CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

894 matches found

CVE-2026-20148

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is...

4.9CVSS5.7AI score0.00085EPSS

Exploits0References1

RedhatCVE•added yesterday•2 views

CVE-2026-20180

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS6.5AI score0.00469EPSS

Exploits1References1

RedhatCVE•added yesterday•3 views

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS6.5AI score0.00321EPSS

Exploits0References1

Packet Storm•added 2026/05/11 12:0 a.m.•47 views

📄 Cisco ISE 2.2 Remote Code Execution

This Metasploit module exploits an unauthorized file upload vulnerability in Cisco ISE. A ZIP file containing a JSP file with a manipulated path path traversal is uploaded. The webshell is then extracted to the webapps folder...

10CVSS7.5AI score0.00591EPSS

Exploits3

NVD•added 2026/05/06 5:16 p.m.•3 views

CVE-2026-20193

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS0.0003EPSS

Exploits0References1

Vulnrichment•added 2026/05/06 4:15 p.m.•3 views

CVE-2026-20193 Cisco Identity Services Engine Authentication Bypass Vulnerability

4.3CVSS5.8AI score0.0003EPSS

Exploits0References1

Vulnrichment•added 2026/05/06 4:14 p.m.•5 views

CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

5.3CVSS5.8AI score0.00037EPSS

Exploits0References1

CVE•added 2026/05/06 4:14 p.m.•9 views

CVE-2026-20195

The CVE concerns Cisco Identity Services Engine (ISE) where an identity management API endpoint exposes error-based responses that let unauthenticated remote attackers enumerate valid usernames. The issue stems from observable error messages when the affected API is invoked, enabling an attacker ...

5.3CVSS5.8AI score0.00037EPSS

Exploits0References1

Tenable Nessus•added 2026/04/24 12:0 a.m.•2 views

Cisco Identity Services Engine Remote Code Execution Vulnerability (regreSSHion) (cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Identity Services Engine is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Identity Services Engine due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime...

8.1CVSS8.2AI score0.63835EPSS

Exploits68References3

EUVD•added 2026/04/15 6:31 p.m.•3 views

EUVD-2026-22962

9.9CVSS6.2AI score0.00321EPSS

Exploits0References2

EUVD•added 2026/04/15 6:31 p.m.•1 views

EUVD-2026-22958

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

4.8CVSS5.8AI score0.00039EPSS

Exploits0References2

NVD•added 2026/04/15 5:17 p.m.•2 views

CVE-2026-20180

9.9CVSS0.00469EPSS

Exploits1References1

NVD•added 2026/04/15 5:17 p.m.•1 views

CVE-2026-20186

9.9CVSS0.00377EPSS

Exploits0References1

NVD•added 2026/04/15 5:17 p.m.•0 views

CVE-2026-20132

4.8CVSS0.00039EPSS

Exploits0References1

CVE•added 2026/04/15 4:11 p.m.•44 views

CVE-2026-20136

CVE-2026-20136 affects Cisco Identity Services Engine (ISE) and ISE-PIC CLI. Root cause: insufficient input validation enabling crafted CLI input to trigger command injection and elevate privileges to root on the underlying OS. Impact: authenticated, local admin can gain root privileges. Exploita...

6CVSS5.8AI score0.0004EPSS

Exploits0References1

CVE•added 2026/04/15 4:3 p.m.•11 views

CVE-2026-20148

Cisco Identity Services Engine (ISE) and ISE-PIC are affected by a path traversal vulnerability due to improper input validation. An authenticated attacker with administrative credentials can issue a crafted HTTP request to read arbitrary files on the underlying OS. Exploitation details indicate ...

4.9CVSS6AI score0.00085EPSS

Exploits0References1

Vulnrichment•added 2026/04/15 4:3 p.m.•2 views

CVE-2026-20147 Cisco Identity Services Engine Remote Code Execution Vulnerability

9.9CVSS6.2AI score0.00321EPSS

Exploits0References1

CVE•added 2026/04/15 4:3 p.m.•51 views

CVE-2026-20132

Cisco Identity Services Engine (ISE) web-based management interface contains multiple XSS weaknesses due to insufficient input sanitization. Exploitation requires an authenticated user with administrative write privileges; an attacker could trigger stored or reflected XSS by convincing a user to ...

4.8CVSS5.8AI score0.00039EPSS

Exploits0References1