CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1098 matches found

Cisco•added 2022/10/19 4:0 p.m.•36 views

Cisco Identity Services Engine Unauthorized File Access Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to list, download, and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could explo...

7.1CVSS7.3AI score0.0124EPSS

Exploits0References1

CNVD•added 2022/10/11 12:0 a.m.•25 views

Cisco Smart Software Manager On-Prem Elevation of Privilege Vulnerability

Cisco Smart Software Manager On-Prem SSM On-Prem is a component of Cisco for Cisco product license management.An elevation of privilege vulnerability exists in previous versions of Cisco Smart Software Manager On-Prem 8-202206, which stems from insufficient protection of sensitive user informatio...

4.3CVSS4AI score0.00595EPSS

Exploits0References1

Tenable Nessus•added 2022/10/07 12:0 a.m.•34 views

Cisco Expressway Series and Cisco TelePresence Video Communication Server CSRF (cisco-sa-expressway-csrf-sqpsSfY6)

According to its self-reported version, Cisco Expressway-C and Cisco TelePresence VCS devices are affected by a vulnerability in their REST API that could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due...

7.4CVSS5.4AI score0.00615EPSS

Exploits0References3

NVD•added 2022/09/23 4:15 p.m.•11 views

CVE-2022-40628

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 inclusive, due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit...

9.8CVSS0.01813EPSS

Exploits0References2

Prion•added 2022/09/23 4:15 p.m.•16 views

Design/Logic Flaw

7.5CVSS9.6AI score0.01813EPSS

Exploits0References2Affected Software2

CVE•added 2022/08/10 8:10 a.m.•91 views

CVE-2022-20869

CVE-2022-20869 affects Cisco BroadWorks Application Delivery Platform Software, specifically its web-based management interface. The vulnerability is a cross-site scripting flaw caused by insufficient input validation, allowing an unauthenticated, remote attacker to persuade a user to click a cra...

6.1CVSS6.2AI score0.00536EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2022/08/05 12:0 a.m.•77 views

Cisco Small Business RV Series Routers DoS RCE (cisco-sa-sb-mult-vuln-CbVp4SUR))

According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by a vulnerability. A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to...

9.8CVSS9.2AI score0.01607EPSS

Exploits0References2

Tenable Nessus•added 2022/07/27 12:0 a.m.•80 views

Cisco Secure Email and Web Manager External Authentication Bypass (cisco-sa-sma-esa-auth-bypass-66kEcxQD)

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks...

9.8CVSS8.7AI score0.01394EPSS

Exploits0References3

NVD•added 2022/07/22 4:15 a.m.•20 views

CVE-2022-20898

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

7.2CVSS0.00859EPSS

Exploits0References1

Prion•added 2022/07/22 4:15 a.m.•20 views

Input validation

5.8CVSS7.4AI score0.00859EPSS

Exploits0References1Affected Software4

NVD•added 2022/07/21 4:15 a.m.•20 views

CVE-2022-20877

7.2CVSS0.0106EPSS

Exploits0References1

NVD•added 2022/07/21 4:15 a.m.•16 views

CVE-2022-20876

7.2CVSS0.0106EPSS

Exploits0References1

CVE•added 2022/07/21 4:5 a.m.•71 views

CVE-2022-20913

CVE-2022-20913 affects Cisco Nexus Dashboard. The vulnerability arises from insufficient input validation in the web-based management interface, enabling an authenticated administrator to upload a crafted file and overwrite arbitrary files on the device. Exploitation requires admin credentials an...

6.5CVSS5.4AI score0.00934EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2022/07/21 4:5 a.m.•13 views

CVE-2022-20913 Cisco Nexus Dashboard Arbitrary File Write Vulnerability

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator...

4.9CVSS6.9AI score0.00934EPSS

Exploits0References1

CVE•added 2022/07/21 3:54 a.m.•83 views

CVE-2022-20878

CVE-2022-20878 affects Cisco Small Business RV110W, RV130, RV130W, and RV215W routers. The issues stem from insufficient validation of user fields in incoming HTTP packets within the web-based management interface, allowing an authenticated attacker with administrator credentials to potentially e...

7.2CVSS6.7AI score0.0106EPSS

Exploits0References1Affected Software1