firmware Use of Hard-coded Cryptographic Key
Anviz CX7 Firmware is  vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale.
CVSS 7.7
CVE-2026-32648 WRITEUP MEDIUM WRITEUP
Anviz Products Missing Authorization
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in reconnaissance against the device.
CVSS 5.3
CVE-2026-32650 WRITEUP HIGH WRITEUP
Anviz CrossChex Standard Algorithm Downgrade
Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.
CVSS 7.5
CVE-2026-33093 WRITEUP MEDIUM WRITEUP
Anviz Products Missing Authorization
Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment.
CVSS 5.3
CVE-2026-33569 WRITEUP MEDIUM WRITEUP
Anviz Products Cleartext Transmission of Sensitive Information
Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device.
CVSS 6.5
CVE-2026-35061 WRITEUP MEDIUM WRITEUP
Anviz Products Missing Authorization
Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery.
CVSS 5.3
CVE-2026-35546 WRITEUP CRITICAL WRITEUP
Anviz Products Missing Authentication for Critical Function
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.
CVSS 9.8
CVE-2026-35682 WRITEUP HIGH WRITEUP
Anviz CX2 Lite Command Injection
Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access.
CVSS 8.8
CVE-2026-40066 WRITEUP HIGH WRITEUP
Anviz Products Download of Code Without Integrity Check
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution.
CVSS 8.8
CVE-2026-40434 WRITEUP HIGH WRITEUP
Anviz CrossChex Standard Improper Verification of Source of a Communication Channel
Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.
CVSS 8.1
CVE-2026-40461 WRITEUP HIGH WRITEUP
Anviz Products Missing Authentication for Critical Function
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise.
CVSS 7.5