CVE-2025-20193

CVE-2025-20193 affects the Cisco IOS XE Software web-based management interface. The root cause is insufficient input validation, enabling an authenticated, low-privilege attacker over the network to perform an injection attack that could read files from the underlying operating system. Connected...

Cisco Catalyst SD-WAN Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack XSS on an affected system. This vulnerability is due to improper sanitization of use...

Cisco Catalyst SD-WAN Manager Stored XSS (cisco-sa-vmanage-xss-xhN8M5jt)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD- WAN vManage, could allow an authenticated, remote attacker to conduct a stored...

CVE-2025-20178

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity...

PT-2025-16790 · Cisco · Cisco Secure Network Analytics

Name of the Vulnerable Software and Affected Versions: Cisco Secure Network Analytics affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary command...

CVE-2025-27085

Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device...

Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-xxe-inj-696OZTCm)

According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities. - Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request...

CVE-2025-27084 Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal (CP) of an AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-based Management Interface

A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting XSS attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the...

CVE-2025-27083 Authenticated Command Injection Vulnerabilities in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface

Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying...

CVE-2025-27082

The CVE-2025-27082 entry concerns an Arbitrary File Write vulnerability in the web-based management interfaces of HPE AOS-10 GW and AOS-8 Controller/Mobility Conductor. Affected component: the web UI backend for AOS-10 GW and AOS-8 Controller/Mobility Conductor. Root cause: ability for an authent...

Cisco TelePresence Management Suite XSS (cisco-sa-tms-xss-vuln-WbTcYwxG)

According to its self-reported version, Cisco TelePresence Management Suite is affected by a cross-site scripting vulnerability. - A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site...

CVE-2025-20208

CVE-2025-20208 is a reported cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS). The flaw stems from insufficient input validation in a data field of the web UI, enabling a low-privileged, remote attacker to inject script co...

Cisco Small Business RV Series Routers Command Injection Vulnerability

Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data...

CVE-2025-22961

A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control CWE-284. Unauthenticated attackers can directly access sensitive database backup files snapshotusers.db via publicly exposed URLs...

Cisco Small Business Series Switches Session Credentials Replay (CVE-2021-34739)

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...

Cisco Identity Services Engine Stored XSS Vulnerabilities (cisco-sa-ise-xss-42tgsdMG - CVE-2025-20204)

According to its self-reported version, Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities is affected by a vulnerability: - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct...

Cisco Identity Services Engine Stored XSS (cisco-sa-ise-xss-42tgsdMG)

According to its self-reported version, Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities is affected by a vulnerability: - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct...

Cisco Secure Email Gateway Command Injection (cisco-sa-esa-sma-wsa-multi-yKUJhS34)

According to its self-reported version, Secure Email Gateway is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform...

CVE-2022-44534

A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system...

CVE-2024-0533

A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The...