CISA

46 exploits Active since Aug 2014
CVE-2019-19781 NOMISEC CRITICAL SCANNER
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
109 stars
CVSS 9.8
CVE-2019-11510 NOMISEC CRITICAL SCANNER
Pulse Secure PCS <9.0R3.4 - Info Disclosure
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
28 stars
CVSS 10.0
CVE-2019-19781 NOMISEC CRITICAL SCANNER
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
CVSS 9.8
CVE-2026-31927 WRITEUP MEDIUM WRITEUP
Anviz CX7 Firmware Relative Path Traversal
Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes
CVSS 4.9
CVE-2026-32324 WRITEUP HIGH WRITEUP
Anviz CX7 Firmware Use of Hard-coded Cryptographic Key
Anviz CX7 Firmware is  vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale.
CVSS 7.7
CVE-2026-32648 WRITEUP MEDIUM WRITEUP
Anviz Products Missing Authorization
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in reconnaissance against the device.
CVSS 5.3
CVE-2026-32650 WRITEUP HIGH WRITEUP
Anviz CrossChex Standard Algorithm Downgrade
Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.
CVSS 7.5
CVE-2026-33093 WRITEUP MEDIUM WRITEUP
Anviz Products Missing Authorization
Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment.
CVSS 5.3
CVE-2026-33569 WRITEUP MEDIUM WRITEUP
Anviz Products Cleartext Transmission of Sensitive Information
Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device.
CVSS 6.5
CVE-2026-35061 WRITEUP MEDIUM WRITEUP
Anviz Products Missing Authorization
Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery.
CVSS 5.3
CVE-2026-35546 WRITEUP CRITICAL WRITEUP
Anviz Products Missing Authentication for Critical Function
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.
CVSS 9.8
CVE-2026-35682 WRITEUP HIGH WRITEUP
Anviz CX2 Lite Command Injection
Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access.
CVSS 8.8
CVE-2026-40066 WRITEUP HIGH WRITEUP
Anviz Products Download of Code Without Integrity Check
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution.
CVSS 8.8
CVE-2026-40434 WRITEUP HIGH WRITEUP
Anviz CrossChex Standard Improper Verification of Source of a Communication Channel
Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.
CVSS 8.1
CVE-2026-40461 WRITEUP HIGH WRITEUP
Anviz Products Missing Authentication for Critical Function
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise.
CVSS 7.5
CVE-2026-6284 WRITEUP CRITICAL WRITEUP
Horner Automation Cscape and XL4, XL7 PLC Weak password requirements
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.
CVSS 9.1
CVE-2026-24790 WRITEUP HIGH WRITEUP
PLC Device - Command Injection
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
CVSS 8.2
CVE-2014-2380 WRITEUP WRITEUP
Schneider Electric Wonderware Information Server - Info Disclosure
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.
CVE-2014-2381 WRITEUP WRITEUP
Schneider Electric Wonderware Information Server - Info Disclosure
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.
CVE-2014-5397 WRITEUP WRITEUP
Invensys Wonderware Information Server - XSS
Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5398 WRITEUP WRITEUP
Invensys Wonderware Information Server - Improper Input Validation
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-5399 WRITEUP WRITEUP
Invensys Wonderware Information Server - SQL Injection
SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-5400 WRITEUP WRITEUP
Hospira Mednet < 5.8 - Information Disclosure
The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.
CVE-2014-5401 WRITEUP CRITICAL WRITEUP
Hospira Mednet < 5.8 - Code Injection
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.
CVSS 9.8
CVE-2014-5403 WRITEUP WRITEUP
Hospira MedNet <6.1 - Info Disclosure
Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.