805 matches found
CVE-2026-20017
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This...
CVE-2026-20017 Cisco Secure FTD Software Authenticated Command Injection Vulnerability
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This...
Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 操作系统命令注入漏洞
Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...
Cisco Secure Firewall Threat Defense 安全漏洞
Cisco Secure Firewall Threat Defense is an integrated firewall platform developed by the American company Cisco. There is a security vulnerability present in Cisco Secure Firewall Threat Defense, which stems from insufficient validation of command parameters provided by users. This vulnerability...
Cisco Secure Firewall Threat Defense 参数注入漏洞
Cisco Secure Firewall Threat Defense is an integrated firewall platform developed by Cisco, a US company. Cisco Secure Firewall Threat Defense has a parameter injection vulnerability. This vulnerability stems from insufficient validation of command parameters provided by users, which may allow...
Cisco Secure Firewall Threat Defense 代码问题漏洞
Cisco Secure Firewall Threat Defense is an integrated firewall platform developed by the American company Cisco. There is a code vulnerability in Cisco Secure Firewall Threat Defense, which stems from improper input validation provided by users. This vulnerability could allow authenticated local...
PT-2026-22976
A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker...
PT-2026-23022
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This...
PT-2026-23014
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This...
CVE-2025-64427
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...
CVE-2025-64427
ZimaOS (a CasaOS fork for Zima devices and x86-64 with UEFI) is vulnerable to Server-Side Request Forgery (SSRF) in version 1.5.0 and earlier. An authenticated local user can craft requests to internal targets (127.0.0.1, localhost, private ranges) due to insufficient URL validation/restriction, ...
CVE-2025-64427 ZimaOS is vulnerable to Server-Side Request Forgery (SSRF)
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...
ZimaOS 代码问题漏洞
ZimaOS is an open-source operating system project by IceWhaleTech, aimed at providing a lightweight, high-performance, and secure operating system environment. ZimaOS versions 1.5.0 and earlier have code vulnerabilities; these vulnerabilities stem from insufficient validation or restrictions on...
PT-2026-22627
Name of the Vulnerable Software and Affected Versions ZimaOS versions prior to 1.5.1 Description ZimaOS, a fork of CasaOS, is susceptible to a flaw stemming from inadequate validation or restriction of target URLs. An authenticated local user can construct requests that target internal IP...
Cisco Catalyst SD-WAN Manager < 20.18 Multiple Vulnerabilities (cisco-sa-sdwan-authbp-qwCX8D4v)
According to its self-reported version, Cisco Catalyst SD-WAN Manager is affected by multiple vulnerabilities: - A vulnerability could allow an unauthenticated, remote attacker to bypass authentication mechanisms and gain unauthorized access to the system. CVE-2026-20129 - A vulnerability could...
EUVD-2026-8672
A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. To exploit this vulnerability, the attacker...
CVE-2026-20099
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is...
CVE-2026-20107
The CVE concerns Cisco Application Policy Infrastructure Controller (APIC) in the Object Model CLI. A vulnerability in the CLI input validation could allow an authenticated, local attacker with any role granting CLI access to issue crafted commands and trigger a device reload, causing a DoS. Affe...
CVE-2026-20128 Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...
CVE-2026-20128
CVE-2026-20128 affects Cisco Catalyst SD-WAN Manager: Data Collection Agent stores the DCA password in a recoverable credential file on the filesystem, enabling an authenticated, local attacker with valid vManage credentials to read the file and gain DCA user privileges, potentially compromising ...