Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

322 matches found

Tenable Nessus
Tenable Nessusadded 2020/01/31 12:0 a.m.24 views

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability (cisco-sa-ucm-csrf-NbhZTxL)

According to its self-reported version, Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected device. This is due to due to insufficient CSRF protections. An attacker could exploit this vulnerability...

8.8CVSS6.9AI score0.00536EPSS
Exploits0References3
Prion
Prionadded 2020/01/23 9:15 p.m.21 views

Cross site scripting

An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site...

3.5CVSS5.1AI score0.00802EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2020/01/23 9:15 p.m.24 views

PYSEC-2020-86

An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site...

5.4CVSS4.5AI score0.00802EPSS
Exploits0References5
Packet Storm
Packet Stormadded 2019/12/30 12:0 a.m.148 views

WEMS BEMS 21.3.1 Undocumented Backdoor Account

WEMS BEMS 21.3.1 Undocumented Backdoor Account Vendor: WEMS Limited Product web page: https://www.wems.co.uk Affected version: Web: 21.3.1 Web: 20.0beta Web: 19.5 Web: 18.4 Firmware: 1.26.6 OS: 5.3 Firmware: 1.23.7 OS: 5.0 Firmware: 1.21.4 OS: 4.1a-usb Firmware: 1.18.0.3 OS: i686-1.1 Platform:...

0.2AI score
Exploits0
OSV
OSVadded 2019/12/26 5:15 p.m.2 views

DEBIAN-CVE-2019-16781

In WordPress before 5.3.1, authenticated users with lower privileges like contributors can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS...

5.4CVSS6.8AI score0.01396EPSS
Exploits0References1
NVD
NVDadded 2019/12/16 8:15 p.m.14 views

CVE-2019-0134

Improper permissions in the IntelR Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege...

7.8CVSS7.7AI score0.00443EPSS
Exploits0References1
ThreatPost
ThreatPostadded 2019/10/23 2:5 p.m.107 views

Critical Firefox Bugs Allow Arbitrary Code-Execution

Critical vulnerabilities have been discovered in the Mozilla Firefox web browser and Firefox Extended Support Release ESR, and a high-severity bug has been reported for Google Chrome, all of which could allow for arbitrary code execution. The bugs were announced as part of larger updates to Chrom...

6.8CVSS10AI score0.06643EPSS
Exploits4References9
NVD
NVDadded 2019/10/16 7:15 p.m.19 views

CVE-2019-12636

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the...

8.8CVSS8.6AI score0.00645EPSS
Exploits0References1
Prion
Prionadded 2019/10/16 7:15 p.m.23 views

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the...

6.8CVSS9AI score0.00645EPSS
Exploits0References1Affected Software108
Cisco
Ciscoadded 2019/10/02 4:0 p.m.233 views

Cisco Adaptive Security Appliance Software Secure Copy Denial of Service Vulnerability

A vulnerability in the Secure Copy SCP feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit...

6.8CVSS5.9AI score0.01488EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2019/10/02 12:0 a.m.4 views

PT-2019-3616 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A vulnerability in the Secure Copy SCP feature could allow an authenticated, remote attacker to cause a denial of service DoS condition. The issue is...

6.8CVSS5.7AI score0.01488EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2019/09/25 8:16 p.m.10 views

CVE-2019-12662 Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...

6.7CVSS7.2AI score0.00304EPSS
Exploits0References1
Cvelist
Cvelistadded 2019/09/25 8:16 p.m.26 views

CVE-2019-12662 Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...

6.7CVSS6.7AI score0.00304EPSS
Exploits0References1
Cisco
Ciscoadded 2019/09/25 4:0 p.m.105 views

Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...

6.7CVSS2.3AI score0.00304EPSS
Exploits0References1
Cvelist
Cvelistadded 2019/08/08 7:25 a.m.18 views

CVE-2019-1952 Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CL...

6.7CVSS6.5AI score0.00716EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2019/08/08 7:25 a.m.13 views

CVE-2019-1952 Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CL...

6.7CVSS6.7AI score0.00716EPSS
Exploits0References1
Cisco
Ciscoadded 2019/08/07 4:0 p.m.61 views

Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CL...

6.7CVSS2.2AI score0.00716EPSS
Exploits0References1
OSV
OSVadded 2019/08/07 6:15 a.m.4 views

CVE-2019-1914

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

7.2CVSS7.3AI score0.24852EPSS
Exploits2References2
Prion
Prionadded 2019/08/07 6:15 a.m.23 views

Command injection

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

9CVSS7.4AI score0.24852EPSS
Exploits2References2Affected Software11
Vulnrichment
Vulnrichmentadded 2019/08/07 5:50 a.m.12 views

CVE-2019-1914 Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

7.2CVSS7.9AI score0.24852EPSS
Exploits2References2
Rows per page
Query Builder