CVE-2025-20296

A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

CVE-2025-20295

CVE-2025-20295 affects Cisco UCS Manager Software (CLI) where an authenticated local attacker with administrative privileges can read, create, or overwrite files on the device’s underlying OS due to insufficient input validation of command arguments. The root cause is input validation failure in ...

CVE-2025-20296

CVE-2025-20296 describes a stored cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco UCS Manager Software. The issue arises from insufficient validation of user-supplied input on the management interface, allowing an authenticated, remote attacker (in the Admi...

Cisco UCS Manager Software 操作系统命令注入漏洞

Cisco UCS Manager Software is a device management software from Cisco. Cisco UCS Manager Software suffers from an operating system command injection vulnerability that stems from insufficient validation of command parameter inputs, which could lead to file system manipulation...

0xCC'd

We spend a lot of time preparing for Blackhat, and as part of putting together content for the show, one of our best, Lurene Grenier, submitted an unexpected piece of content: a poem. Now this poem isn't our regular security research or a shiny piece of corporate correspondence which we would nev...