Lucene search
K
VulnrichmentRecent

161861 matches found

Vulnrichment
Vulnrichment
added 2026/06/17 8:39 p.m.10 views

CVE-2026-49133 Typemill < 2.24.0 Path Traversal via ControllerApiImage::getPagemedia()

Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile with an empty folder...

7.1CVSS5.4AI score0.00343EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 8:33 p.m.11 views

CVE-2026-48821 Shaarli: DOM-based Cross-Site Scripting (XSS) in Thumbnail Synchronizer

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted...

5.8CVSS5.2AI score0.0013EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 8:7 p.m.12 views

CVE-2026-11407 Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed

Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed and checkPropertyAllowed implementations in the custom Twig SecurityPolicy. Attackers can...

8.6CVSS6.7AI score0.00623EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 8:6 p.m.12 views

CVE-2026-48823 Shaarli has Stored Cross-Site Scripting (XSS) via Tags Search

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...

4.8CVSS5.3AI score0.00115EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 8:5 p.m.18 views

CVE-2026-32682 NGINX Gateway Fabric vulnerability

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

7.1CVSS5.4AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 8:4 p.m.10 views

CVE-2026-50107 NGINX Gateway Fabric vulnerability

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS5.6AI score0.00492EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 7:59 p.m.10 views

CVE-2026-48822 Shaarli has Stored Cross-Site Scripting (XSS) via Markdown Reference Links

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...

5.8CVSS5.3AI score0.0012EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 7:59 p.m.13 views

CVE-2026-54388 Tinyproxy - HTTP Request Smuggling via Duplicate Content-Length Headers

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

9.3CVSS5.5AI score0.00439EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/17 7:48 p.m.21 views

CVE-2026-54387 Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronization

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS6AI score0.00439EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/17 7:48 p.m.15 views

CVE-2026-48817 Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...

5.3CVSS5.2AI score0.00213EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 7:42 p.m.9 views

CVE-2026-48814 Network-AI: Empty default secret still authorizes all requests (Incomplete fix for CVE-2026-46701)

Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin MCP tool invocation due to an empty default secret. This issue was partially addressed by CVE-2026-46701 in version 5.4.5 by closing the CORS flaw wit...

9.1CVSS5.3AI score0.00297EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 7:13 p.m.4 views

CVE-2026-55202 Tinyproxy - Stathost Detection Bypass via Host Header Manipulation

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 7:8 p.m.18 views

CVE-2026-55201 Evil-WinRM - Path Traversal in download_dir() Function

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...

7.4CVSS5.4AI score0.00304EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 7:3 p.m.18 views

CVE-2026-55200 libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...

9.2CVSS5.9AI score0.00732EPSS
Exploits11References3
Vulnrichment
Vulnrichment
added 2026/06/17 7:1 p.m.10 views

CVE-2026-10741 Nexus Repository Manager - Incorrect Authorization allows credential disclosure via proxy repository configuration

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials...

5.9CVSS5.2AI score0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 6:44 p.m.11 views

CVE-2026-55199 libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

8.2CVSS5.3AI score0.00408EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/17 6:43 p.m.10 views

CVE-2026-10696

Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to execute an...

5.4AI score0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 6:30 p.m.9 views

CVE-2026-12529 SourceCodester CET Automated Grading System with AI Predictive Analytics Student Self-Registration Endpoint index.php access control

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access controls. Remote...

7.5CVSS6.9AI score0.00284EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 5:59 p.m.10 views

CVE-2026-55198 Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The handlesessionexport handler in api/routes.py fails to verify active-profile ownership before serializing session...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 5:59 p.m.9 views

CVE-2026-55197 Hermes WebUI < 0.51.443 - Broken Access Control in /api/session Endpoint

Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles via GET...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 5:58 p.m.5 views

CVE-2026-55196 Hermes WebUI < 0.51.409 - Unauthenticated Passkey Registration via Authentication Bypass

Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMESWEBUIPASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options an...

9.1CVSS6.1AI score0.00579EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 5:58 p.m.11 views

CVE-2026-53871 Hermes WebUI < 0.51.368 - Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie

Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the getprofilecookie function that accepts unauthenticated profile names from the hermesprofile cookie. An authenticated attacker can forge the hermesprofile cookie value to bypass profile-scoped authorization checks a...

