78 matches found
CVE-2020-10557
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions...
CVE-2025-20304
Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...
CVE-2025-20304
CVE-2025-20304: Cisco ISE and ISE-PIC web-based management interfaces contain input-validation flaws that enable a reflected XSS attack by an authenticated, low-privilege user. The issue stems from insufficient validation of user-supplied input on page rendering, allowing injection of malicious s...
CVE-2025-20289
Cisco ISE and Cisco ISE-PIC's web-based management interface authenticate to users and are affected by multiple vulnerabilities allowing reflected XSS due to insufficient input validation. An authenticated, low-privilege attacker can exploit specific pages to run arbitrary script code in the user...
PT-2025-45126
Name of the Vulnerable Software and Affected Versions Cisco ISE and Cisco ISE-PIC affected versions not specified Description The web-based management interface of Cisco ISE and Cisco ISE-PIC contains flaws that may allow an authenticated, remote attacker to conduct a reflected Cross-Site Scripti...
EUVD-2020-24657
Malware in sbrugna...
EUVD-2019-16129
Malware in sbrugna...
EUVD-2021-22149
Malware in sbrugna...
EUVD-2017-18850
Malware in sbrugna...
EUVD-2020-3009
Malware in sbrugna...
EUVD-2025-4988
Malicious code in bioql PyPI...
EUVD-2024-38579
Malicious code in bioql PyPI...
CVE-2025-20331
A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based managemen...
CVE-2025-20331 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabiliy
A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based managemen...
CVE-2025-53374
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The...
CVE-2025-20167
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...
CVE-2025-20168
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...
CVE-2024-20443
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affect...
CVE-2024-20514
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This...
CVE-2019-10940
A vulnerability has been identified in SINEMA Server All versions V14.0 SP2 Update 1. Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability...