Lucene search
K

138 matches found

Tenable Nessus
Tenable Nessus
added 2025/07/18 12:0 a.m.7 views

Cisco Evolved Programmable Network Manager SQLi (cisco-sa-piepnm-bsi-25JJqsbb)

The version of Cisco Evolved Programmable Network Manager installed on the remote host is affected by a vulnerability. A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, low-privileged, remote...

4.3CVSS5.9AI score0.00292EPSS
Exploits0References4
NVD
NVD
added 2025/07/16 5:15 p.m.27 views

CVE-2025-20272

A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is due to insufficient validation of user-supplied...

4.3CVSS0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 4:16 p.m.35 views

CVE-2025-20272 Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Blind SQL Injection Vulnerability

A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is due to insufficient validation of user-supplied...

4.3CVSS0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/11 9:16 a.m.11 views

CVE-2025-3498

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...

9.9CVSS7.7AI score0.00281EPSS
Exploits0References1
NVD
NVD
added 2025/07/09 9:15 a.m.20 views

CVE-2025-3498

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...

9.9CVSS0.00281EPSS
Exploits0References1
NVD
NVD
added 2025/07/09 9:15 a.m.7 views

CVE-2025-3499

The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...

10CVSS0.01028EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/09 8:57 a.m.5 views

CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector

The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...

10CVSS7.3AI score0.01028EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/09 8:57 a.m.12 views

CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector

The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...

10CVSS0.01028EPSS
Exploits0References1
CVE
CVE
added 2025/07/09 8:57 a.m.30 views

CVE-2025-3499

The CVE-2025-3499 issue affects Radiflow iSAP Smart Collector, where two management-network web servers expose unauthenticated REST APIs on ports 8084 and 8086. The underlying root cause is OS command injection via these APIs, allowing an attacker to submit arbitrary commands that execute with ad...

10CVSS7.3AI score0.01028EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/09 8:53 a.m.5 views

CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...

9.9CVSS7.6AI score0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/09 8:53 a.m.23 views

CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...

9.9CVSS0.00281EPSS
Exploits0References1
CVE
CVE
added 2025/07/09 8:53 a.m.26 views

CVE-2025-3498

CVE-2025-3498 affects Radiflow iSAP Smart Collector (CentOS 7 – VSAP 1.20). Two web servers expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). An unauthenticated user with management-network access can retrieve and modify all system settings, modify configuratio...

9.9CVSS7.1AI score0.00281EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.8 views

PT-2025-28864 · Radiflow · Radiflow Isap Smart Collector

Name of the Vulnerable Software and Affected Versions: Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 Description: An unauthenticated user with management network access can access and modify the configuration of the Radiflow iSAP Smart Collector. The device has two web servers that expose...

9.9CVSS6.4AI score0.00281EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/06/03 12:0 a.m.32 views

Cisco Meraki Data Collection

Collects Cisco Meraki Device data from the Cisco Meraki Dashboard host using the REST APIs. TRUSTED...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:18 a.m.11 views

CVE-2023-41904

Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...

5.4CVSS7AI score0.01988EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.7 views

CVE-2022-28981

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7.5CVSS7AI score0.01074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 a.m.12 views

CVE-2018-7272

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file...

6.5CVSS6.3AI score0.00878EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:24 p.m.7 views

CVE-2024-12882

comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...

7.5CVSS7AI score0.00703EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/21 4:20 p.m.7 views

CVE-2025-26485

A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts in case of the usage of a wrong password or a non existent user. The difference in the returned error messages could be used by attackers to understand whether a certain user is...

5.8CVSS6.8AI score0.00295EPSS
Exploits0References1
CVE
CVE
added 2025/03/20 10:10 a.m.96 views

CVE-2024-12882

CVE-2024-12882 affects comfyanonymous/comfyui v0.2.4. The vulnerability is a non-blind SSRF exploitable by combining REST APIs POST /internal/models/download and GET /view, allowing an attacker to abuse the victim server’s credentials to access unauthorized external resources. Multiple connected ...

7.5CVSS6.9AI score0.00703EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder