Lucene search
K

16821 matches found

Cisco
Cisco
added 2025/09/03 4:0 p.m.9 views

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM Software and Cisco Unified CM Session Management Edition SME Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected device...

4.3CVSS7AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/03 2:33 p.m.3 views

CVE-2025-33082

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS6.2AI score0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/03 12:0 a.m.2 views

CVE-2025-56498

An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit...

7.2AI score0.01722EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.5 views

PT-2025-35810

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager Unified CM Software and Cisco Unified CM Session Management Edition SME Software affected versions not specified Description: A vulnerability exists in the web-based management interface that could allow a...

4.3CVSS6.2AI score0.00167EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.6 views

PT-2025-35812

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager IM & Presence Service affected versions not specified Description: A vulnerability exists in the web-based management interface that could allow an unauthenticated, remote attacker to conduct a cross-site...

6.1CVSS5.6AI score0.00236EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.4 views

PT-2025-35807

Name of the Vulnerable Software and Affected Versions: Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure affected versions not specified Description: A vulnerability exists in the web-based management interface that could allow an authenticated, remote attacker to...

4.8CVSS5.5AI score0.00207EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-15043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the...

7.5CVSS6.2AI score0.63388EPSS
Exploits1References2
NVD
NVD
added 2025/09/02 8:15 p.m.2 views

CVE-2025-6685

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS0.00654EPSS
Exploits0References2
OSV
OSV
added 2025/09/02 8:15 p.m.3 views

CVE-2025-6685

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS5.9AI score0.00654EPSS
Exploits0References2
CVE
CVE
added 2025/09/02 7:48 p.m.13 views

CVE-2025-6685

ATEN eco DC contains a missing authorization flaw in its web-based interface that can enable privilege escalation. The issue arises from not validating the assigned user role when handling requests, allowing an attacker with network access to escalate privileges to restricted resources; authentic...

8.8CVSS6.6AI score0.00654EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/02 7:48 p.m.7 views

CVE-2025-6685 ATEN eco DC Missing Authorization Privilege Escalation Vulnerability

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS0.00654EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/02 7:48 p.m.2 views

CVE-2025-6685 ATEN eco DC Missing Authorization Privilege Escalation Vulnerability

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS6.6AI score0.00654EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-8007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings...

9CVSS8AI score0.11681EPSS
Exploits3References2
OSV
OSV
added 2025/09/01 3:15 p.m.6 views

CVE-2025-0656

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.1CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added 2025/09/01 2:22 p.m.7 views

CVE-2025-33082 IBM Concert Software cross-site scripting

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS0.00166EPSS
Exploits0References1
CVE
CVE
added 2025/09/01 2:22 p.m.13 views

CVE-2025-33083

CVE-2025-33083 affects IBM Concert Software 1.0.0–1.1.0. An authenticated user can inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. Root cause: cross-site scripting in the web interface. Impact is described as credential exposure...

5.4CVSS5.7AI score0.00166EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/01 12:0 a.m.3 views

PT-2025-35490

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.1.0 Description: IBM Concert Software is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering functionality and leadin...

5.4CVSS5.8AI score0.00166EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/01 12:0 a.m.3 views

IBM Concert Software 跨站脚本漏洞

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. A cross-site scripting vulnerability exists in IBM Concert Software, which can b...

6.1CVSS6.1AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/01 12:0 a.m.4 views

PT-2025-35491

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.1.0 Description: IBM Concert Software is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering functionality and leadin...

5.4CVSS5.7AI score0.00166EPSS
Exploits0References4
NVD
NVD
added 2025/08/31 10:15 a.m.6 views

CVE-2025-9725

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...

8.8CVSS0.00321EPSS
Exploits1References5
Rows per page
Query Builder