7.5
CVE-2025-37105 -
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
7.5
CVE-2025-40777 - A possible assertion failure when 'stale-answer-client-timeout' is set to '0'
If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cacβ¦
1.3
CVE-2025-53904 - The Scratch Channel Has Potential Reflected Cross-Site Scripting (XSS) Vulnerability
The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/admin.js` contains code that could make the website vulnerable to cross-site scripting. No known patches exist as of time of publication.
10
CVE-2025-20337 - Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to iβ¦
4.1
CVE-2025-20285 - Cisco Identity Services Engine IP Filter Access Restriction for Admin Access Configuration Bypass Vβ¦
A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address. This vulnerability is due to improper enforcement of access controlβ¦
5.8
CVE-2025-20288 - Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP rβ¦
6.5
CVE-2025-20284 - Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials couβ¦
6.5
CVE-2025-20283 - Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials couβ¦
4.3
CVE-2025-20272 - Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Blind SQL Injection Vulneβ¦
A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is due to insufficient validation of user-supplieβ¦
6.3
CVE-2025-20274 - Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interfβ¦