Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nedi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-40895
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote malicious user to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a differe...
Nedi Nedi
Nedi Nedi 1.0.7
6.8
CVSSv2
CVE-2018-20728
A cross site request forgery (CSRF) vulnerability in NeDi prior to 1.7Cp3 allows remote malicious users to escalate privileges via User-Management.php.
Nedi Nedi
4.3
CVSSv2
CVE-2018-20731
A stored cross site scripting (XSS) vulnerability in NeDi prior to 1.7Cp3 allows remote malicious users to inject arbitrary web script or HTML via User-Chat.php.
Nedi Nedi
6.5
CVSSv2
CVE-2018-20727
Multiple command injection vulnerabilities in NeDi prior to 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.
Nedi Nedi
4.3
CVSSv2
CVE-2018-20729
A reflected cross site scripting (XSS) vulnerability in NeDi prior to 1.7Cp3 allows remote malicious users to inject arbitrary web script or HTML via the reg parameter in mh.php.
Nedi Nedi
5
CVSSv2
CVE-2018-20730
A SQL injection vulnerability in NeDi prior to 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.
Nedi Nedi
4.3
CVSSv2
CVE-2020-14413
NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Device...
Nedi Nedi 1.9c
4
CVSSv2
CVE-2021-26751
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an malicious user to access all the data in the database and obtain access to the NeDi applicat...
Nedi Nedi 1.9c
3.5
CVSSv2
CVE-2020-15028
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an malicious user to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.
Nedi Nedi 1.9c
3.5
CVSSv2
CVE-2020-15029
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an malicious user to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.
Nedi Nedi 1.9c
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »