2025-07-10 Daily Vulns

NEW:

CVE	vendor-product	description	metric	Referenceurl	title	GithubURL
CVE-2021-27961	n/a - n/a	evesys 7.1 (2152) through 8.0 (2202) allows Reflected XSS via the indexeva.php action parameter.	CNA n/a CVSS3.1: 6.5 - MEDIUM	0 1	Exploitation: pocAutomatable: yesTechnical Impact: partial	undefined	github
CVE-2024-56468	IBM - InfoSphere Data Replication VSAM for z/OS Remote Source	IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service.	CVSS3.1: 7.5 - HIGH	0	Exploitation: noneAutomatable: yesTechnical Impact: partial	IBM InfoSphere Data Replication VSAM for z/OS Remote Source denial of service	github
CVE-2020-26082	Cisco - Cisco Secure Email	A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.	CVSS3.1: 5.8 - MEDIUM	0	Exploitation: noneAutomatable: yesTechnical Impact: partial	undefined	github
CVE-2025-3499	Radiflow - iSAP Smart Collector	The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system.	CVSS3.1: 10 - CRITICAL	0	Exploitation: noneAutomatable: yesTechnical Impact: total	Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector	github