8.1
CVE-2026-20002 - SQL Injection in Cisco Secure FMC Web Interface Allowing Database and OS File Access
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulne…
10
CVE-2026-20131 - Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-suppl…
8.6
CVE-2026-20039 - Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL VPN Authentication Deni…
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability…
6
CVE-2026-20044 - Cisco Secure Firewall Management Center Command Injection Vulnerability
A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacke…
10
CVE-2026-20079 - Authentication Bypass in Cisco FMC Allows Root Access
A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is d…
5.3
CVE-2026-20031 - ClamAV CSS Image Parsing Error Handling Denial of Service Vulnerability
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could explo…
8.8
CVE-2019-25507 - Ashop Shopping Cart Software Lastest SQL Injection via index.php
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection to …
8.8
CVE-2019-25506 - FreeSMS 2.1.2 Authentication Bypass via SQL Injection
FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to /pages/crc_handl…
7.1
CVE-2019-25505 - Tradebox 5.4 SQL Injection via symbol Parameter
Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthly_deposit endpoint with malicious symbol values using boolean-based blind, time-b…
8.8
CVE-2019-25504 - NCrypted Jobgator Lastest SQL Injection via agents Find-Jobs
NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. Attackers can send POST requests to the agents Find-Jobs endpoint with malicious experience values to extract sensit…