CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•2 views

Malicious code in javascript-msx-sdk (npm)

The package javascript-msx-sdk was found to contain malicious code...

7AI score

RedhatCVE•added 2025/05/22 8:48 a.m.•3 views

CVE-2019-6858

A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator Software Version prior to V1.0.8.1, which could cause privilege escalation when injecting a malicious DLL...

7.8CVSS7.1AI score0.00162EPSS

OSSF Malicious Packages•added 2023/09/22 12:35 p.m.•1 views

Malicious code in @csmsce/msx-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c0fc7c362db232e6c3dff94d78d7360704684a2c76d019283f6f1d3e86b3e6e8 The OpenSSF Package Analysis project identified '@csmsce/msx-types' @ 1.0.2 npm as malicious. It is considered malicious because: - The package...

6.9AI score

NVD•added 2021/02/04 5:15 p.m.•16 views

CVE-2021-1266

A vulnerability in the REST API of Cisco Managed Services Accelerator MSX could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could...

6.8CVSS0.00368EPSS

Prion•added 2021/02/04 5:15 p.m.•10 views

Design/Logic Flaw

6.8CVSS6.4AI score0.00368EPSS

CVE•added 2021/02/04 4:35 p.m.•47 views

CVE-2021-1266

CVE-2021-1266 affects Cisco Managed Services Accelerator (MSX). The REST API vulnerability arises from how the software logs certain API requests, which an authenticated, remote attacker can exploit by sending a flood of crafted API requests, potentially causing a DoS on the affected device. Conn...

6.8CVSS5.1AI score0.00368EPSS

NVD•added 2020/09/23 1:15 a.m.•15 views

CVE-2019-15974

A vulnerability in the web interface of Cisco Managed Services Accelerator MSX could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this...

6.1CVSS0.00249EPSS

Prion•added 2020/09/23 1:15 a.m.•16 views

Design/Logic Flaw

5.8CVSS6.2AI score0.00249EPSS

Vulnrichment•added 2020/09/23 12:27 a.m.•9 views

CVE-2019-15974 Cisco Managed Services Accelerator Open Redirect Vulnerability

4.7CVSS6.8AI score0.00249EPSS

CVE•added 2020/09/23 12:27 a.m.•101 views

CVE-2019-15974

Cisco MSX Open Redirect vulnerability (CVE-2019-15974) affects Cisco Managed Services Accelerator web interface. Improper input validation of HTTP request parameters enables an unauthenticated, remote attacker to induce user redirection to a malicious URL. Exploitation could be achieved by interc...

6.1CVSS5.1AI score0.00249EPSS

Cvelist•added 2020/09/23 12:27 a.m.•19 views

CVE-2019-15974 Cisco Managed Services Accelerator Open Redirect Vulnerability

4.7CVSS6.2AI score0.00249EPSS

OSV•added 2020/01/22 2:15 p.m.•1 views

CVE-2019-6858

A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator Software Version prior to V1.0.8.1, which could cause privilege escalation when injecting a malicious DLL...

7.8CVSS7.1AI score

Prion•added 2020/01/22 2:15 p.m.•6 views

Path traversal

A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator Software Version prior to V1.0.8.1, which could cause privilege escalation when injecting a malicious DLL...

4.4CVSS7.7AI score0.00162EPSS

Cvelist•added 2020/01/22 1:59 p.m.•14 views

CVE-2019-6858

A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator Software Version prior to V1.0.8.1, which could cause privilege escalation when injecting a malicious DLL...

7.7AI score0.00162EPSS

CVE•added 2020/01/22 1:59 p.m.•34 views

CVE-2019-6858

CVE-2019-6858 affects MSX Configurator (software) prior to version V1.0.8.1. The vulnerability is CWE-427: Uncontrolled Search Path Element, which could lead to privilege escalation by injecting a malicious DLL. The public description confirms a local impact with partial to high confidentiality/i...

7.8CVSS7.6AI score0.00162EPSS

CNVD•added 2019/05/21 12:0 a.m.•1 views

schneider MSX Configurator suffers from dll hijacking vulnerability

Schneider Electric SA is a global electrical company headquartered in France and a global specialist in energy efficiency management and automation. A dll hijacking vulnerability exists in schneider MSX Configurator. An attacker can exploit this vulnerability to load a malicious dll and execute...

7AI score