138 matches found
Cisco Evolved Programmable Network Manager SQLi (cisco-sa-piepnm-bsi-25JJqsbb)
The version of Cisco Evolved Programmable Network Manager installed on the remote host is affected by a vulnerability. A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, low-privileged, remote...
CVE-2025-20272
A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is due to insufficient validation of user-supplied...
CVE-2025-20272 Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Blind SQL Injection Vulnerability
A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is due to insufficient validation of user-supplied...
CVE-2025-3498
An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...
CVE-2025-3498
An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...
CVE-2025-3499
The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...
CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector
The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...
CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector
The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...
CVE-2025-3499
The CVE-2025-3499 issue affects Radiflow iSAP Smart Collector, where two management-network web servers expose unauthenticated REST APIs on ports 8084 and 8086. The underlying root cause is OS command injection via these APIs, allowing an attacker to submit arbitrary commands that execute with ad...
CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration
An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...
CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration
An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...
CVE-2025-3498
CVE-2025-3498 affects Radiflow iSAP Smart Collector (CentOS 7 – VSAP 1.20). Two web servers expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). An unauthenticated user with management-network access can retrieve and modify all system settings, modify configuratio...
PT-2025-28864 · Radiflow · Radiflow Isap Smart Collector
Name of the Vulnerable Software and Affected Versions: Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 Description: An unauthenticated user with management network access can access and modify the configuration of the Radiflow iSAP Smart Collector. The device has two web servers that expose...
Cisco Meraki Data Collection
Collects Cisco Meraki Device data from the Cisco Meraki Dashboard host using the REST APIs. TRUSTED...
CVE-2023-41904
Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...
CVE-2018-7272
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file...
CVE-2024-12882
comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited by combining the REST APIs POST /internal/models/download and GET /view, allowing attackers to abuse the victim server's credentials to access...
CVE-2025-26485
A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts in case of the usage of a wrong password or a non existent user. The difference in the returned error messages could be used by attackers to understand whether a certain user is...
CVE-2024-12882
CVE-2024-12882 affects comfyanonymous/comfyui v0.2.4. The vulnerability is a non-blind SSRF exploitable by combining REST APIs POST /internal/models/download and GET /view, allowing an attacker to abuse the victim server’s credentials to access unauthorized external resources. Multiple connected ...