Lucene search
K

72883 matches found

NVD
NVD
added 2026/03/25 4:16 p.m.6 views

CVE-2026-20114

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because...

5.4CVSS0.00284EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 4:16 p.m.7 views

CVE-2026-20113

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validatio...

5.3CVSS0.0029EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 4:16 p.m.7 views

CVE-2026-20108

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

5.4CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.24 views

CVE-2026-25345 WordPress SimpLy Gallery plugin <= 3.3.2 - Arbitrary Code Execution vulnerability

Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through = 3.3.2...

9.9CVSS0.00447EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-25345 WordPress SimpLy Gallery plugin <= 3.3.2 - Arbitrary Code Execution vulnerability

Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through = 3.3.2...

9.9CVSS5.9AI score0.00447EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.10 views

CVE-2026-25345

CVE-2026-25345 affects the WordPress SimpLy Gallery plugin (simply-gallery-block) up to version 3.3.2. The issue is an improper validation of a specified quantity in input, allowing access to functionality not properly constrained by ACLs. This can lead to arbitrary code execution (as reported in...

9.9CVSS5.8AI score0.00447EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.8 views

CVE-2026-25025

VikRestaurants (WordPress plugin)

7.1CVSS5.8AI score0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:9 p.m.3 views

CVE-2026-20108

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:9 p.m.20 views

CVE-2026-20108

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

5.4CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:8 p.m.20 views

CVE-2026-20112

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. Th...

4.8CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:8 p.m.72 views

CVE-2026-20112

Cisco IOx web-based management interface in Cisco IOS XE is affected by a stored XSS vulnerability due to insufficient input validation. An attacker with valid administrative credentials could inject malicious code into specific pages, potentially executing scripts in the browser context or acces...

4.8CVSS6AI score0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:8 p.m.3 views

CVE-2026-20112

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. Th...

4.8CVSS6.1AI score0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:8 p.m.2 views

CVE-2026-20113

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validatio...

5.3CVSS5.9AI score0.0029EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:8 p.m.63 views

CVE-2026-20114

Cisco IOS XE Lobby Ambassador web-based management API has a vulnerability where an authenticated Lobby Ambassador can bypass validation to create a new user with privilege level 1 access, enabling access to management APIs. Root cause: insufficient validation of API parameters. Impact: privilege...

5.4CVSS5.9AI score0.00284EPSS
Exploits0References1
Cisco
Cisco
added 2026/03/25 4:0 p.m.10 views

Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

5.4CVSS6AI score0.00162EPSS
Exploits0References1
Cisco
Cisco
added 2026/03/25 4:0 p.m.14 views

Cisco IOx Application Hosting Environment Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. Th...

4.8CVSS6AI score0.00194EPSS
Exploits0References1
Cisco
Cisco
added 2026/03/25 4:0 p.m.28 views

Cisco IOx Application Hosting Environment Carriage Return Line Feed Injection Vulnerability

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validatio...

5.3CVSS5.8AI score0.0029EPSS
Exploits0References1
NCSC
NCSC
added 2026/03/25 2:15 p.m.8 views

Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS Specifically Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4. The vulnerabilities include several issues such as insufficient input validation, improper memory handling, and issues with permissions that could lead to unauthorized access to sensitive...

9.3CVSS5.7AI score0.015EPSS
Exploits7References3
NCSC
NCSC
added 2026/03/25 2:2 p.m.8 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities include several issues such as improper path management, memory management, and insufficient input validation, which could lead to unauthorized access to sensitive data, unexpected application terminations, and other...

9.8CVSS5.8AI score0.00865EPSS
Exploits5References2
OSV
OSV
added 2026/03/25 12:45 p.m.5 views

CLSA-2026-1774442729 tomcat: Fix of CVE-2026-24734

CVE-2026-24734: fix improper input validation vulnerability...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References1
Rows per page
Query Builder