CVE-2026-20091

CVE-2026-20091 affects Cisco FXOS Software and Cisco UCS Manager Software via the web-based management interface. The issue is a stored cross-site scripting flaw caused by insufficient input validation in the interface, allowing an authenticated attacker with Administrator/AAA Administrator crede...

CVE-2026-20122

Cisco Catalyst SD-WAN Manager API vulnerability (CVE-2026-20122) affects the Cisco Catalyst SD-WAN Manager, including the Data Collection Agent service. The root cause is improper file handling and privileged API usage on the API interface, enabling an authenticated, remote attacker with valid re...

Cisco UCS Manager Software Command Injection Vulnerability

A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to...

Cisco FXOS and UCS Manager Software Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is...

Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability

A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. To exploit this vulnerability, the attacker...

Cisco UCS Manager Software Privilege Escalation Vulnerability

A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the...

Cisco FXOS and UCS Manager Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software...

CVE-2026-27704 Dart SDK and Flutter SDK have Zip slip in Dart Pub package extraction

The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client dart pub and flutter pub extracts a package in the pub cache, a malicious package archive can...

CVE-2026-3185 feiyuchuixue sz-boot-parent API Endpoint sys-message authorization

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploi...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software...

Exploit for CVE-2025-69985

FUXA ≤ 1.2.8 Auth Bypass + RCE CVE-2025-69985...

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 CVSS v4 score: 8.7, is a case of...

Security Bulletin: IBM Automation Decision Services for Jan 2026- Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7783...

CVE-2025-68277 OpenEMR allows links sent via Secure Messaging to be opened in OpenEMR and Portal

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking the link opens the website within the OpenEMR/Portal site. This behavior could be exploited for phishing. Version 7.0...

SUSE CVE-2026-2776

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

Adobe After Effects Type Obfuscation Vulnerability

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A type confusion vulnerability exists in Adobe After Effects, which can be...

PT-2026-21928

Name of the Vulnerable Software and Affected Versions KrakenD-CE versions prior to 2.13.1 KrakenD-EE versions prior to 2.13.0 Description An improper resource shutdown or release issue exists in KrakenD, specifically within the CircuitBreaker modules of both KrakenD-CE and KrakenD-EE. The issue...

Mercator 跨站脚本漏洞

Mercator is an ecosystem visualization software developed by Didier Barzin. Versions of Mercator before 2026.02.22 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of unescaped Blade directives in the display templates, which could lead to storage-based...

Sz-Admin 代码问题漏洞

Sz-Admin is a mid-backend management software developed by INS6+ individual developers. Versions of Sz-Admin such as 1.3.2-beta and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of parameters in the files/download file and API, particularly the url...