|
2221
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed th…
|
CWE-80
Basic XSS
|
CVE-2026-20170
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2222
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploi…
|
CWE-22
Path Traversal
|
CVE-2026-20180
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2223
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploi…
|
CWE-77
Command Injection
|
CVE-2026-20186
|
2026-04-18 00:09 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2224
|
8.2 |
HIGH
Local
|
-
|
-
|
Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged l…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-34632
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2225
|
8.1 |
HIGH
Network
|
-
|
-
|
An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulne…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-3605
|
2026-04-18 00:08 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2226
|
7.5 |
HIGH
Network
|
-
|
-
|
If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin bac…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-4525
|
2026-04-18 00:08 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2227
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially lea…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-5052
|
2026-04-18 00:08 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2228
|
7.5 |
HIGH
Network
|
-
|
-
|
Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress op…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-5807
|
2026-04-18 00:08 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2229
|
8.4 |
HIGH
Network
|
-
|
-
|
IdentityIQ 8.5, all
IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ
8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug
Pages Read Only capabil…
|
CWE-863
Incorrect Authorization
|
CVE-2026-4857
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2230
|
- |
|
-
|
-
|
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-5189
|
2026-04-18 00:08 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
