7574 matches found
CVE-2026-20078
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...
Cisco Unity Connection å®å Øę¼ę“
Cisco Unity Connection is a voice messaging platform developed by Cisco, a company based in the United States. This platform allows users to make calls or listen to voic messages using voice commands. There is a security vulnerability in Cisco Unity Connection, which stems from improper user inpu...
PT-2026-33081
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...
CVEs
CVE-2025-63743: Authe...
EUVD-2026-20568
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...
CVE-2026-34248 Zammad has an information disclosure in ticket detail view of customers in shared organizations
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...
EUVD-2026-20556
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...
CVE-2026-20088 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could...
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date iOS software,...
CVE-2026-4013
A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file addadmin.php. Such manipulation leads to improper authorization. The attack may be launched remotely...
EUVD-2026-15445
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because...
CVE-2026-20114
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because...
PT-2026-27797
Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the Lobby Ambassador web-based management API of Cisco IOS XE Software that could allow an authenticated, remote attacker to gain elevated privileges and access...
EUVD-2026-13857
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-31926
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
CVE-2026-31926
Charging station authentication identifiers are publicly accessible via web-based mapping platforms...
IBM Aspera Console Information Disclosure Vulnerability (CNVD-2026-17491)
IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. An information disclosure vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to enumera...
IBM Aspera Console Denial of Service Vulnerability (CNVD-2026-19449)
IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...
IBM Aspera Console Denial of Service Vulnerability
IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...
Exploit for Race Condition in Canonical Ubuntu_Linux
Dillu-Analyzer š”ļø Dillu Analyzer ā A web-based universal malwa...