CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 14 hours ago•50 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...

10CVSS7.9AI score0.91303EPSS

Exploits1References3

CVE•added yesterday•18 views

CVE-2026-20245

Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) CLI is affected by CVE-2026-20245. A authenticated, local attacker can inject commands as root by uploading a crafted file due to insufficient input validation. Exploitation requires netadmin privileges (valid credentials or other vector not...

7.8CVSS6.1AI score

Cvelist•added yesterday•18 views

CVE-2026-20245 Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input...

7.8CVSS

Cisco•added yesterday•4 views

Cisco Catalyst SD-WAN Manager Authenticated Privilege Escalation Vulnerability

7.8CVSS6AI score

NVD•added yesterday•6 views

CVE-2026-50224

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

6.9CVSS0.00039EPSS

EUVD•added yesterday•5 views

EUVD-2026-34229

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

ATTACKERKB•added yesterday•3 views

CVE-2026-50224

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

CVE•added yesterday•9 views

CVE-2026-50224

CVE-2026-50224 describes that the web administration panel binds broadly to the public IPv6 space on port [::]:8080 with no default firewall limits, making internal API endpoints reachable over the WAN. The NVD entry cites a network attack vector with low exploit complexity and no user interactio...

Vulnrichment•added yesterday•5 views

CVE-2026-50224 Unauthenticated IPv6 WAN Management Exposure

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

Positive Technologies•added yesterday•9 views

PT-2026-46400

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description Insufficient validation of user-supplied input in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, allows an authenticated local attacker with netadmin...

7.8CVSS6.1AI score

Exploits0References4

Positive Technologies•added yesterday•8 views

PT-2026-46176

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

NVD•added 2 days ago•7 views

CVE-2026-36603

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...

8.1CVSS0.00022EPSS

Qualys Blog•added 2 days ago•5 views

Stop Patching at Human Speed: Peer-to-Peer (P2P) Distribution Closes the Remediation Gap Before Attackers Strike

Executive Summary Knowing what’s exploitable is only half the battle. P2P patch distribution turns your endpoints into a delivery network, cutting patch propagation by up to 92%, reducing WAN bandwidth by 99%+, and helping close critical vulnerabilities before attackers can move. Available now in...

6AI score

Exploits0

Nuclei•added 2 days ago•8 views

VMware NSX SD-WAN Edge - Command Injection

VMware NSX SD-WAN Edge formerly VeloCloud Edge before 3.1.2 contains an unauthenticated command injection in the local web UI diagnostic tools Ping/Traceroute. This template detects it reliably by injecting 'id', 'whoami', and a random marker. id: CVE-2018-6961 info: name: VMware NSX SD-WAN Edge ...

8.1CVSS7.2AI score0.93883EPSS

Exploits6References3

Vulnrichment•added 2 days ago•4 views

CVE-2026-36603

5.9AI score0.00022EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-34142

5.9AI score0.00022EPSS

Nuclei•added 4 days ago•11 views

Citrix SD-WAN and NetScaler SD-WAN - SQL Injection

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 contain an SQL injection vulnerability. An unauthenticated attacker can exploit improper validation of input in specific components, which could allow for execution of arbitrary SQL queries against the backend database...

9.8CVSS7.5AI score0.9152EPSS

Exploits5References4

Nuclei•added 5 days ago•26 views

Cisco SD-WAN vManage Software - Local File Inclusion

Cisco SD-WAN vManage Software in the application data endpoints is vulnerable to local file inclusion which could allow an unauthenticated, remote attacker to gain access to sensitive information. id: CVE-2020-26073 info: name: Cisco SD-WAN vManage Software - Local File Inclusion author: madrobot...

7.5CVSS5.8AI score0.90927EPSS