CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

Cvelist•added 2026/01/21 9:45 p.m.•15 views

CVE-2026-23517 Fleet has an Access Control vulnerability in debug/pprof endpoints

Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server...

8.7CVSS0.00131EPSS

Exploits0References2

CVE•added 2026/01/21 9:45 p.m.•16 views

CVE-2026-23517

Fleet (open source device management software) has a broken access control vulnerability in debug/pprof endpoints that allows any authenticated user, including the lowest-privilege Observer role, to access internal server diagnostics and trigger CPU-intensive profiling operations. This affects ve...

8.7CVSS5.5AI score0.00131EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/01/21 9:45 p.m.•3 views

CVE-2026-23517 Fleet has an Access Control vulnerability in debug/pprof endpoints

8.7CVSS5.5AI score0.00131EPSS

Exploits0References2

RedhatCVE•added 2025/11/14 4:55 p.m.•3 views

CVE-2025-20346

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control RBAC. An attacker...

4.3CVSS6.9AI score0.00048EPSS

Exploits0References1

RedhatCVE•added 2025/11/14 4:55 p.m.•2 views

CVE-2025-20349

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

8.8CVSS7.4AI score0.00211EPSS

Exploits0References1

EUVD•added 2025/11/13 6:31 p.m.•2 views

EUVD-2025-175336

6.3CVSS6.9AI score0.00211EPSS

Exploits0References2

EUVD•added 2025/11/13 6:31 p.m.•2 views

EUVD-2025-175338

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by...

8.8CVSS6.2AI score0.00257EPSS

Exploits0References2

NVD•added 2025/11/13 5:15 p.m.•1 views

CVE-2025-20349

8.8CVSS0.00211EPSS

Exploits0References1

OSV•added 2025/11/13 5:15 p.m.•1 views

CVE-2025-20349

8.8CVSS6AI score

Exploits0References1

CVE•added 2025/11/13 4:27 p.m.•6 views

CVE-2025-20346

CVE-2025-20346 describes a Cisco Catalyst Center RBAC vulnerability: an authenticated, remote attacker with at least Observer/read-only access can alter policy configurations that should be Administrator‑only. Affected product is Cisco Catalyst Center; exploitation involves logging in and modifyi...

4.3CVSS6.6AI score0.00048EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/11/13 4:27 p.m.•6 views

CVE-2025-20346 Cisco Catalyst Center Privilege Escalation Vulnerability

4.3CVSS0.00048EPSS

Exploits0References1

Cvelist•added 2025/11/13 4:18 p.m.•3 views

CVE-2025-20341 Cisco Catalyst Center Privilege Escalation Vulnerability

8.8CVSS0.00257EPSS

Exploits0References1

Vulnrichment•added 2025/11/13 4:18 p.m.•3 views

CVE-2025-20341 Cisco Catalyst Center Privilege Escalation Vulnerability

8.8CVSS6.3AI score0.00257EPSS

Exploits0References1

CVE•added 2025/11/13 4:18 p.m.•14 views

CVE-2025-20349

CVE-2025-20349 concerns Cisco Catalyst Center. The REST API suffers from insufficient validation of user-supplied input in request parameters, enabling an authenticated attacker (credentials at least Observer) to craft API requests that inject arbitrary commands executed inside a restricted conta...

8.8CVSS7AI score0.00211EPSS

Exploits0References1Affected Software1

CVE•added 2025/11/13 4:18 p.m.•10 views

CVE-2025-20341

The CVE-2025-20341 case involves Cisco Catalyst Center Virtual Appliance. Description and multiple connected sources confirm an Access Control / input-validation flaw that allows an authenticated, remote attacker with at least Observer privileges to escalate to Administrator by sending a crafted ...

8.8CVSS6.3AI score0.00257EPSS

Exploits0References1

Cisco•added 2025/11/13 4:0 p.m.•7 views

Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability

8.8CVSS6.8AI score0.00257EPSS

Exploits0References1

Positive Technologies•added 2025/11/13 12:0 a.m.•3 views

PT-2025-46853

Name of the Vulnerable Software and Affected Versions Cisco Catalyst Center affected versions not specified Description A flaw exists in the REST API of Cisco Catalyst Center that could allow a remote attacker with valid credentials at least Observer role to execute arbitrary commands within a...

6.3CVSS7AI score0.00211EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-7518

Malware in sbrugna...

8.8CVSS8.6AI score0.09724EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2021-6770

Malicious code in bioql PyPI...

8.8CVSS5.3AI score0.00172EPSS

Exploits0References1

OSV•added 2021/01/20 8:15 p.m.•2 views

CVE-2021-1303

A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability ...

8.8CVSS5.9AI score0.00172EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by