PT-2026-22732

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.9 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.11.7 WatchGuard Fireware OS versions 2025.1 through 2026.1.1 Description An Out-of-bounds Write vulnerability exists in WatchGuard...

PT-2026-22840

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.4 Description Froxlor is open source server administration software. A flaw in the input validation code, specifically a typo where '==' was used instead of '=', disables email format checking for settings fields...

PT-2026-22949

Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 and 5.9.0-beta.1 Description A security issue exists that allows an authenticated administrator to execute arbitrary code. This is possible by injecting a Server-Side Template Injection SSTI payload into...

WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload vulnerability

WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin = 7.0.0.3 - Authenticated Administrator+ Server-Side Request Forgery to Arbitrary File Upload vulnerability discovered by lucsob in WordPress Plugin Uncanny Automator versions = 7.0.0.3...

CVE-2026-20099

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is...

CVE-2026-20099 Cisco UCS Manager and FXOS Software Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is...

CVE-2026-20099 Cisco UCS Manager and FXOS Software Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is...

Cisco FXOS and UCS Manager Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of...

CVE-2025-11848

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

PT-2026-21938

Name of the Vulnerable Software and Affected Versions Cisco UCS Manager Software affected versions not specified Description A flaw exists in the Command Line Interface CLI and web-based management interface of Cisco UCS Manager Software that could permit an authenticated, remote attacker...

CVE-2026-27518

CVE-2026-27518 affects Binardat 10G08-0800GSM Network Switch firmware up to version V300SP10260209, which allegedly lacks CSRF protections for state-changing actions in the administrative interface. An authenticated administrator can be tricked into performing unauthorized configuration changes. ...

CVE-2025-11847

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

CVE-2025-11848

The CVE-2025-11848 entry concerns a null pointer dereference in the Wake-on-LAN CGI program of Zyxel devices. Affected products are Zyxel VMG3625-T50B (firmware up to 5.50(ABPM.9.6)C0) and Zyxel WX3100-T0 (firmware up to 5.50(ABVL.4.8)C0). The vulnerability can be triggered by an authenticated at...

CVE-2026-27741

Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...

CVE-2026-22567

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...

CVE-2026-22567 ZIA Admin UI Input Validation Bug

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...

Brocade Fabric OS < 9.2.1c2 / 9.2.2 < 9.2.2b Multiple Vulnerabilities

The version of Brocade FabricOS installed on the remote host is prior to 9.2.1c2, or 9.2.2 prior to 9.2.2b. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in Brocade Fabric OS could allow an authenticated attacker with admin privileges using the shell commands source,...

CVE-2026-26957 Libredesk has an SSRF Vulnerability via Webhooks

Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal...

CVE-2026-26952 Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection through the local DNS records configuration page, which allows an authenticated administrator to inject cod...

CVE-2026-26952 Pi-hole Web Interface has Stored HTML Injection via Local DNS Records (CNAME/Hosts) in data-tag Attribute

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection through the local DNS records configuration page, which allows an authenticated administrator to inject cod...