Lucene search
K

7 matches found

NVD
NVD
added 2026/06/17 5:16 p.m.10 views

CVE-2026-20220

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the...

6.3CVSS0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 4:17 p.m.10 views

EUVD-2026-37750

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the...

6.3CVSS6.1AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 4:17 p.m.23 views

CVE-2026-20220

Cisco CVE-2026-20220 affects the web-based management interface of Cisco Crosswork Network Controller. The root cause is insufficient input validation in the configuration template engine. An authenticated attacker with write permissions to a template user can send crafted requests to execute arb...

6.3CVSS6.2AI score0.00253EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50460

Name of the Vulnerable Software and Affected Versions Cisco Crosswork Network Controller affected versions not specified Description Insufficient input validation in the configuration template engine of the web-based management interface allows an authenticated remote attacker to execute arbitrar...

6.3CVSS6.4AI score0.00253EPSS
Exploits0References7
CVE
CVE
added 2025/10/31 4:41 p.m.52 views

CVE-2025-6075

CVE-2025-6075 affects Python’s os.path.expandvars() with user-controlled input, causing potential performance degradation during environment variable expansion. Connected advisories confirm this affects multiple Python versions and distributions, with patches available: Debian LTS DLA-4445-1 (pyt...

5.5CVSS6.5AI score0.00136EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2024/12/23 5:23 p.m.37 views

CVE-2024-56363 APTRS has SSTI vulnerability

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2...

7.8CVSS0.00334EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/26 12:0 a.m.5 views

ZZCMS 代码注入漏洞

ZZCMS is a content management system CMS by China Zzcms team. A security vulnerability exists in ZZCMS, which originates from a Remote Code Execution RCE vulnerability in templateuser.php in the 2018 version of ZZCMS. The vulnerability can be exploited to execute arbitrary PHP code via the "ml" a...

7.2CVSS7.7AI score0.0282EPSS
Exploits1References3
Rows per page
Query Builder