VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,232 total · sorted by risk
  • CVE-2026-20002Mar 4, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker…

  • CVE-2026-20044Mar 4, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in…

  • CVE-2026-20001Mar 4, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this…

  • CVE-2026-20005Mar 4, 2026
    risk 0.00cvss epss 0.00

    Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to…

  • CVE-2026-20129Feb 25, 2026
    risk 0.00cvss epss 0.01

    A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that…

  • CVE-2026-20126Feb 25, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An…

  • CVE-2026-20674Feb 11, 2026
    risk 0.00cvss epss 0.00

    A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.

  • CVE-2026-20642Feb 11, 2026
    risk 0.00cvss epss 0.00

    An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen.

  • CVE-2026-20682Feb 11, 2026
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker may be able to discover a user’s deleted notes.

  • CVE-2026-20111Feb 4, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the…

  • CVE-2026-20123Feb 4, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input…

  • CVE-2026-20098Feb 4, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper…

  • CVE-2025-24090Jan 16, 2026
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.

  • CVE-2025-24089Jan 16, 2026
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.

  • CVE-2024-54556Jan 16, 2026
    risk 0.00cvss epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen.

  • CVE-2026-20075Jan 15, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an…

  • CVE-2026-20047Jan 15, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This…

  • CVE-2026-20076Jan 15, 2026
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient…

  • CVE-2025-46286Jan 9, 2026
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment.

  • CVE-2019-25277Jan 7, 2026
    risk 0.00cvss epss 0.00

    FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers,…

  • CVE-2019-25279Jan 7, 2026
    risk 0.00cvss epss 0.00

    FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in…

  • CVE-2019-25278Jan 7, 2026
    risk 0.00cvss epss 0.00

    FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network…

  • CVE-2019-25242Dec 24, 2025
    risk 0.00cvss epss 0.00

    FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access…

  • CVE-2019-25241Dec 24, 2025
    risk 0.00cvss epss 0.01

    FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands…

  • CVE-2025-43475Dec 17, 2025
    risk 0.00cvss epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.

  • CVE-2025-43541Dec 17, 2025
    risk 0.00cvss epss 0.32

    A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  • CVE-2025-43437Dec 12, 2025
    risk 0.00cvss epss 0.00

    An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user.

  • CVE-2025-20346Nov 13, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control…

  • CVE-2025-20353Nov 13, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient…

  • CVE-2025-20349Nov 13, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request…

  • CVE-2025-60692Nov 13, 2025
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The functions get_mac_from_ip and get_ip_from_mac use sscanf with overly permissive "%100s" format specifiers to parse entries…

  • CVE-2025-20304Nov 5, 2025
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of…

  • CVE-2025-20305Nov 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with…

  • CVE-2025-20289Nov 5, 2025
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of…

  • CVE-2025-20303Nov 5, 2025
    risk 0.00cvss epss 0.04

    Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of…

  • CVE-2025-20375Nov 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this…

  • CVE-2025-20376Nov 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this…

  • CVE-2025-20374Nov 5, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker…

  • CVE-2025-20358Nov 5, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to…

  • CVE-2025-20354Nov 5, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper…

  • CVE-2025-20343Nov 5, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly. This vulnerability is due to a logic error when…

  • CVE-2025-43309Nov 4, 2025
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.

  • CVE-2025-43460Nov 4, 2025
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information.

  • CVE-2025-43422Nov 4, 2025
    risk 0.00cvss epss 0.00

    The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be able to disable Stolen Device Protection.

  • CVE-2025-43377Nov 4, 2025
    risk 0.00cvss epss 0.00

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to cause a denial-of-service.

  • CVE-2025-43399Nov 4, 2025
    risk 0.00cvss epss 0.01

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access protected user data.

  • CVE-2025-43454Nov 4, 2025
    risk 0.00cvss epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock.

  • CVE-2025-43442Nov 4, 2025
    risk 0.00cvss epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to identify what other apps a user has installed.

  • CVE-2025-43452Nov 4, 2025
    risk 0.00cvss epss 0.00

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen.

  • CVE-2025-20351Oct 15, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability…

Page 91 of 145