VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,231 total · sorted by risk
  • CVE-2025-43383MedNov 4, 2025
    risk 0.28cvss 4.3epss 0.01

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to…

  • CVE-2025-20365MedSep 24, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an affected device. This vulnerability is due to a logic error in the processing of IPv6 RA…

  • CVE-2025-20364MedSep 24, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames with arbitrary information. This vulnerability is due to insufficient…

  • CVE-2025-20135MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to exhaust available memory. This vulnerability is…

  • CVE-2025-20332MedAug 6, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of server-side validation of Administrator permissions. An…

  • CVE-2025-43228MedJul 30, 2025
    risk 0.28cvss 4.3epss 0.01

    The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing.

  • CVE-2025-20129MedJun 4, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP…

  • CVE-2025-20255MedMay 21, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests to the affected…

  • CVE-2025-20114MedMay 21, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API…

  • CVE-2025-31239MedMay 12, 2025
    risk 0.28cvss 4.3epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected…

  • CVE-2025-20214MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability exists because a subtle change in inner…

  • CVE-2025-20195MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the…

  • CVE-2025-20151MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to…

  • CVE-2025-30467MedMar 31, 2025
    risk 0.28cvss 4.3epss 0.01

    The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. Visiting a malicious website may lead to address bar spoofing.

  • CVE-2025-1357MedFeb 16, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2025-20207MedFeb 5, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating…

  • CVE-2021-1465MedNov 18, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to…

  • CVE-2021-1425MedNov 18, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because…

  • CVE-2021-1410MedNov 18, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for…

  • CVE-2020-3525MedNov 18, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion of saved passwords when…

  • CVE-2021-34751MedNov 15, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an…

  • CVE-2021-34750MedNov 15, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an…

  • CVE-2021-1481MedNov 15, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the…

  • CVE-2023-20094MedNov 15, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this…

  • CVE-2022-20939MedNov 15, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An…

  • CVE-2022-20846MedNov 15, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer…

  • CVE-2024-20507MedNov 6, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based…

  • CVE-2024-20487MedNov 6, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based…

  • CVE-2024-20476MedNov 6, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator…

  • CVE-2024-20474MedOct 23, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An…

  • CVE-2024-20434MedSep 25, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker…

  • CVE-2024-20497MedSep 4, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could…

  • CVE-2024-20279MedAug 28, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an…

  • CVE-2024-20347MedApr 3, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an…

  • CVE-2024-20283MedApr 3, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability…

  • CVE-2024-20333MedMar 27, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization…

  • CVE-2024-20319MedMar 13, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This…

  • CVE-2023-20213MedNov 1, 2023
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds checking when an affected device…

  • CVE-2023-20179MedSep 27, 2023
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element…

  • CVE-2022-20917MedSep 15, 2023
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to…

  • CVE-2023-20233MedSep 13, 2023
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid…

  • CVE-2023-20237MedAug 16, 2023
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker…

  • CVE-2023-20180MedJul 7, 2023
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an…

  • CVE-2023-20136MedJun 28, 2023
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability…

  • CVE-2023-20059MedMar 23, 2023
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is…

  • CVE-2022-20965MedJan 20, 2023
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within…

  • CVE-2022-20938MedNov 15, 2022
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML…

  • CVE-2022-20863MedSep 8, 2022
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly…

  • CVE-2022-20713MedAug 10, 2022
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device.…

  • CVE-2022-20862MedJul 6, 2022
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying…

Page 89 of 145