64 matches found
EUVD-2026-9424
A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...
EUVD-2024-18102
Malicious code in bioql PyPI...
CVE-2024-20387
A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An...
CVE-2021-34751 Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerability
A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This...
Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack
Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance ASA that could lead to a denial-of-service DoS condition. The vulnerability, tracked as CVE-2024-20481 CVSS score: 5.8, affects the Remote Access VPN RAVPN service of...
CVE-2024-20482
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must...
CVE-2024-20472
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...
CVE-2024-20471
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...
CVE-2024-20387
A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An...
CVE-2024-20471
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...
CVE-2024-20424
CVE-2024-20424 affects Cisco Secure Firewall Management Center (FMC) Web UI. The flaw is insufficient input validation of HTTP requests in the FMC web-based management interface, enabling an authenticated remote attacker (with at least Security Analyst read-only credentials) to execute arbitrary ...
CVE-2024-20387
A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An...
CVE-2024-20387
A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An...
CVE-2024-20387
CVE-2024-20387 affects Cisco FMC Software (Web-based management interface). The issue is due to improper input sanitization, enabling an authenticated, remote attacker to store malicious content for stored XSS by persuading a user to click a malicious link. Impact is stored XSS on the affected de...
CVE-2024-20386
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to...
CVE-2024-20379
Cisco Secure Firewall Management Center (FMC) Software contains a vulnerability in its web-based management interface that could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. The issue arises from improper validation of user-supplied input; ...
CVE-2024-20374
Cisco Secure Firewall Management Center (FMC) Command Injection (CVE-2024-20374) affects FMC web-based management interface. The root cause is insufficient input validation of certain HTTP request parameters, enabling an authenticated administrator to execute arbitrary commands on the underlying ...
CVE-2024-20372
Cisco Firepower Management Center (FMC) faces CVE-2024-20372: an unauthenticated, remote attacker can exploit a stored XSS via the web-based management interface due to insufficient input validation. Affected component is the FMC web UI; exploit could run arbitrary script in the interface context...
CVE-2024-20364
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficien...
CVE-2024-20364
CVE-2024-20364 affects Cisco Firepower Management Center (FMC) Software. The issue is a stored cross-site scripting (XSS) vulnerability in the web-based management interface caused by insufficient validation of user-supplied input, allowing an authenticated, remote attacker to inject crafted inpu...