8.6CVSS5.3AI score0.00365EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 5:57 p.m.9 views

CVE-2026-53870 Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files

Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...

6.8CVSS5.3AI score0.00108EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 5:57 p.m.10 views

CVE-2026-53869 Hermes Agent < 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling...

8.7CVSS5.5AI score0.006EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 5:50 p.m.11 views

CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS5.3AI score0.00368EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/17 5:31 p.m.9 views

CVE-2026-11525 undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

3.7CVSS5.3AI score0.00248EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 5:25 p.m.11 views

CVE-2026-2674 Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers.

Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional Queueing Service,Core Libraries,Persistence Service allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 befo...

4.8CVSS5.3AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:21 p.m.9 views

CVE-2026-30803 Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.

Integer Underflow Wrap or Wraparound vulnerability in RTI Connext Micro Core Libraries allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0...

8.8CVSS5.3AI score0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:20 p.m.10 views

CVE-2026-30802 Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.

Out-of-bounds Read vulnerability in RTI Connext Micro Core Libraries allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0, from 2.4.5 before 2.4...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:20 p.m.8 views

CVE-2026-30799 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3., from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

6.1CVSS5.3AI score0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:20 p.m.9 views

CVE-2026-7300 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in RTI Connext Professional Web Integration Service allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7., from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1...

8.8CVSS5.3AI score0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:19 p.m.9 views

CVE-2026-3894 Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.

Out-of-bounds Read vulnerability in RTI Connext Professional Core Libraries allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3., from 5.0.0 before 5.2...

9.2CVSS5.3AI score0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:19 p.m.9 views

CVE-2026-2675 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.

Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...

6CVSS5.3AI score0.00212EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:17 p.m.10 views

CVE-2026-2467 Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.

Heap-based Buffer Overflow vulnerability in RTI Connext Professional Core Libraries allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3., from 5.0.0...

9.2CVSS5.3AI score0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:14 p.m.8 views

CVE-2026-6733 undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.2AI score0.00228EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 5:7 p.m.12 views

CVE-2026-20266 OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit

In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which construct...

9.1CVSS6AI score0.00469EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:7 p.m.11 views

CVE-2026-20265 Insecure Default Domain Allowlist in Splunk AI Toolkit

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...

4.3CVSS5.4AI score0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:4 p.m.9 views

CVE-2026-9678 undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 4:58 p.m.8 views

CVE-2026-47774 Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS5.8AI score0.00815EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/17 4:56 p.m.4 views

CVE-2026-9679 undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

5.9CVSS6AI score0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 4:46 p.m.6 views

CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS6.4AI score0.00476EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 4:44 p.m.26 views

CVE-2026-53805 NVIDIA SIL GEN3C Unauthenticated RCE via Pickle Deserialization in Inference API

NVIDIA Spatial Intelligence Lab's SIL GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads without authentication or input validation...

9.8CVSS6.2AI score0.00685EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/06/17 4:42 p.m.10 views

CVE-2026-48591 Stored XSS via unescaped HTML attribute values in earmark

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...

4.8CVSS5AI score0.00133EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 4:36 p.m.11 views

CVE-2026-6734 undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

7.5CVSS5.3AI score0.00358EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 4:28 p.m.9 views

CVE-2026-20178

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to...

4.3CVSS5.5AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 4:20 p.m.9 views

CVE-2026-9675 undici WebSocket client vulnerable to denial of service via cumulative fragment bypass

Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causin...

7.5CVSS5.3AI score0.00426EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 4:17 p.m.10 views

CVE-2026-20246 Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...

6CVSS5.3AI score0.00104EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 4:17 p.m.11 views

CVE-2026-20220 Cisco Crosswork Network Controller Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the...

6.3CVSS6.1AI score0.00253EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 4:17 p.m.9 views

CVE-2026-20190 Cisco Identity Services Engine Information Disclosure Vulnerability

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

7.5CVSS5.4AI score0.00407EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 4:16 p.m.6 views

CVE-2026-20181 Cisco Identity Services Engine Remote Code Execution Vulnerability

A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.1CVSS6AI score0.00748EPSS
Exploits0References1
Total number of security vulnerabilities161861