4.8
CVE-2025-48010 - One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-061
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.
3.1
CVE-2025-48009 - Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060
Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12.
7.5
CVE-2025-4416 - Events Log Track - Moderately critical - Denial of Service - SA-CONTRIB-2025-059
Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2.
4.8
CVE-2025-4415 - Piwik PRO - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-058
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2.
4.8
CVE-2025-20267 - Cisco Identity Services Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input bβ¦
6.5
CVE-2025-20257 - Cisco Secure Network Analytics API Authorization Vulnerability
A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Tβ¦
6.5
CVE-2025-20256 - Cisco Secure Network Analytics Manager Server-Side Template Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating syβ¦
7.1
CVE-2025-20113 - Cisco Unified Intelligence Center Privilege Escalation Vulnerability
A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or Hβ¦
4.3
CVE-2025-20114 - Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker cβ¦
8.6
CVE-2025-20152 - ISE restart
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacβ¦