CVE-2026-4764

The CVE reports a Missing Authorization in Dialogflow CX’s playbook import on Google Cloud Platform. An authenticated user with specific roles can escalate privileges via a malicious playbook import, potentially taking over a GCP project. The issue affects Dialogflow CX playbook import functional...

EUVD-2026-36221

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...

PT-2026-48647

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...

EUVD-2026-34135

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability...

EUVD-2026-27864

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

CVE-2026-3259 Sensitive Data Disclosure in BigQuery via Materialized View Error Messages

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

Cisco Webex Contact Center Cross-Site Scripting Vulnerability

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This...

EUVD-2026-9473

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this...

CVE-2026-20149

Cisco Webex contains an unauthenticated XSS vulnerability due to improper input filtering. An attacker could trick a user into clicking a malicious link, potentially executing scripts in the user’s context. Cisco has addressed the issue; no customer action is required. Affected product: Cisco Web...

CVE-2026-3136

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...

CVE-2026-3136

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...

EUVD-2026-9302

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...

CVE-2026-2274

CVE-2026-2274 describes a vulnerability in Google AppSheet’s AppSheet Core allowing an authenticated remote attacker to perform SSRF and arbitrary file read via crafted requests to the production cluster. Affected behavior includes reading sensitive local files and accessing internal network reso...

EUVD-2025-201881

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...

CVE-2025-13292 Improper access control in Google Cloud Apigee-X allows cross-tenant Analytics modification and log data access.

A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...

CVE-2025-11915 HTTP Desynchronisation in Vertex AI for certain third-party models

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...

CVE-2025-20328

A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to conduct a cross-site scripting XSS attack against a user of the web-based interface. Cisco has addressed this vulnerability in the Cisco Webex Meetings...

Epson Web Installer for Mac vulnerable to missing authentication for critical function

Overview Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability. Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON's products. It contains "helper tool" and...

Cisco Duo Self-Service Portal Command Injection Vulnerability

A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting...

Cisco Webex Meetings Services HTTP Cache Poisoning Vulnerability

A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests to the affected service. An attacker could...