CVE-2025-20331 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabiliy

A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based managemen...

CVE-2025-20331

CVE-2025-20331 affects Cisco Identity Services Engine (ISE) and Cisco ISE-PIC, via the web-based management interface. It enables stored XSS when an attacker with at least a low-privileged account authenticates and injects malicious code into interface pages. Impact from the sources indicates exe...

CVE-2024-20331

A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to prevent users from authenticating. This vulnerabili...

CVE-2022-20331

In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2024-20331

creationtimestamp| type| source ---|---|--- 2024-10-23 19:54:35+00:00| seen| https://t.me/cvedetector/8734...

CVE-2022-20331

CVE-2022-20331 affects the Android 13 Framework. A tapjacking/overlay flaw can enable a work profile without user consent, causing local escalation of privilege. Exploitation requires user interaction but does not need extra execution privileges. CVSS v3.1 base score is High (7.8) with LOCAL atta...

CVE-2022-20331

In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2021-20331 MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application

Specific versions of the MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser",...

CVE-2021-20331

CVE-2021-20331 affects the MongoDB C# Driver versions 2.12.x up to and including 2.12.1. Root cause: when an application enables the command listener, certain authentication-related events (saslStart, saslContinue, isMaster, createUser, updateUser) may be published and may contain sensitive data....

CVE-2018-20331

The CVE entry describes a local kernel-space vulnerability in Antiy AVL ATool v1.0.0.22. The flaw resides in the ssdt.sys driver’s handling of IOCTL 0x80002004, where insufficient validation of user-supplied data length can trigger a Kernel Pool Buffer Overflow. Exploitation by a locally privileg...