Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-06-04 CVE-2025-5603 A vulnerability has been found in Campcodes Hospital Management System 1.0 and classified as critical.
network
low complexity
CWE-74
7.3
7.3
2025-06-04 CVE-2025-20129 A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface.
network
low complexity
CWE-200
4.3
4.3
2025-06-04 CVE-2025-20130 A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function.
network
low complexity
CWE-284
4.9
4.9
2025-06-04 CVE-2025-20163 A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation.
network
high complexity
CWE-322
8.7
8.7
2025-06-04 CVE-2025-20259 Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system.
local
low complexity
CWE-22
5.3
5.3
2025-06-04 CVE-2025-20261 A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services.
network
low complexity
CWE-923
8.8
8.8
2025-06-04 CVE-2025-20273 A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation.
network
low complexity
CWE-79
6.1
6.1
2025-06-04 CVE-2025-20275 A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.  This vulnerability is due to insecure deserialization of Java objects by the affected software.
local
low complexity
CWE-502
5.3
5.3
2025-06-04 CVE-2025-20276 A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
network
low complexity
CWE-502
3.8
3.8
2025-06-04 CVE-2025-20277 A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device.
local
low complexity
CWE-22
3.4
3.4