CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The U.S. Cybersecurity and Infrastructure Security Agency CISA added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-2775 CVSS score: 9...

9.8CVSS8.7AI score0.79133EPSS

Exploits4

CISA•added 2025/07/22 12:0 p.m.•14 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-54309link is external CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558link is external Google Chromium ANGLE and GPU Improper Input...

9.8CVSS7.3AI score0.92034EPSS

In wildExploits10References9

CISA KEV Catalog•added 2025/07/22 12:0 a.m.•8 views

SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...

9.3CVSS9.5AI score0.55177EPSS

In wildExploits1

CISA KEV Catalog•added 2025/07/22 12:0 a.m.•19 views

SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

9.8CVSS9.5AI score0.72971EPSS

In wildExploits2

BDU FSTEC•added 2025/06/09 12:0 a.m.•1 views

The vulnerability in the GetMdmMessage class of SysAid software allows attackers to perform XXE attacks.

The vulnerability in the GetMdmMessage class of SysAid support and control software relates to incorrect restrictions on XML links to external objects during the processing of the /mdm/checkin endpoint. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

9.3CVSS8.1AI score0.55177EPSS

Exploits1References3Affected Software1

BDU FSTEC•added 2025/06/09 12:0 a.m.•3 views

The vulnerability in the GetMdmMessage class of SysAid software allows attackers to perform XXE attacks.

The vulnerability in the GetMdmMessage class of the SysAid software for supporting and controlling hardware and software systems is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

9.3CVSS8AI score0.72971EPSS

Exploits2References3Affected Software1

BDU FSTEC•added 2025/06/09 12:0 a.m.•2 views

The vulnerability of the `com.ilient.agentApi.LshwAgent#doPost` method in the SysAid hardware and software support and control automation software allows attackers to perform XXE attacks.

The vulnerability of the com.ilient.agentApi.LshwAgentdoPost method in SysAid’s automation software for supporting and controlling hardware and software systems is related to incorrect restrictions on XML links to external objects during the processing of the /lshw endpoint. Exploiting this...

9.3CVSS8.1AI score0.79133EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2025/05/23 4:6 a.m.•5 views

CVE-2023-47247

In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102...

4.3CVSS6.8AI score0.00331EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:2 a.m.•13 views

CVE-2023-33706

SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...

6.5CVSS6.8AI score0.00582EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by