122 matches found
CVE-2025-23169
The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to inject and store cross-site scripting XSS...
CVE-2025-23170
The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to execu...
CVE-2024-39717
The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. Tenant level users do not have this privilege. The “Change Favicon” Favorite Icon...
EUVD-2019-11479
Malware in sbrugna...
EUVD-2018-8309
Malware in sbrugna...
EUVD-2018-8307
Malware in sbrugna...
EUVD-2021-25647
Malware in sbrugna...
EUVD-2025-18672
Malicious code in bioql PyPI...
EUVD-2025-18673
Malicious code in bioql PyPI...
EUVD-2024-54691
Malicious code in bioql PyPI...
EUVD-2025-18666
Malicious code in bioql PyPI...
EUVD-2024-38202
Malicious code in bioql PyPI...
CVE-2025-24291
The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an attacker can bypass MIME type validation,...
CVE-2025-23171
The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filenam...
CVE-2025-23172
The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged ...
CVE-2025-24288
The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts most with sudo access that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the internet, alongside...
CVE-2024-45208
The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability HA information using a shared password. Affected versions of Versa Director bound to these ports o...
CVE-2025-24291
The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an attacker can bypass MIME type validation,...
CVE-2025-24288
The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts most with sudo access that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the internet, alongside...
CVE-2025-23169
The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to inject and store cross-site scripting XSS...