CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/11/05 4:32 p.m.•4 views

EUVD-2025-37883

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrato...

4.3CVSS5.9AI score0.00254EPSS

Vulnrichment•added 2025/11/05 4:32 p.m.•3 views

CVE-2025-20305

4.3CVSS6AI score0.00254EPSS

Cvelist•added 2025/11/05 4:32 p.m.•6 views

CVE-2025-20305

4.3CVSS0.00254EPSS

Vulnrichment•added 2025/11/05 4:32 p.m.•3 views

CVE-2025-20289

4.8CVSS6.5AI score0.00175EPSS

CVE•added 2025/11/05 4:32 p.m.•15 views

CVE-2025-20289

Cisco ISE and Cisco ISE-PIC's web-based management interface authenticate to users and are affected by multiple vulnerabilities allowing reflected XSS due to insufficient input validation. An authenticated, low-privilege attacker can exploit specific pages to run arbitrary script code in the user...

5.4CVSS6.5AI score0.00175EPSS

EUVD•added 2025/11/05 4:32 p.m.•4 views

EUVD-2025-37884

4.8CVSS6.3AI score0.00175EPSS

Vulnrichment•added 2025/11/05 4:32 p.m.•2 views

CVE-2025-20303

5.4CVSS6.5AI score0.03141EPSS

CVE•added 2025/11/05 4:32 p.m.•9 views

CVE-2025-20303

Cisco ISE and Cisco ISE-PIC web-based management interfaces have multiple vulnerabilities that allow an authenticated, remote attacker with at least a low-privileged account to perform a reflected XSS by injecting malicious input into specific pages. The issues stem from insufficient validation o...

5.4CVSS6.5AI score0.03141EPSS

Cvelist•added 2025/11/05 4:31 p.m.•5 views

CVE-2025-20375 Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a...

6.5CVSS0.00328EPSS

Vulnrichment•added 2025/11/05 4:31 p.m.•2 views

CVE-2025-20375 Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability

6.5CVSS7AI score0.00328EPSS

CVE•added 2025/11/05 4:31 p.m.•12 views

CVE-2025-20376

The collection shows CVE-2025-20376 affecting Cisco Unified CCX web UI, due to insufficient input validation in the file upload mechanism. An authenticated, remote attacker could upload a malicious file via the web UI and execute arbitrary commands on the underlying system, with potential privile...

7.2CVSS7.3AI score0.00399EPSS

EUVD•added 2025/11/05 4:31 p.m.•3 views

EUVD-2025-37889

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a...

6.5CVSS7.2AI score0.00399EPSS

CVE•added 2025/11/05 4:31 p.m.•14 views

CVE-2025-20374

Technical details about CVE-2025-20374 are not publicly provided in the connected documents. Please monitor for updates from Cisco and Red Hat advisories for affected products, impact scope, and remediation.

4.9CVSS6.6AI score0.00947EPSS

Cvelist•added 2025/11/05 2:46 p.m.•10 views

CVE-2025-52602 HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application

HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names or IDs. An attacker can use that information to target individuals with phishing or...

4.2CVSS0.00138EPSS

Vulnrichment•added 2025/11/05 2:46 p.m.•4 views

CVE-2025-52602 HCL BigFix Query is affected by a sensitive information disclosure vulnerability in the WebUI Query application

4.2CVSS5.9AI score0.00138EPSS

Tenable Nessus•added 2025/11/05 12:0 a.m.•4 views

Cisco Identity Services Engine (cisco-sa-ise-multiple-vulns-O9BESWJH)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These...

5.4CVSS6AI score0.00175EPSS

Exploits0References6

Positive Technologies•added 2025/11/05 12:0 a.m.•6 views

PT-2025-45124

Name of the Vulnerable Software and Affected Versions Cisco ISE and Cisco ISE-PIC affected versions not specified Description The web-based management interface of Cisco ISE and Cisco ISE-PIC contains weaknesses that could allow an authenticated, remote attacker to perform a reflected Cross-Site...

5.4CVSS6.2AI score0.00175EPSS

Exploits0References4

Positive Technologies•added 2025/11/05 12:0 a.m.•8 views

PT-2025-45132

6.5CVSS7.3AI score0.00328EPSS

CNNVD•added 2025/11/05 12:0 a.m.•4 views

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices, and develops and enforces policies to regulate the network. A cross-site scripting vulnerability...

5.4CVSS5.6AI score0.03141EPSS