Cisco SSM On-Prem <= 8-202206 - Password Reset Account Takeover

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

CVE-2026-34926

A directory traversal vulnerability in the Apex One on-premise server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex...

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 CVSS score: 8.1, has been described as a spoofing bug stemming from a cross-site scriptin...

CVE-2026-7163 Assisted-service: assisted-service: authenticated users can gain administrative access to openshift clusters via credential disclosure

A vulnerability in the assisted-service REST API, an optional Assisted Installer assisted-service component in the Multicluster Engine MCE, allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub...

PT-2026-32619

Name of the Vulnerable Software and Affected Versions Kiuwan Cloud affected versions not specified Kiuwan SAST on-premise KOP versions prior to 2.8.2509.4 Description Kiuwan SAST improperly authorizes SSO logins for mapped user accounts that have been locally disabled. This allows users whose...

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Patch 1 Vulnerability Details CVEID:CVE-2024-58340 DESCRIPTION: LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.pars...

CVE-2026-23818

CVE-2026-23818 describes an open redirect in the GUI of HPE Aruba Networking Private 5G Core On-Prem login flow. An attacker could craft a URL to lure an authenticated user to an attacker-controlled page hosting a spoofed login page, prompting credential disclosure before returning the user to th...

EUVD-2026-17956

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An...

CVE-2026-20151

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this...

CVE-2026-20160

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An...

CVE-2026-20160 Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An...

CVE-2026-20151 Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this...

CVE-2026-20151

Cisco Smart Software Manager On-Prem (SSM On-Prem) web interface vulnerability allows an authenticated remote user to elevate privileges from low to administrative due to improper transmission of sensitive user information. Exploitation requires valid credentials (role: System User); attacker can...

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An...

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this...

Cisco Smart Software Manager On-Prem 安全漏洞

Cisco Smart Software Manager On-Prem is a component developed by Cisco, Inc., used for managing licenses of Cisco products. Cisco Smart Software Manager On-Prem has a security vulnerability that arises from the unintentional exposure of internal services, which may allow unverified remote attacke...

CVE-2025-2274

Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security On-Prem on Windows allows Stored XSS.This issue affects Web Security through 8.5.6...

EUVD-2026-9314

IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...

PT-2026-22144

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One affected versions not specified Description A link following issue in the scan engine allows a local attacker to escalate privileges. To exploit this, the attacker must already have the ability to execute low-privileged co...

CVE-2025-15563

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here...