Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-12 CVE-2025-20143 A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device.
local
low complexity
CWE-347
6.7
6.7
2025-03-12 CVE-2025-20144 A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists.
network
high complexity
CWE-284
4.0
4.0
2025-03-12 CVE-2025-20145 A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured.
network
low complexity
CWE-264
5.8
5.8
2025-03-12 CVE-2025-20146 A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed IPv4 multicast packets that are received on line cards where the interface has either an IPv4 access control list (ACL) or a QoS policy applied.
network
low complexity
CWE-20
8.6
8.6
2025-03-12 CVE-2025-20177 A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device.
local
low complexity
CWE-274
6.7
6.7
2025-03-12 CVE-2025-20209 A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.  This vulnerability is due to improper handling of malformed IKEv2 packets.
network
low complexity
CWE-770
7.5
7.5
2025-03-12 CVE-2024-52362 Improper Validation of Syntactic Correctness of Input vulnerability in IBM products
IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.
network
low complexity
ibm CWE-1286
6.5
6.5
2025-03-12 CVE-2025-21590 Insufficient Compartmentalization vulnerability in Juniper Junos
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS:  * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6,  * 22.4 versions before 22.4R3-S6,  * 23.2 versions before 23.2R2-S3,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2.
local
low complexity
juniper CWE-653
4.4
4.4
2025-03-12 CVE-2025-27788 JSON is a JSON implementation for Ruby.
network
low complexity
CWE-125
7.5
7.5
2025-03-12 CVE-2025-27794 Injection vulnerability in Flarum
Flarum is open-source forum software.
network
high complexity
flarum CWE-74
6.8
6.8