Security Vulnerabilities - Known exploited
CVE-2025-20281
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Known exploited
CVSS Score
10.0
EPSS Score
0.36
Published
2025-06-25
CVE-2025-6543
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Known exploited
CVSS Score
9.2
EPSS Score
0.013
Published
2025-06-25
CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
Known exploited
CVSS Score
10.0
EPSS Score
0.454
Published
2025-06-24
CVE-2025-48700
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction.
Known exploited
CVSS Score
6.1
EPSS Score
0.224
Published
2025-06-23
CVE-2025-6218
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
Known exploited
CVSS Score
7.8
EPSS Score
0.062
Published
2025-06-21
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Known exploited
CVSS Score
9.3
EPSS Score
0.689
Published
2025-06-17
CVE-2025-43200
This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Known exploited
CVSS Score
4.2
EPSS Score
0.009
Published
2025-06-16
CVE-2025-33073
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.492
Published
2025-06-10
CVE-2025-33053
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
Known exploited
CVSS Score
8.8
EPSS Score
0.503
Published
2025-06-10
CVE-2025-47827
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Known exploited
CVSS Score
4.6
EPSS Score
0.01
Published
2025-06-05