CVE-2026-20136 Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. Th...

CVE-2026-20180

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

SUSE CVE-2024-44201

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iPadOS 17.7.3, macOS Sequoia 15.1, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Processing a malicious crafted file may lead to a denial-of-service...

Agent Zero 安全漏洞

Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Version 0.9.8 of Agent Zero contains a security vulnerability, which stems from a flaw in the external MCP server configuration function. This vulnerability could allow attackers to execute arbitrary operating system...

CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

Photon OS 5.0: Etcd PHSA-2026-5.0-0802

An update of the etcd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0802. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2026-35196 Chamilo LMS has OS Command Injection via export_all_certificates action

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...

EUVD-2026-22647

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows TCP/IP allows an unauthorized attacker to execute code over a network...

EUVD-2026-22496

Null pointer dereference in Windows Local Security Authority Subsystem Service LSASS allows an unauthorized attacker to deny service over a network...

EUVD-2026-22459

Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...

2026-04 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5082142)

2026-04 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems KB5082142...

2026-04 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 for x64 (KB5082418)

2026-04 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 for x64 KB5082418...

CVE-2026-33099

Technical details (affected products, root cause, vulnerable components, or exploitation specifics) are not publicly provided in the supplied documents. Monitor for updates from sources like MSRC and the CVE record.

CVE-2026-33099

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-20806 Windows COM Server Information Disclosure Vulnerability

...

CVE-2026-32156 Windows UPnP Device Host Remote Code Execution Vulnerability

...

CVE-2026-32073

CVE-2026-32073 refers to a Local Privilege Escalation in the Windows Ancillary Function Driver for WinSock. The advisory notes a local attack vector with high impact (C:H/I:H/A:H) and a low-privilege, no-user-interaction requirement, under CVSS 3.1: base score 7.0, attack vector Local, attack com...