988 items
Unread (2112) All Dismissed
HIGH
CVE-2026-50232 (CVSS 7.2) — Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers...
NVD CVE-2026-50232 9h ago
HIGH
CVE-2026-50231 (CVSS 7.2) — Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in t...
NVD CVE-2026-50231 9h ago
HIGH
CVE-2026-50264 (CVSS 7.8) — An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuff...
NVD CVE-2026-50264 11h ago
HIGH
CVE-2026-50261 (CVSS 7.8) — A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client ...
NVD CVE-2026-50261 11h ago
HIGH
CVE-2026-50260 (CVSS 7.8) — A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that s...
NVD CVE-2026-50260 11h ago
HIGH
CVE-2026-50259 (CVSS 7.8) — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() ...
NVD CVE-2026-50259 11h ago
HIGH
CVE-2026-50258 (CVSS 7.8) — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has mu...
NVD CVE-2026-50258CVE-2025-26597 11h ago
HIGH
CVE-2026-50257 (CVSS 7.8) — A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client...
NVD CVE-2026-50257 11h ago
HIGH
CVE-2026-50256 (CVSS 7.8) — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between ...
NVD CVE-2026-50256 11h ago
HIGH
CVE-2026-50265 (CVSS 7) — A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev ...
NVD CVE-2026-50265 12h ago
HIGH
CVE-2026-11332 (CVSS 7.8) — A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency speci...
NVD CVE-2026-11332 14h ago
HIGH
CVE-2026-10877 (CVSS 7.3) — A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up...
NVD CVE-2026-10877 23h ago
HIGH
CVE-2026-10586 (CVSS 7.2) — The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress i...
NVD CVE-2026-10586 23h ago
HIGH
CVE-2026-45497 (CVSS 7.7) — Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop...
NVD CVE-2026-45497 1d ago
HIGH
CVE-2026-20245 (CVSS 7.8) — A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an...
NVD CVE-2026-20245 +2 1d ago
INFO
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026
SecurityWeek 17h ago
INFO
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
BleepingComputer 17h ago
HIGH
CVE-2026-10873 (CVSS 7.2) — A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of t...
NVD CVE-2026-10873 1d ago
HIGH
CVE-2026-10872 (CVSS 7.2) — A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function start_vpnserve...
NVD CVE-2026-10872 1d ago
HIGH
CVE-2026-10871 (CVSS 7.2) — A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function s...
NVD CVE-2026-10871 1d ago
HIGH
CVE-2026-10870 (CVSS 7.2) — A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file ...
NVD CVE-2026-10870 1d ago
HIGH
CVE-2026-50292 (CVSS 7.4) — In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can ...
NVD CVE-2026-50292 1d ago
HIGH
CVE-2026-25551 (CVSS 7.8) — Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability...
NVD CVE-2026-25551 1d ago
HIGH
CVE-2026-5228 (CVSS 8.8) — Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile ...
NVD CVE-2026-5228 1d ago
CRITICAL
CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability (SolarWinds Serv-U)
CISA KEV CVE-2026-28318actively-exploited +1 23h ago
HIGH
CVE-2026-28318 (CVSS 7.5) — SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service wi...
NVD 1d ago
HIGH
CVE-2019-25745 (CVSS 8.2) — WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability th...
NVD CVE-2019-25745 1d ago
HIGH
CVE-2019-25737 (CVSS 7.2) — Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthent...
NVD CVE-2019-25737 1d ago
HIGH
CVE-2019-25736 (CVSS 8.4) — LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to ...
NVD CVE-2019-25736 1d ago
HIGH
CVE-2019-25735 (CVSS 8.4) — AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers t...
NVD CVE-2019-25735 1d ago
HIGH
CVE-2019-25733 (CVSS 8.4) — NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that a...
NVD CVE-2019-25733 1d ago
HIGH
CVE-2019-25732 (CVSS 8.2) — PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers t...
NVD CVE-2019-25732 1d ago
HIGH
CVE-2019-25731 (CVSS 7.2) — Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated a...
NVD CVE-2019-25731 1d ago
HIGH
CVE-2019-25730 (CVSS 8.2) — Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to ...
NVD CVE-2019-25730 1d ago
HIGH
CVE-2019-25728 (CVSS 8.2) — Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to e...
NVD CVE-2019-25728 1d ago
HIGH
CVE-2019-25726 (CVSS 8.2) — All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated ...
NVD CVE-2019-25726 1d ago
HIGH
CVE-2026-10843 (CVSS 7.2) — A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator...
NVD CVE-2026-10843 1d ago
HIGH
CVE-2025-52612 (CVSS 7.1) — HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflect...
NVD CVE-2025-52612 1d ago
HIGH
CVE-2026-50213 (CVSS 7.5) — The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, wh...
NVD CVE-2026-50213 1d ago
HIGH
CVE-2026-50210 (CVSS 7.5) — The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making ...
NVD CVE-2026-50210 1d ago
HIGH
CVE-2026-50209 (CVSS 7.8) — Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (...
NVD CVE-2026-50209 1d ago
HIGH
CVE-2026-50207 (CVSS 7.8) — The system Binder boundary accepts unverified pass-through AT commands, giving local applications th...
NVD CVE-2026-50207 1d ago
HIGH
CVE-2026-50205 (CVSS 8.2) — System log files output unencrypted SMTP server authentication passwords alongside sensitive employe...
NVD CVE-2026-50205 1d ago
HIGH
CVE-2026-49203 (CVSS 8.3) — Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, ...
NVD CVE-2026-49203 1d ago
HIGH
CVE-2026-49202 (CVSS 8.6) — Internal multimedia session archives are accessible without authentication, exacerbated by loose Cro...
NVD CVE-2026-49202 1d ago
HIGH
CVE-2026-49194 (CVSS 8.8) — The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prom...
NVD CVE-2026-49194 1d ago
HIGH
CVE-2026-49193 (CVSS 7.5) — Overly permissive configuration settings on cloud storage containers expose active telemetry informa...
NVD CVE-2026-49193 1d ago
HIGH
CVE-2026-49190 (CVSS 8.8) — The system fails to evaluate instructional permissions over multiple internal operation codes (opcod...
NVD CVE-2026-49190 1d ago
HIGH
CVE-2026-49189 (CVSS 7.8) — Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software c...
NVD CVE-2026-49189 1d ago
HIGH
CVE-2026-49187 (CVSS 7.5) — The hard-coded APK resource files never expire, and the shared scepter leads to information leaks an...
NVD CVE-2026-49187 1d ago
HIGH
CVE-2026-10737 (CVSS 7.5) — The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a...
NVD CVE-2026-10737 1d ago
HIGH
CVE-2026-10777 (CVSS 7.3) — A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b8...
NVD CVE-2026-10777 2d ago
HIGH
CVE-2026-10771 (CVSS 7.3) — A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntit...
NVD CVE-2026-10771 2d ago
HIGH NVD Thu, 04 Jun 2026 23:17:31 UTC
CVE-2026-20245 (CVSS 7.8) — A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an...
https://nvd.nist.gov/vuln/detail/CVE-2026-20245
TL;DR
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A suc…
CVE-2026-20245
Read full story ↗
Related coverage (2)
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026
SecurityWeek 17h ago
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
BleepingComputer 17h ago