31 matches found
EUVD-2025-20795
Malicious code in bioql PyPI...
EUVD-2025-20792
Malicious code in bioql PyPI...
EUVD-2025-20793
Malicious code in bioql PyPI...
CVE-2025-27028
The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 can read the entire file system content, including files belonging to other users and having restricted access like, for example, the root password hash...
CVE-2025-3498
An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...
CVE-2025-3497
The Linux distribution underlying the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 is obsolete and reached end of life EOL on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product...
CVE-2025-3497
The Linux distribution underlying the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 is obsolete and reached end of life EOL on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product...
CVE-2025-27028
The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 can read the entire file system content, including files belonging to other users and having restricted access like, for example, the root password hash...
CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector
The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...
CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector
The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...
CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration
An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...
CVE-2025-3498
CVE-2025-3498 affects Radiflow iSAP Smart Collector (CentOS 7 – VSAP 1.20). Two web servers expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). An unauthenticated user with management-network access can retrieve and modify all system settings, modify configuratio...
CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration
An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...
CVE-2025-3497
Technical details about CVE-2025-3497 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2025-3497 Radiflow iSAP Smart Collector Linux distribution unmaintained
The Linux distribution underlying the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 is obsolete and reached end of life EOL on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product...
CVE-2025-3497 Radiflow iSAP Smart Collector Linux distribution unmaintained
The Linux distribution underlying the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 is obsolete and reached end of life EOL on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product...
CVE-2025-27028 Read access of deprivileged Radiflow iSAP Smart Collector user
The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 can read the entire file system content, including files belonging to other users and having restricted access like, for example, the root password hash...
CVE-2025-27028 Read access of deprivileged Radiflow iSAP Smart Collector user
The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 can read the entire file system content, including files belonging to other users and having restricted access like, for example, the root password hash...
CVE-2025-27028
The CVE-2025-27028 entry concerns Radiflow iSAP Smart Collector (CentOS 7, VSAP 1.20). A deprivileged Linux user vpuser can read the entire filesystem, exposing restricted files (e.g., root password hash). Affected component is the file system access for vpuser; root cause details are not provide...
CVE-2025-27027 Restricted shell evasion in Radiflow iSAP Smart Collector
A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restrictions...