VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,232 total · sorted by risk
  • CVE-2025-20275Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. This vulnerability is due to insecure deserialization of Java objects by the…

  • CVE-2025-20273Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected…

  • CVE-2025-20163Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit…

  • CVE-2025-20129Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP…

  • CVE-2025-20130Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper…

  • CVE-2025-20250May 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a…

  • CVE-2025-20247May 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a…

  • CVE-2025-20246May 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a…

  • CVE-2025-20255May 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests to the affected…

  • CVE-2025-20242May 21, 2025
    risk 0.00cvss epss 0.05

    A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker…

  • CVE-2025-20267May 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of…

  • CVE-2025-20257May 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an…

  • CVE-2025-20256May 21, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the…

  • CVE-2025-20113May 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied…

  • CVE-2025-20114May 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API…

  • CVE-2025-20152May 21, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain…

  • CVE-2025-31185May 19, 2025
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.

  • CVE-2025-31227May 12, 2025
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording.

  • CVE-2025-31207May 12, 2025
    risk 0.00cvss epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.

  • CVE-2025-31253May 12, 2025
    risk 0.00cvss epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.

  • CVE-2025-31214May 12, 2025
    risk 0.00cvss epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.

  • CVE-2025-20195May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the…

  • CVE-2025-20194May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker…

  • CVE-2025-20193May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r This vulnerability is due to insufficient input validation. An attacker…

  • CVE-2025-20201May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when…

  • CVE-2025-20200May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when…

  • CVE-2025-20199May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when…

  • CVE-2025-20198May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when…

  • CVE-2025-20197May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when…

  • CVE-2025-20221May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an affected device. An…

  • CVE-2025-20162May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue wedge, which could result in a denial of service (DoS) condition. This vulnerability is due to improper handling of…

  • CVE-2025-20196May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS)…

  • CVE-2025-20186May 7, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affected device. This…

  • CVE-2025-20223May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of…

  • CVE-2025-20155May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software…

  • CVE-2025-20140May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory…

  • CVE-2025-20189May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition. This…

  • CVE-2025-20181May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot…

  • CVE-2025-20202May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of access point (AP) Cisco Discovery…

  • CVE-2025-20190May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient access control of…

  • CVE-2025-20188May 7, 2025
    risk 0.00cvss epss 0.18

    A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to…

  • CVE-2025-20214May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability exists because a subtle change in inner…

  • CVE-2025-20137May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the…

  • CVE-2025-20147May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system. This vulnerability is due to…

  • CVE-2025-20216May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper sanitization of input to the…

  • CVE-2025-20154May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco…

  • CVE-2025-20151May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to…

  • CVE-2025-20187May 7, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to improper validation of requests to…

  • CVE-2025-20122May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This vulnerability is due to insufficient input validation. An…

  • CVE-2025-20213May 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid…

Page 92 of 145