CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-20256 |
Description: A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system.
This vulnerability is due to insufficient input validation in specific fields of the web-based management interface. An attacker with valid administrative credentials could exploit this vulnerability by sending crafted input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-20255 |
Description: A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service.
This vulnerability is due to improper handling of malicious HTTP requests to the affected service. An attacker could exploit this vulnerability by manipulating stored HTTP responses within the service, also known as HTTP cache poisoning. A successful exploit could allow the attacker to cause the Webex Meetings service to return incorrect HTTP responses to clients.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-20250 |
Description: A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-20247 |
Description: A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-20246 |
Description: A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-20242 |
Description: A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device.
This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port on an affected device. A successful exploit could allow the attacker to read or modify data on the affected device.
CVSS: MEDIUM (6.5) EPSS Score: 0.01%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-20114 |
Description: A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system.
This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-20112 |
Description: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor.
CVSS: MEDIUM (5.1) EPSS Score: 0.01%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-48206 |
Description: The ns_backup extension through 13.0.0 for TYPO3 allows XSS.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-48204 |
Description: The ns_backup extension through 13.0.0 for TYPO3 allows command injection.
CVSS: MEDIUM (6.8) EPSS Score: 0.32%
May 21st, 2025 (about 1 month ago)
|