4.8
CVE-2025-4415 - Piwik PRO - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-058
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2.
4.8
CVE-2025-20267 - Cisco Identity Services Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input bβ¦
6.5
CVE-2025-20257 - Cisco Secure Network Analytics API Authorization Vulnerability
A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Tβ¦
6.5
CVE-2025-20256 - Cisco Secure Network Analytics Manager Server-Side Template Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating syβ¦
7.1
CVE-2025-20113 - Cisco Unified Intelligence Center Privilege Escalation Vulnerability
A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or Hβ¦
4.3
CVE-2025-20114 - Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker cβ¦
8.6
CVE-2025-20152 - ISE restart
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacβ¦
5.1
CVE-2025-20112 - Cisco Unified Communications Products Privilege Escalation Vulnerability
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An β¦
8.7
CVE-2025-4008 - Arbitrary Command Injection in Smartbedded MeteoBridge
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unaβ¦
4.3
CVE-2024-23337 - jq has signed integer overflow in jv.c:jvp_array_write
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.