Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-20250
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability...
Description: A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.

CVSS: MEDIUM (6.1)

EPSS Score: 0.04%

Source: CVE
May 21st, 2025 (17 days ago)

CVE-2025-20247
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability...
Description: A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.

CVSS: MEDIUM (6.1)

EPSS Score: 0.04%

Source: CVE
May 21st, 2025 (17 days ago)

CVE-2025-20246
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability...
Description: A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.

CVSS: MEDIUM (6.1)

EPSS Score: 0.04%

Source: CVE
May 21st, 2025 (17 days ago)

CVE-2025-20242
A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to...
Description: A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port on an affected device. A successful exploit could allow the attacker to read or modify data on the affected device.

CVSS: MEDIUM (6.5)

EPSS Score: 0.01%

Source: CVE
May 21st, 2025 (17 days ago)

CVE-2025-20152
ISE restart
Description: A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by sending a specific authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). A successful exploit could allow the attacker to cause Cisco ISE to reload.

CVSS: HIGH (8.6)

EPSS Score: 0.11%

Source: CVE
May 21st, 2025 (17 days ago)

CVE-2025-20114
Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability
Description: A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
May 21st, 2025 (17 days ago)

CVE-2025-20113
Cisco Unified Intelligence Center Privilege Escalation Vulnerability
Description: A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.

CVSS: HIGH (7.1)

EPSS Score: 0.07%

Source: CVE
May 21st, 2025 (17 days ago)

CVE-2025-20112
Cisco Unified Communications Products Privilege Escalation Vulnerability
Description: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor.

CVSS: MEDIUM (5.1)

EPSS Score: 0.01%

Source: CVE
May 21st, 2025 (17 days ago)

CVE-2025-20112
Cisco Unified Communications Products Privilege Escalation Vulnerability
Description: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-kkhZbHR5 Security Impact Rating: Medium CVE: CVE-2025-20112

CVSS: MEDIUM (5.1)

EPSS Score: 0.01%

Source: Cisco Security Advisory
May 21st, 2025 (17 days ago)

CVE-2025-20113
Cisco Unified Intelligence Center Privilege Escalation Vulnerabilities
Description: Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform privilege escalation attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4 Security Impact Rating: High CVE: CVE-2025-20113,CVE-2025-20114

CVSS: HIGH (7.1)

EPSS Score: 0.07%

Source: Cisco Security Advisory
May 21st, 2025 (17 days ago)