Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-20194

    A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input val... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-20193

    A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r This vulnerability is due to insufficient input vali... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-20192

    A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The attacker must have valid IKEv1 VPN credentials to exploi... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 7.4

    HIGH
    CVE-2025-20191

    A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a deni... Read more

    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-20190

    A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient... Read more

    • Published: May. 07, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 7.4

    HIGH
    CVE-2025-20189

    A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (D... Read more

    Affected Products : ios_xe asr_903
    • Published: May. 07, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 10.0

    CRITICAL
    CVE-2025-20188

    A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to up... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-20187

    A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to improper valid... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-20186

    A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador user account to perform a command injection attack against an affec... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-20182

    A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthentic... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2025-20181

    A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute pe... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.3

    HIGH
    CVE-2025-20164

    A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authentica... Read more

    Affected Products : ios
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-20162

    A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue wedge, which could result in a denial of service (DoS) condition. This vulnerability is due t... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 5.9

    MEDIUM
    CVE-2025-20157

    A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validat... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 6.0

    MEDIUM
    CVE-2025-20155

    A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient input validation of the bootstrap file that is read... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-20154

    A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS... Read more

    Affected Products : ios_xe ios ios_xr
    • Published: May. 07, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-20151

    A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the dev... Read more

    Affected Products : ios_xe_sd-wan
    • Published: May. 07, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-20147

    A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system.  This... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.4

    HIGH
    CVE-2025-20140

    A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition. This vulnerability is du... Read more

    • Published: May. 07, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 4.7

    MEDIUM
    CVE-2025-20137

    A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulner... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization
Showing 20 of 293940 Results