Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below - CVE-2026-20184 CVSS...

CVE-2026-20184

A vulnerability in the integration of single sign-on SSO with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability...

CVE-2026-20184

creationtimestamp| type| source ---|---|--- 2026-04-15 16:21:38+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116409637135769540 2026-04-15 17:19:02+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkfor53q72w 2026-04-15 17:21:24+00:00| seen|...

CVE-2022-20184

Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A...

CVE-2020-20184

GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection...

CVE-2025-20184

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid...

CVE-2017-20184

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device...

CVE-2025-20184

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid...

CVE-2024-20184

creationtimestamp| type| source ---|---|--- 2025-02-05 16:37:04+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113952255128702135...

CVE-2025-20184

Cisco CVE-2025-20184 affects the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance. The issue arises from insufficient validation of XML configuration files, allowing an authenticated attacker (with valid admin credentials) to u...

Carlo Gavazzi Powersoft

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Carlo Gavazzi Equipment: Powersoft Vulnerabilities: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access and...

CVE-2017-20184

creationtimestamp| type| source ---|---|--- 2023-05-04 14:31:43+00:00| seen| https://t.me/cibsecurity/63284...

CVE-2017-20184 Carlo Gavazzi Powersoft prone to Path Traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device...

CVE-2017-20184 Carlo Gavazzi Powersoft prone to Path Traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device...

CVE-2017-20184

CVE-2017-20184 affects Carlo Gavazzi Powersoft (versions up to 2.1.1.1). The root cause is improper limitation of a pathname to a restricted directory (path traversal), enabling an unauthenticated, remote attacker to download arbitrary files from the affected device. Public sources in connected d...

USN-5974-1: GraphicsMagick vulnerabilities

It was discovered that GraphicsMagick was not properly performing bounds checks when processing TGA image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted TGA image file, an attacker could possibly use this issue to...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : GraphicsMagick vulnerabilities (USN-5974-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5974-1 advisory. It was discovered that GraphicsMagick was not properly performing bounds checks when processing TGA image files, which could lead...

Moodle 3.10.x < 3.10.1 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.5.x prior to 3.5.16, 3.8.x prior to 3.8.7, 3.9.x prior to 3.9.4 or 3.10.x prior to 3.10.1. It is, therefore, affected by multiple vulnerabilities: - A client-side Denial of Service DoS attack due to the lack of character limit when sending...

Moodle 3.9.x < 3.9.4 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.5.x prior to 3.5.16, 3.8.x prior to 3.8.7, 3.9.x prior to 3.9.4 or 3.10.x prior to 3.10.1. It is, therefore, affected by multiple vulnerabilities: - A client-side Denial of Service DoS attack due to the lack of character limit when sending...

Moodle 3.8.x < 3.8.7 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.5.x prior to 3.5.16, 3.8.x prior to 3.8.7, 3.9.x prior to 3.9.4 or 3.10.x prior to 3.10.1. It is, therefore, affected by multiple vulnerabilities: - A client-side Denial of Service DoS attack due to the lack of character limit when sending...