Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

64 matches found

Nuclei
Nucleiadded yesterday7 views

BMC FootPrints 'searchWeb' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/import/searchWeb endpoint. The 'url' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling acces...

8.8CVSS6.1AI score0.29573EPSS
Exploits2References2
Nuclei
Nucleiadded yesterday4 views

BMC FootPrints - Authentication Bypass

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability in the password reset functionality. Unauthenticated attackers can access the /footprints/servicedesk/passwordreset/request/ endpoint to obtain a valid SECTOKEN session cookie without proper...

9.1CVSS5.9AI score0.29573EPSS
Exploits4References2
Nuclei
Nucleiadded yesterday12 views

BMC FootPrints 'feedUrl' - Server-Side Request Forgery

BMC FootPrints versions 20.20.02 through 20.24.01.001 contain a Server-Side Request Forgery SSRF vulnerability in the /footprints/servicedesk/externalfeed/RSS endpoint. The 'feedUrl' parameter allows unauthenticated attackers to force the server to make HTTP requests to arbitrary URLs, enabling...

8.8CVSS6.1AI score0.29573EPSS
Exploits2References3
RedhatCVE
RedhatCVEadded 2026/03/26 3:13 p.m.1 views

CVE-2025-71257

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality a...

7.3CVSS6.1AI score0.12542EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:4 p.m.2 views

CVE-2025-71260

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS7AI score0.29573EPSS
Exploits1References1
EUVD
EUVDadded 2026/03/19 3:31 p.m.1 views

EUVD-2025-208877

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS6.7AI score0.29573EPSS
Exploits1References4
EUVD
EUVDadded 2026/03/19 3:31 p.m.4 views

EUVD-2025-208871

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality a...

7.3CVSS5.9AI score0.12542EPSS
Exploits1References4
EUVD
EUVDadded 2026/03/19 3:31 p.m.1 views

EUVD-2025-208875

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

5.3CVSS5.9AI score0.02723EPSS
Exploits1References4
NVD
NVDadded 2026/03/19 2:16 p.m.2 views

CVE-2025-71259

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

7.1CVSS0.02723EPSS
Exploits1References3
NVD
NVDadded 2026/03/19 2:16 p.m.2 views

CVE-2025-71260

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS0.29573EPSS
Exploits1References3
NVD
NVDadded 2026/03/19 2:16 p.m.2 views

CVE-2025-71257

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality a...

9.1CVSS0.12542EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/19 1:45 p.m.1 views

CVE-2025-71260

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS6.7AI score0.29573EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/19 1:45 p.m.1 views

CVE-2025-71260 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 VIEWSTATE Deserialization RCE

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS6.9AI score0.29573EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/19 1:45 p.m.232 views

CVE-2025-71260 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 VIEWSTATE Deserialization RCE

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS0.29573EPSS
Exploits1References3
CVE
CVEadded 2026/03/19 1:45 p.m.6 views

CVE-2025-71260

CVE-2025-71260 affects BMC FootPrints ITSM 20.20.02–20.24.01.001. It describes a deserialization of untrusted data vulnerability in the ASP.NET VIEWSTATE handling that enables authenticated attackers to execute arbitrary code and fully compromise the application. The root cause is crafted seriali...

8.8CVSS6.7AI score0.29573EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/03/19 1:44 p.m.6 views

CVE-2025-71259

BMC FootPrints ITSM versions 20.20.02–20.24.01.001 expose a Server-Side Request Forgery (SSRF) in the /footprints/servicedesk/externalfeed/RSS endpoint via the feedUrl parameter. The flaw allows unauthenticated attackers to induce the server to make outbound requests to arbitrary URLs, potentiall...

7.1CVSS5.9AI score0.02723EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/19 1:44 p.m.1 views

CVE-2025-71259 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in externalfeed/RSS

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

5.3CVSS6.2AI score0.02723EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/19 1:44 p.m.15 views

CVE-2025-71259 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 Blind SSRF in externalfeed/RSS

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

5.3CVSS0.02723EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/19 1:44 p.m.0 views

CVE-2025-71259

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the externalfeed/RSS API component that allows authenticated attackers to trigger arbitrary outbound requests from the server. Attackers can exploit insufficient validation of...

5.3CVSS5.9AI score0.02723EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/19 1:44 p.m.0 views

CVE-2025-71258

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind server-side request forgery vulnerability in the searchWeb API component that allows authenticated attackers to cause the server to initiate arbitrary outbound requests. Attackers can exploit improper URL validation to...

5.3CVSS5.9AI score0.01886EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder