CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-20196 |
Description:
A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS) condition.
This vulnerability is due to the improper handling of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the Cisco IOx application hosting environment to stop responding. The IOx process will need to be manually restarted to recover services.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-95Fqnf7b
This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2025 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: Medium
CVE: CVE-2025-20196
CVSS: MEDIUM (5.3) EPSS Score: 0.08%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20151 |
Description:
A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to deny SNMP traffic from an unauthorized source or the SNMPv3 username is removed from the configuration.
This vulnerability exists because of the way that the SNMPv3 configuration is stored in the Cisco IOS Software and Cisco IOS XE Software startup configuration. An attacker could exploit this vulnerability by polling an affected device from a source address that should have been denied. A successful exploit could allow the attacker to perform SNMP operations from a source that should be denied.
Note: The attacker has no control of the SNMPv3 configuration. To exploit this vulnerability, the attacker must have valid SNMPv3 user credentials.
For more information, see the Details section of this advisory.
Cisco has not released software updates that address this vulnerability. However, there is a new method for configuring SNMPv3 so that it will not be affected by this vulnerability. There are workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpv3-qKEYvzsy
This advisory is part of the May 2025 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Pub...
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-47692 |
Description: Missing Authorization vulnerability in contentstudio ContentStudio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentStudio: from n/a through 1.3.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-47691 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member allows Code Injection. This issue affects Ultimate Member: from n/a through 2.10.3.
CVSS: MEDIUM (5.5) EPSS Score: 0.05%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-47688 |
Description: Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-47686 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO allows Stored XSS. This issue affects DELUCKS SEO: from n/a through 2.5.9.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-47684 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Smaily Smaily for WP allows Cross Site Request Forgery. This issue affects Smaily for WP: from n/a through 3.1.6.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-47681 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ability, Inc Web Accessibility with Max Access allows Cross Site Request Forgery. This issue affects Web Accessibility with Max Access: from n/a through 2.0.9.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-47679 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RS WP THEMES RS WP Book Showcase allows DOM-Based XSS. This issue affects RS WP Book Showcase: from n/a through 6.7.40.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-47677 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Stored XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.25.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 7th, 2025 (about 2 months ago)
|