Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via improper handling of dynamic template rendering in the HTTP Meta Info field of the Global Preferences Presentation section. An attacker can execute arbitrary...

PT-2025-34115 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine affected versions not specified Description: A vulnerability in the GUI of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative privileges to upload files to an...

Cisco Identity Services Engine (cisco-sa-ise-file-upload-qksX6C8g)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the GUI of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to...

CVE-2025-20238

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this...

CVE-2025-5466

XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to trigger a denial of...

CVE-2025-8297

Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2024-53946

CVE-2024-53946 concerns the KuWFi 4G LTE AC900 router (version 1.0.13). The core issue is Cross-Site Request Forgery (CSRF) on the router’s web management interface, which can coerce an authenticated admin into performing unintended actions. Documents also reference exploitation of a command inje...

CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

CVE-2025-8297

Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2025-5466

XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to trigger a denial of...

CVE-2025-8297

Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2025-5466

XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to trigger a denial of...

CVE-2025-5466

CVE-2025-5466 is an XML External Entity (XEE) vulnerability affecting Ivanti Connect Secure, Policy Secure, ZTA Gateway, and Neurons for Secure Access. The issue allows a remote authenticated attacker with admin privileges to trigger a denial of service. Affected versions before the stated fixes ...

CVE-2025-8297

CVE-2025-8297 affects Ivanti Avalanche prior to version 6.4.8.8008. Multiple sources describe an incomplete configuration restriction that enables a remote authenticated attacker with admin privileges to achieve remote code execution. The confirmed impact is remote code execution with high severi...

CVE-2025-8297

Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2025-8296

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution...

PT-2025-32679 · Ivanti · Ivanti Connect Secure +3

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.8 and 22.8R2 Ivanti Policy Secure versions prior to 22.7R1.5 Ivanti ZTA Gateway versions prior to 22.8R2.3-723 Ivanti Neurons for Secure Access versions prior to 22.8R1.4 Description: An XML...

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

CVE-2025-50286

Grav CMS v1.7.48 is affected by an authenticated RCE via the Admin Panel’s /admin/tools/direct-install feature. An authenticated administrator can upload a malicious plugin (e.g., ZIP with arbitrary PHP) that is extracted and loaded, enabling arbitrary PHP code execution and a reverse shell. The ...