Lucene search
K

207 matches found

Vulnrichment
Vulnrichment
added 2025/11/13 4:18 p.m.4 views

CVE-2025-20341 Cisco Catalyst Center Privilege Escalation Vulnerability

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by...

8.8CVSS6.3AI score0.00515EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 4:18 p.m.9 views

CVE-2025-20349 Cisco DNA Center API Command Injection Vulnerability

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

6.3CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2025/11/13 4:18 p.m.22 views

CVE-2025-20349

CVE-2025-20349 concerns Cisco Catalyst Center. The REST API suffers from insufficient validation of user-supplied input in request parameters, enabling an authenticated attacker (credentials at least Observer) to craft API requests that inject arbitrary commands executed inside a restricted conta...

8.8CVSS7AI score0.00324EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/13 4:18 p.m.6 views

CVE-2025-20341 Cisco Catalyst Center Privilege Escalation Vulnerability

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by...

8.8CVSS0.00515EPSS
Exploits0References1
CVE
CVE
added 2025/11/13 4:18 p.m.17 views

CVE-2025-20341

The CVE-2025-20341 case involves Cisco Catalyst Center Virtual Appliance. Description and multiple connected sources confirm an Access Control / input-validation flaw that allows an authenticated, remote attacker with at least Observer privileges to escalate to Administrator by sending a crafted ...

8.8CVSS6.3AI score0.00515EPSS
Exploits0References1
Cisco
Cisco
added 2025/11/13 4:0 p.m.10 views

Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by...

8.8CVSS6.8AI score0.00515EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.7 views

PT-2025-46853

Name of the Vulnerable Software and Affected Versions Cisco Catalyst Center affected versions not specified Description A flaw exists in the REST API of Cisco Catalyst Center that could allow a remote attacker with valid credentials at least Observer role to execute arbitrary commands within a...

6.3CVSS7AI score0.00324EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.5 views

PT-2025-46852

Name of the Vulnerable Software and Affected Versions Cisco Catalyst Center Virtual Appliance affected versions not specified Description A flaw exists in Cisco Catalyst Center Virtual Appliance that could allow a remote attacker with valid credentials for a user account with at least the role of...

8.8CVSS6.5AI score0.00515EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2025/11/07 7:58 p.m.3 views

CVE-2025-34245

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS7.6AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 7:58 p.m.3 views

CVE-2025-34242

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

8.6CVSS7.6AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 7:58 p.m.3 views

CVE-2025-34240

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

8.6CVSS7.6AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 8:15 p.m.2 views

CVE-2025-34247

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS0.00288EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 8:15 p.m.9 views

CVE-2025-34246

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS0.00284EPSS
Exploits0References3
OSV
OSV
added 2025/11/06 8:15 p.m.4 views

CVE-2025-34246

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS5.8AI score0.00284EPSS
Exploits0References3
OSV
OSV
added 2025/11/06 8:15 p.m.2 views

CVE-2025-34241

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS5.8AI score0.00284EPSS
Exploits0References3
OSV
OSV
added 2025/11/06 8:15 p.m.3 views

CVE-2025-34244

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS5.8AI score0.00284EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 8:15 p.m.8 views

CVE-2025-34245

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS0.00284EPSS
Exploits0References3
OSV
OSV
added 2025/11/06 8:15 p.m.4 views

CVE-2025-34242

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS5.8AI score0.00284EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/06 7:49 p.m.3 views

CVE-2025-34246 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxPrevalidationController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS7.2AI score0.00284EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 7:48 p.m.8 views

CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS0.00284EPSS
Exploits0References3
Rows per page
Query Builder