4.4
CVE-2025-20118 - Cisco Application Policy Infrastructure Controller Authenticated Command Injection Due to Sensitiveβ¦
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is dβ¦
5.1
CVE-2025-20161 - Cisco NX-OS Software Command Injection Vulnerability
A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating systeβ¦
5.1
CVE-2025-20117 - Cisco Application Policy Infrastructure Controller Authenticated Command Injection Vulnerability
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability isβ¦
4.8
CVE-2025-20116 - Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability
A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the weβ¦
7.4
CVE-2025-20111 - Cisco Nexus 3000 and 9000 Series Switches Layer 2 Ethernet Denial of Service Vulnerability
A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. Tβ¦
5.3
CVE-2025-1716 - picklescan - Security scanning bypass via 'pip main'
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklβ¦
0.0
CVE-2025-1249 - WordPress Events Manager plugin <= 6.6.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Marcus (aka @msykes) Events Manager events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through <= 6.6.4.1.
6.1
CVE-2025-0719 - IBM Cloud Pak for Data cross-site scripting
IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted β¦
4.3
CVE-2025-26925 - WordPress Admin Menu Manager plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3.
9.1
CVE-2024-47051 - Remote Code Execution & File Deletion in Asset Uploads
This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload:Β A Remote Code Execution vulnerability has been identified in the asset upload fβ¦