CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common/1.0/login' endpoint can be exploited to create a new user account in the appliance database. Thi...

10CVSS8.8AI score0.68588EPSS

Exploits0References1

NVD•added 2025/07/15 1:15 p.m.•4 views

CVE-2025-34112

10CVSS0.68588EPSS

Exploits0References4

Cvelist•added 2025/07/15 1:7 p.m.•11 views

CVE-2025-34112 Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE

10CVSS0.68588EPSS

Exploits0References4

CVE•added 2025/07/15 1:7 p.m.•21 views

CVE-2025-34112

Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 virtual appliances are affected by an authenticated multi‑stage remote code execution chain. A SQL injection in /api/common/1.0/login allows an attacker to create a new user, which is then used to trigger a command injection in /index.php?page...

10CVSS8.8AI score0.68588EPSS

Exploits0References4

ATTACKERKB•added 2025/07/15 1:7 p.m.•2 views

CVE-2025-34112

10CVSS6.7AI score0.68588EPSS

Exploits0References4Affected Software2

CNNVD•added 2025/07/15 12:0 a.m.•2 views

Riverbed SteelCentral NetProfiler 安全漏洞

Riverbed SteelCentral NetProfiler is a network performance management software from Riverbed, USA. A security vulnerability exists in Riverbed SteelCentral NetProfiler version 10.8.7 that stems from SQL injection and command injection and could lead to remote code execution...

10CVSS8.7AI score0.68588EPSS

Exploits0References5

RedhatCVE•added 2025/07/12 7:24 p.m.•5 views

CVE-2025-34098

A path traversal vulnerability exists in Riverbed SteelHead VCX appliances confirmed in VCX255U 9.6.0a due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter...

7.1CVSS7.2AI score0.68395EPSS

Exploits0References1

NVD•added 2025/07/10 8:15 p.m.•4 views

CVE-2025-34098

7.1CVSS0.68395EPSS

Exploits0References3

Cvelist•added 2025/07/10 7:11 p.m.•6 views

CVE-2025-34098 Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection

7.1CVSS0.68395EPSS

Exploits0References3

CVE•added 2025/07/10 7:11 p.m.•14 views

CVE-2025-34098

The CVE-2025-34098 entry describes a path traversal vulnerability in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) where improper input validation in the log filtering functionality exposed via the management web interface allows an authenticated attacker to submit crafted filte...

7.1CVSS6.6AI score0.68395EPSS

Exploits0References3

Vulnrichment•added 2025/07/10 7:11 p.m.•2 views

CVE-2025-34098 Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection

7.1CVSS7.1AI score0.68395EPSS

Exploits0References3

Positive Technologies•added 2025/07/10 12:0 a.m.•0 views

PT-2025-29140 · Riverbed · Riverbed Steelhead Vcx

Name of the Vulnerable Software and Affected Versions: Riverbed SteelHead VCX versions 9.6.0a Description: A path traversal vulnerability exists due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this...

7.1CVSS6.5AI score0.68395EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by