7.4
CVE-2025-20191 - Multiple Cisco Products Denial of Service Vulnerability
A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affectedβ¦
6.5
CVE-2025-20187 - Cisco SD-WAN Manager Software Arbitrary File Creation Vulnerability
A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to improper validation of requests to APIs. An attacker couldβ¦
7.8
CVE-2025-20122 - Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This vulnerability is due to insufficient input validation. An authenticated attacker wβ¦
8.8
CVE-2025-32819 -
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
5.5
CVE-2025-20213 - Cisco Catalyst SDWAN Manager Arbitrary File Overwrite Vulnerability
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials witβ¦
8.6
CVE-2025-20182 - Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software and IOS XE Software Iβ¦
A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of sβ¦
5.9
CVE-2025-20157 - Cisco Catalyst vManage Certificate Validation Vulnerability
A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that are used by the Smaβ¦
7.3
CVE-2025-20210 - Cisco Catalyst Center Unprotected API Endpoint
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could eβ¦
5.7
CVE-2025-46551 - JRuby-OpenSSL has hostname verification disabled by default
JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 (corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1), when verifying SSL certificates, JRubyβ¦
8
CVE-2025-46827 - Graylog Allows Session Takeover via Insufficient HTML Sanitization
Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissβ¦