PT-2025-32191 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This issue is...

CVE-2025-6231

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file...

CVE-2025-52989

An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted...

CVE-2025-52989

An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted...

CVE-2025-52989 Junos OS and Junos OS Evolved: Annotate configuration command can be used to change the configuration

An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted...

CVE-2025-52954

CVE-2025-52954 affects Juniper Networks Junos OS Evolved: a Missing Authorization vulnerability in the internal VRF allows a local, low-privileged user who can send packets over the VRF to gain root privileges and modify configuration, enabling system compromise. Impact is elevation of privileges...

CVE-2025-3498

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...

Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 安全漏洞

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper...

CVE-2025-25268

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication...

CVE-2025-3498

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...

CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...

CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...

PT-2025-29258 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 22.2R3-S7 Juniper Networks Junos OS versions 22.4 before 22.4R3-S7 Juniper Networks Junos OS versions 23.2 before 23.2R2-S4 Juniper Networks Junos OS versions 23.4 before 23.4R2-S4 Juniper Networks...

CVE-2025-25268

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication...

CVE-2025-25268

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication...

CVE-2025-25268

Phoenix Contact CHARX SEC-3150 (and related CHARX SEC-3xxx) devices expose a configuration service (TCP port 5001) that allows network-adjacent attackers to bypass authentication and modify configuration via an API endpoint, leading to read/write access. The issue is due to a lack of authenticati...

CVE-2025-25268 Unauthenticated Configuration Access via Exposed API Endpoint

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication...

CVE-2025-33117

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands...

CVE-2025-33117 IBM QRadar SIEM command execution

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands...

PT-2025-26228 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 Description: The issue allows a privileged user to modify configuration files, enabling the upload of a malicious autoupdate file to execute arbitrary commands. Recommendations: For...