CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

ATTACKERKB•added 2026/05/06 4:15 p.m.•2 views

CVE-2026-20172

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This...

4.3CVSS6AI score0.00022EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/04 5:51 p.m.•1 views

CVE-2026-20069 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Client-Side Request Smuggling Vulnerability

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This...

4.3CVSS5.8AI score0.00012EPSS

Exploits0References1

Cisco•added 2026/03/04 4:0 p.m.•6 views

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Client-Side Request Smuggling Vulnerability

4.3CVSS5.8AI score0.00012EPSS

Exploits0References1

Positive Technologies•added 2026/03/04 12:0 a.m.•2 views

PT-2026-23027

4.3CVSS5.8AI score0.00012EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-25963

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.01717EPSS

Exploits0References1

The Hacker News•added 2025/09/15 11:55 a.m.•9 views

6 Browser-Based Attacks Security Teams Need to Prepare For Right Now

Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we'll explore what a "browser-based attack" is, and why they're proving to be so effective. What is a browser-based attack? First, it's important to establish what a browser-based...

7.2AI score

Exploits0

RedhatCVE•added 2025/05/22 10:6 p.m.•7 views

CVE-2022-20713

A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is du...

6.1CVSS6.4AI score0.01717EPSS

Exploits0References1

Malwarebytes•added 2023/12/15 6:56 p.m.•14 views

PikaBot distributed via malicious search ads

During this past year, we have seen an increase in the use of malicious ads malvertising and specifically those via search engines, to drop malware targeting businesses. In fact, browser-based attacks overall have been a lot more common if we include social engineering campaigns. Criminals have...

7.7AI score

Exploits0

NVD•added 2023/09/27 6:15 p.m.•14 views

CVE-2023-20179

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could...

5.4CVSS4.8AI score0.00081EPSS

Exploits0References1

Prion•added 2023/09/27 6:15 p.m.•12 views

Input validation

4.9CVSS5.3AI score0.00081EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/09/27 5:24 p.m.•14 views

CVE-2023-20179

4.3CVSS5.6AI score0.00081EPSS

Exploits0References1

The Hacker News•added 2023/03/01 2:2 p.m.•39 views

Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

Six different law firms were targeted in January and February 2023 as part of two disparate threat campaigns distributing GootLoader and FakeUpdates aka SocGholish malware strains. GootLoader, active since late 2020, is a first-stage downloader that's capable of delivering a wide range of seconda...

0.5AI score

Exploits0

Hacker One•added 2023/02/22 12:11 p.m.•35 views

U.S. Dept Of Defense: Reflected XSS in ██████████

A reflected XSS vulnerability was found on one of the subdomains of a website. The vulnerability was present in the "militarybranch" parameter of the "NextRequestAccount.action" page. An attacker could exploit this vulnerability to execute XSS attacks and steal user's cookies, launch phishing...

6.2AI score

Exploits0

Hacker One•added 2023/02/14 12:27 p.m.•34 views

U.S. Dept Of Defense: Reflected XSS in ██████

A reflected XSS vulnerability was found on one of the subdomains of a system. The vulnerability was located in the emailbody parameter of the PreviewLetterhead.aspx page. An attacker could exploit this vulnerability to execute malicious scripts and steal user's cookies, launch phishing attacks, a...

6.1AI score

Exploits0

Tenable Nessus•added 2022/08/12 12:0 a.m.•40 views

Cisco Adaptive Security Appliance Software Clientless SSL VPN Client-Side Request Smuggling (cisco-sa-asa-webvpn-LOeKsNmO)

A vulnerability in the Clientless SSL VPN WebVPN component of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct browser-based attacks. This vulnerability is due to improper validation of input that is passed to the Clientless SSL VPN...

6.1CVSS6.5AI score0.01717EPSS

Exploits0References3

ATTACKERKB•added 2022/08/10 11:0 p.m.•1 views

CVE-2022-20713

6.1CVSS6.4AI score0.01717EPSS

Exploits0References3Affected Software2

NVD•added 2022/08/10 5:15 p.m.•22 views

CVE-2022-20713

6.1CVSS0.01717EPSS

Exploits0References1

Prion•added 2022/08/10 5:15 p.m.•21 views

Cross site scripting