Lucene search
K

1676 matches found

CNNVD
CNNVD
added 2026/05/10 12:0 a.m.9 views

Catalyst::Plugin::Statsd 安全漏洞

Catalyst::Plugin::Statsd is a plugin module by Robert Rothenberg, an individual developer, for capturing application runtime metrics and sending them to a statistics system. A security vulnerability exists in Catalyst::Plugin::Statsd 0.10.0 and earlier versions, which stems from an unencrypted...

7.5CVSS5.8AI score0.00244EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/21 6:23 a.m.14 views

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as...

10CVSS7.7AI score0.99991EPSS
Exploits26
CISA
CISA
added 2026/04/20 12:0 p.m.13 views

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2023-27351link is external PaperCut NG/MF Improper Authentication Vulnerability CVE-2024-27199link is external JetBrains TeamCity Relative Path Traversal...

8.2CVSS5.8AI score0.99991EPSS
In wildExploits26References13
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/20 12:0 a.m.7 views

Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow...

5.4CVSS7.7AI score0.07016EPSS
In wildExploits0
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/20 12:0 a.m.6 views

Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems...

7.5CVSS6.1AI score0.10245EPSS
In wildExploits0
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/20 12:0 a.m.7 views

Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability

Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user...

7.5CVSS7.6AI score0.05269EPSS
In wildExploits0
Metasploit
Metasploit
added 2026/04/02 7:1 p.m.90 views

Cisco Catalyst SD-WAN Controller Authentication Bypass

This module exploits an authentication bypass vulnerability CVE-2026-20127 in the Cisco Catalyst SD-WAN Controller vSmart. The vdaemon DTLS control-plane service fails to properly validate the verifystatus byte in CHALLENGEACKACK msgtype=10 messages. The vbondprocchallengeackack handler reads an...

10CVSS7.6AI score0.57793EPSS
Exploits9
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.4 views

CVE-2026-20108

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

5.4CVSS6AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.3 views

CVE-2026-20084

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of BOOTP packets on Cisco...

8.6CVSS5.8AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.3 views

CVE-2026-20086

A vulnerability in the processing of Control and Provisioning of Wireless Access Points CAPWAP packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

8.6CVSS5.9AI score0.00354EPSS
Exploits0References1
NCSC
NCSC
added 2026/03/26 9:50 a.m.5 views

Vulnerabilities fixed in Cisco IOS XE Software

Cisco has fixed vulnerabilities in Cisco IOS XE Software, specifically for several products such as Catalyst 9000 Series Switches, Catalyst CW9800 Family, and Cisco Meraki. The vulnerabilities include several issues, such as a memory leak in the IKEv2 implementation, vulnerabilities in the DHCP...

8.6CVSS5.8AI score0.00354EPSS
Exploits0References11
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15437

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

5.4CVSS6AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.9 views

EUVD-2026-15435

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local...

6.1CVSS6.2AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15433

A vulnerability in the processing of Control and Provisioning of Wireless Access Points CAPWAP packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

8.6CVSS5.9AI score0.00354EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15431

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of BOOTP packets on Cisco...

8.6CVSS5.8AI score0.00354EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 4:16 p.m.7 views

CVE-2026-20108

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

5.4CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 4:16 p.m.6 views

CVE-2026-20084

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of BOOTP packets on Cisco...

8.6CVSS0.00354EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:9 p.m.20 views

CVE-2026-20108

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

5.4CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:9 p.m.72 views

CVE-2026-20108

The CVE-2026-20108 affects Cisco Catalyst SD-WAN Manager’s web-based management interface. The issue is insufficient validation of user input , enabling an authenticated, remote attacker to entice a user to click a crafted link and trigger cross-site scripting . Successful exploitation could exec...

5.4CVSS6AI score0.00162EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 4:5 p.m.1 views

CVE-2026-20104

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local...

6.1CVSS6.2AI score0.00162EPSS
Exploits0References1
Rows per page
Query Builder