Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.6 views

CVE-2026-20029

A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...

4.9CVSS6.8AI score0.05638EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:20 a.m.11 views

CVE-2024-33668

An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to...

9.1CVSS6.9AI score0.00443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:19 p.m.5 views

CVE-2021-32661

Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...

7.3CVSS6.7AI score0.01209EPSS
Exploits0References1
OSV
OSV
added 2021/06/04 7:9 p.m.11 views

GHSA-PWHF-39XG-4RXW Script injection

Impact A malicious internal actor is able to upload documentation content with malicious scripts. These scripts would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the content sanitazion will be bypassed. If the TechDocs API is...

6.8CVSS8AI score0.01269EPSS
Exploits0References4
Prion
Prion
added 2021/06/03 6:15 p.m.18 views

Design/Logic Flaw

Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...

4.9CVSS7.1AI score0.01209EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/06/07 12:0 a.m.6 views

PT-2019-16878 · Ibm · Ibm Intelligent Operations Center

Name of the Vulnerable Software and Affected Versions: IBM Intelligent Operations Center IOC versions 5.1.0 through 5.2.0 Description: The issue arises from improper file type validation, allowing an attacker to upload malicious content. Recommendations: For versions 5.1.0 through 5.2.0, update t...

8.8CVSS7.8AI score0.0143EPSS
Exploits0References3
CNVD
CNVD
added 2019/06/04 12:0 a.m.2 views

IBM Intelligent Operations Center and IBM Water Operations for Waternamics File Upload Vulnerability

IBM Intelligent Operations Center IOC and IBM Water Operations for Waternamics are both products of IBM Corporation, U.S.A. IBM Intelligent Operations Center is a suite of city operations solutions. IBM Intelligent Operations Center is a suite of city operations solutions with features such as da...

8.8CVSS6.9AI score0.0143EPSS
Exploits0References1
Rows per page
Query Builder