Lucene search
K

1688 matches found

Cvelist
Cvelist
added 2026/01/15 4:32 p.m.23 views

CVE-2026-20076 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

4.8CVSS0.00238EPSS
Exploits0References1
Cisco
Cisco
added 2026/01/15 4:0 p.m.11 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...

4.8CVSS6.2AI score0.00238EPSS
Exploits0References1
Cisco
Cisco
added 2026/01/15 4:0 p.m.11 views

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

4.8CVSS6.1AI score0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.8 views

PT-2026-3069

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC affected versions not specified Description A flaw exists in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive...

4.8CVSS6.1AI score0.00238EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

Cisco Identity Services Engine and Cisco ISE Passive Identity Connector security vulnerabilities

Cisco Identity Services Engine Cisco ISE and Cisco ISE Passive Identity Connector are both products of the American company Cisco. Cisco Identity Services Engine is an Identity Services Engine ISE platform. This platform collects real-time information from networks, users, and devices, and develo...

4.8CVSS5.7AI score0.00238EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.5 views

Cisco Identity Services Engine (cisco-sa-ise-xss-9TDh2kx)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the...

4.8CVSS6AI score0.00238EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Cisco Identity Services Engine (cisco-sa-ise-xss-964cdxW5)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross- site...

4.8CVSS6.1AI score0.00238EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/01/14 12:0 a.m.7 views

The vulnerability of the Cisco Identity Services Engine (ISE) policy management platform and the Cisco ISE Passive Identity Connector (ISE-PIC) virtual authentication data collection device lies in the improper limitation on XML links to external objects. This allows attackers to load arbitrary files.

The vulnerability of the Cisco Identity Services Engine ISE policy management platform and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability coul...

6.8CVSS6.3AI score0.05638EPSS
Exploits0References5Affected Software2
RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.6 views

CVE-2026-20029

A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...

4.9CVSS6.8AI score0.05638EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/01/09 12:0 a.m.5 views

Cisco Identity Services Engine getSpecificPLRfromAuthCode XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the getSpecificPLRfromAuthCode method. Due to t...

4.9CVSS6.5AI score0.05638EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/01/09 12:0 a.m.5 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC), a virtual device for collecting user authentication data, allows attackers to carry out XSS attacks.

The vulnerability of the Cisco Identity Services Engine ISE web interface and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to the lack of security measures for the web page structure. Exploiting this vulnerability allows a malicious act...

5.5CVSS5.9AI score0.00193EPSS
Exploits0References3Affected Software2
The Hacker News
The Hacker News
added 2026/01/08 10:44 a.m.10 views

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine ISE and ISE Passive Identity Connector ISE-PIC with a public proof-of-concept PoC exploit. The vulnerability, tracked as CVE-2026-20029 CVSS score: 4.9, resides in the licensing feature and could all...

5.8CVSS6.7AI score0.05638EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/07 4:23 p.m.7 views

CVE-2026-20029 Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability

A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...

4.9CVSS6.5AI score0.05638EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 4:23 p.m.28 views

CVE-2026-20029 Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability

A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...

4.9CVSS0.05638EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 4:23 p.m.38 views

CVE-2026-20029

Cisco ISE and ISE-PIC are affected by an XML External Entity (XXE) processing vulnerability in the licensing feature. An authenticated attacker with administrative privileges can upload a malicious file via the web-based management interface and read arbitrary files from the underlying OS (potent...

4.9CVSS6.5AI score0.05638EPSS
In wildExploits0References1
Cisco
Cisco
added 2026/01/07 4:0 p.m.12 views

Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability

A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...

4.9CVSS6.9AI score0.05638EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.8 views

PT-2026-2048

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine versions prior to 3.2 Patch 8 Cisco ISE Passive Identity Connector versions prior to 3.2 Patch 8 Cisco Identity Services Engine versions prior to 3.3 Patch 8 Cisco ISE Passive Identity Connector versions prior to...

6.8CVSS6.2AI score0.05638EPSS
Exploits0References40
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

Cisco Identity Services Engine(Cisco ISE)和Cisco ISE Passive Identity Connector 代码问题漏洞

The Cisco Identity Services Engine Cisco ISE and Cisco ISE Passive Identity Connector are both products of Cisco, Inc.The Cisco Identity Services Engine is an environment-aware platform ISE Cisco Identity Services Engine is an environment-aware platform ISE. The platform oversees the network by...

4.9CVSS7AI score0.05638EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.5 views

Cisco Identity Services Engine (cisco-sa-ise-xxe-jWSbSDKt)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the licensing features ofCisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain...

4.9CVSS6.2AI score0.05638EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/12/19 12:0 a.m.163 views

📄 Cisco ISE API 3.2 Command Injection

Proof of concept exploit for a command injection vulnerability in Cisco ISE API version 3.2. ============================================================================================================================================= | Title : Cisco ISE API 3.2 command injection Exploits | |...

10CVSS7.9AI score0.96732EPSS
Exploits10
Rows per page
Query Builder