|
1011
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected devi…
|
CWE-59
Link Following
|
CVE-2026-20161
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1012
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-20184
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1013
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirem…
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-20152
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1014
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed th…
|
CWE-80
Basic XSS
|
CVE-2026-20170
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1015
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploi…
|
CWE-22
Path Traversal
|
CVE-2026-20180
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1016
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploi…
|
CWE-77
Command Injection
|
CVE-2026-20186
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1017
|
8.2 |
HIGH
Local
|
-
|
-
|
Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged l…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-34632
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1018
|
8.1 |
HIGH
Network
|
-
|
-
|
An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulne…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-3605
|
2026-04-18 00:08 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1019
|
7.5 |
HIGH
Network
|
-
|
-
|
If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin bac…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-4525
|
2026-04-18 00:08 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1020
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially lea…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5052
|
2026-04-18 00:08 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
