CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

145 matches found

Tenable Nessus•added 2026/04/23 12:0 a.m.•3 views

Cisco IOS XE Software Lobby Ambassador Privilege Escalation (cisco-sa-iosxe-lobby-privesc-KwxBqJy)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would...

5.4CVSS8.8AI score0.00041EPSS

Exploits0References4

RedhatCVE•added 2026/03/26 5:0 p.m.•2 views

CVE-2026-20114

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because...

5.4CVSS5.9AI score0.00041EPSS

Exploits0References1

NCSC•added 2026/03/26 9:50 a.m.•2 views

Vulnerabilities fixed in Cisco IOS XE Software

Cisco has fixed vulnerabilities in Cisco IOS XE Software, specifically for several products such as Catalyst 9000 Series Switches, Catalyst CW9800 Family, and Cisco Meraki. The vulnerabilities include several issues, such as a memory leak in the IKEv2 implementation, vulnerabilities in the DHCP...

8.6CVSS5.8AI score0.00202EPSS

Exploits0References11

EUVD•added 2026/03/25 6:31 p.m.•2 views

EUVD-2026-15445

5.4CVSS5.9AI score0.00041EPSS

Exploits0References2

NVD•added 2026/03/25 4:16 p.m.•2 views

CVE-2026-20114

5.4CVSS0.00041EPSS

Exploits0References1

Cvelist•added 2026/03/25 4:8 p.m.•17 views

CVE-2026-20114

5.4CVSS0.00041EPSS

Exploits0References1

CVE•added 2026/03/25 4:8 p.m.•57 views

CVE-2026-20114

Cisco IOS XE Lobby Ambassador web-based management API has a vulnerability where an authenticated Lobby Ambassador can bypass validation to create a new user with privilege level 1 access, enabling access to management APIs. Root cause: insufficient validation of API parameters. Impact: privilege...

5.4CVSS5.9AI score0.00041EPSS

Exploits0References1

Cisco•added 2026/03/25 4:0 p.m.•13 views

Cisco IOS XE Software Lobby Ambassador Privilege Escalation Vulnerability

5.4CVSS5.9AI score0.00041EPSS

Exploits0References1

Positive Technologies•added 2026/03/25 12:0 a.m.•0 views

PT-2026-27797

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the Lobby Ambassador web-based management API of Cisco IOS XE Software that could allow an authenticated, remote attacker to gain elevated privileges and access...

5.4CVSS6AI score0.00041EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 9:30 a.m.•3 views

CVE-2023-43797

BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...

6.3CVSS6.2AI score0.00071EPSS

Exploits0References1

Snyk•added 2025/12/02 6:50 a.m.•3 views

Malicious Package

Overview chia-gaming-lobby-connection is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score

Exploits0References2

OSSF Malicious Packages•added 2025/11/27 3:17 p.m.•9 views

Malicious code in chia-gaming-lobby-connection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54adc68041a37b745f5dd254458f4a92981e5954641131ac846256b6d4ab7f6c The package chia-gaming-lobby-connection was found to contain malicious code. Source: ghsa-malware...

7AI score

Exploits0References1