CVE-2026-22312

CVE-2026-22312 affects Radiflow iSAP Smart Collector. The device exposes a webserver REST API authenticated with a constant token, enabling an unauthenticated client to access system settings, modify configuration, and execute commands (e.g., system reboot). CVSS 3.1 indicates NETWORK attack vect...

EUVD-2025-20792

Malicious code in bioql PyPI...

EUVD-2025-20793

Malicious code in bioql PyPI...

EUVD-2025-20795

Malicious code in bioql PyPI...

CVE-2025-27028

The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 can read the entire file system content, including files belonging to other users and having restricted access like, for example, the root password hash...

CVE-2025-3498

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...

CVE-2025-3497

The Linux distribution underlying the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 is obsolete and reached end of life EOL on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product...

CVE-2025-3497

The Linux distribution underlying the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 is obsolete and reached end of life EOL on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product...

CVE-2025-27028

The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 can read the entire file system content, including files belonging to other users and having restricted access like, for example, the root password hash...

CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector

The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...

CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector

The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...

CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...

CVE-2025-3498

CVE-2025-3498 affects Radiflow iSAP Smart Collector (CentOS 7 – VSAP 1.20). Two web servers expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). An unauthenticated user with management-network access can retrieve and modify all system settings, modify configuratio...

CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...

CVE-2025-3497 Radiflow iSAP Smart Collector Linux distribution unmaintained

The Linux distribution underlying the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 is obsolete and reached end of life EOL on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product...

CVE-2025-3497 Radiflow iSAP Smart Collector Linux distribution unmaintained

The Linux distribution underlying the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 is obsolete and reached end of life EOL on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product...

CVE-2025-3497

Technical details about CVE-2025-3497 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

CVE-2025-27028 Read access of deprivileged Radiflow iSAP Smart Collector user

The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 can read the entire file system content, including files belonging to other users and having restricted access like, for example, the root password hash...

CVE-2025-27028

The CVE-2025-27028 entry concerns Radiflow iSAP Smart Collector (CentOS 7, VSAP 1.20). A deprivileged Linux user vpuser can read the entire filesystem, exposing restricted files (e.g., root password hash). Affected component is the file system access for vpuser; root cause details are not provide...

CVE-2025-27028 Read access of deprivileged Radiflow iSAP Smart Collector user

The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 can read the entire file system content, including files belonging to other users and having restricted access like, for example, the root password hash...