Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (258 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3287 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.
CVE-2014-2185 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.
CVE-2014-3292 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.
CVE-2014-3318 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.
CVE-2014-3315 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.
CVE-2014-3316 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
CVE-2014-3319 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.
CVE-2014-3332 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.
CVE-2014-3363 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.
CVE-2014-3366 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
CVE-2014-3375 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.
CVE-2014-7991 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.
CVE-2014-8008 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.
CVE-2015-0717 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.
CVE-2015-4221 1 Cisco 1 Unified Communications Manager Im And Presence Service 2025-04-12 N/A
Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194.
CVE-2015-4222 1 Cisco 1 Unified Communications Manager Im And Presence Service 2025-04-12 N/A
SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325.
CVE-2015-4272 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580.
CVE-2015-4294 1 Cisco 1 Unified Communications Manager Im And Presence Service 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766.
CVE-2014-3374 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.
CVE-2015-6425 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.