4.6
CVE-2025-20208 -
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the webβ¦
7.1
CVE-2025-20206 - Cisco Secure Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability
A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. Tβ¦
0.0
CVE-2025-1990 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
8.7
CVE-2025-27497 - OpenDJ Denial of Service (Dos) using alias loop
OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior to 4.9.3 contains a denial-of-service (DoS) vulnerability that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an ldapsearβ¦
6.1
CVE-2025-27412 - REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3.
5.4
CVE-2025-27411 - REDAXO allows Arbitrary File Upload in the mediapool page
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3.
9.8
CVE-2023-38693 - RCE in Lucee REST endpoint
Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173.
6.9
CVE-2025-23416 - Keysight Ixia Vision Product Family Path Traversal
Path traversal may lead to arbitrary file deletion. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25.
6.9
CVE-2025-21095 - Keysight Ixia Vision Product Family Path Traversal
Path traversal may lead to arbitrary file download. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25.
6.9
CVE-2025-24521 - Keysight Ixia Vision Product Family Improper Restriction of XML External Entity Reference
External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25.