16793 matches found
CVE-2026-5363
Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...
CVE-2026-39857
CVE-2026-39857 – ApostropheCMS (Node.js) : Versions 4.28.0 and earlier contain an authorization bypass in the REST API (choices and counts query parameters) where MongoDB distinct() is used in a way that ignores publicApiProjection restrictions. This allows an unauthenticated attacker to retrieve...
EUVD-2026-22951
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...
EUVD-2026-22953
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...
EUVD-2026-22955
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...
EUVD-2026-22958
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...
CVE-2026-20060
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...
CVE-2026-20061
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...
CVE-2026-20059
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...
CVE-2026-20132
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...
CVE-2026-20059
Cisco Unity Connection’s web-based management interface is affected by a reflected XSS vulnerability (CVE-2026-20059). An unauthenticated, remote attacker can lure a user to click a crafted link, exploiting insufficient input validation to execute arbitrary script in the user’s browser or access ...
CVE-2026-20059
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...
CVE-2026-20060
CVE-2026-20060 affects Cisco Unity Connection’s web-based management interface. It is a open-redirect vulnerability caused by improper input validation of HTTP request parameters, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malici...
CVE-2026-20061
Cisco Unity Connection exposes a SQL injection vulnerability in its web-based management interface. The issue arises from insufficient validation of user-supplied input, allowing an authenticated, remote attacker with valid credentials to submit crafted HTTP(S) requests to view data on the device...
CVE-2026-20060 Cisco Unity Connection Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...
CVE-2026-20061 Cisco Unity Connection SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...
CVE-2026-20060 Cisco Unity Connection Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...
CVE-2026-20060
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...
CVE-2026-20061
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...
CVE-2026-20081 Cisco Unity Connection Arbitrary File Download Vulnerability
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...