CVE-2025-20375

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a...

CVE-2025-20376

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a...

CVE-2025-20375

The CVE-2025-20375 issue affects Cisco Unified CCX web UI. An authenticated attacker could upload crafted files due to insufficient input validation in specific UI features, enabling arbitrary file upload and execution on the underlying OS. Exploitation requires valid administrative credentials. ...

CVE-2025-20376 Cisco Unified Contact Center Express Remote Code Execution Vulnerability

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a...

CVE-2025-20376 Cisco Unified Contact Center Express Remote Code Execution Vulnerability

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a...

EUVD-2025-37890

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this...

CVE-2025-52602

HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names or IDs. An attacker can use that information to target individuals with phishing or...

CVE-2025-52602

CVE-2025-52602 affects HCL BigFix Query WebUI Query, where an HTTP GET endpoint may disclose discoverable data such as group names and active user names/IDs via the /api/v1/query endpoint. This exposure could enable targeted phishing or social engineering. The available connected documents confir...

Moderate: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.7.1 release

Red Hat OpenShift distributed tracing platform Tempo 3.7.1 has been released This release of the Red Hat OpenShift distributed tracing platform Tempo provides security improvements. Breaking changes: Nothing Deprecations: Nothing Technology Preview features: Nothing Enhancements: Nothing Bug fixe...

CVE-2025-43360

The issue was addressed with improved UI. This issue is fixed in iOS 26 and iPadOS 26. Password fields may be unintentionally revealed...

CVE-2025-43503

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Visiting a malicious website may lead to user interface spoofing...

PT-2025-45131

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this...

HCL BigFix Query 安全漏洞

HCL BigFix Query is a module for querying and collecting system status data in real-time from HCL India. A security vulnerability exists in HCL BigFix Query that stems from an HTTP GET endpoint request in the WebUI Query application returning a discoverable response that could disclose the group...

PT-2025-45111

Name of the Vulnerable Software and Affected Versions HCL BigFix Query affected versions not specified Description HCL BigFix Query’s WebUI Query application is susceptible to sensitive information disclosure. An HTTP GET request to an endpoint can reveal discoverable responses, potentially...

Cisco Unified Contact Center Express 代码问题漏洞

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A security vulnerability exists in Cisco...

Cisco IOS XE Software Web UI Reflected XSS (cisco-sa-webui-xss-VWyDgjOU)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute a reflected XSS attack and steal user cookies from th...

Cisco Unified Contact Center Express 路径遍历漏洞

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A path traversal vulnerability exists in...

Multiple vulnerabilities in Century Systems FutureNet MA and IP-K series

Overview FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. OS command Injection CWE-78 - CVE-2025-54763 Files or directories acessible to external parties CWE-552 - CVE-2025-58152 Chuya Hayakawa of 00One, Inc. reported these...

CVE-2025-43503

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Visiting a malicious website may lead to user interface spoofing...

CVE-2025-43360

The issue was addressed with improved UI. This issue is fixed in iOS 26 and iPadOS 26. Password fields may be unintentionally revealed...