481 matches found
CVE-2025-20289
Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...
CVE-2025-3125
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially...
PT-2025-45125
Name of the Vulnerable Software and Affected Versions Cisco ISE and Cisco ISE-PIC affected versions not specified Description The web-based management interface of Cisco ISE and Cisco ISE-PIC contains weaknesses that could allow an authenticated, remote attacker to perform a reflected Cross-Site...
CVE-2021-47698
Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting XSS via the Core UI’s Views URL handling escapestring. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a...
CVE-2023-7313
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting XSS via the Bulk Modifications tool. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2023-7315 Nagios XI < 5.11.3 XSS via Graph Explorer
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting XSS via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2025-60938
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled parameters including filename, port, baudrate,...
PT-2025-43628
Name of the Vulnerable Software and Affected Versions Emoncms version 11.7.3 Description Emoncms version 11.7.3 contains a remote code execution issue in the firmware upload functionality. Authenticated users can execute arbitrary commands on the system. This is due to inadequate validation of...
EUVD-2025-33963
HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc...
CVE-2025-31995
The CVE-2025-31995 entry concerns HCL Unica MaxAI Workbench, with the root cause identified as improper input validation. Multiple connected sources (Red Hat, EU ENISA, NVD, CVE lists, and security vendors) confirm that this vulnerability could enable SQL injection, cross-site scripting (XSS), or...
CVE-2025-36354
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input...
EUVD-2019-14244
Malware in sbrugna...
EUVD-2024-39277
Malicious code in bioql PyPI...
EUVD-2022-31088
Malicious code in bioql PyPI...
EUVD-2024-41404
Malicious code in bioql PyPI...
EUVD-2025-28897
Malicious code in bioql PyPI...
ROS-20251002-01
A vulnerability in the Privoxy proxy server with advanced web content filtering functions is related to insufficient validation of user data in the "processencryptedrequestheaders" function. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A...
CVE-2025-36245 IBM InfoSphere Information Server command execution
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...
CVE-2025-20363
A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance ASA Software, Cisco Secure Firewall Threat Defense FTD Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker Cisco ASA and FTD Software...
EUVD-2025-27608
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation...