Overview
Description
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Statistics
- 10 Posts
- 3 Interactions
Last activity: 5 hours ago
Fediverse
Cisco Talos is tracking active exploitation of CVE-2026-20127 affecting Cisco Catalyst SD-WAN Controllers. Customers are strongly advised to review our latest threat advisory (https://cs.co/9001hs79z) and follow the published guidance (https://cs.co/9001hs7aL) to protect your environment.
Cisco SDWAN Controller vulnerability in the wild and at the network edge. CVE-2026-20127 by UAT-8616. Heads up. https://blog.talosintelligence.com/uat-8616-sd-wan/ #threatintelligence #cybersecurity #cisco
Bluesky
The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on an affected system by sending a crafted request. thehackernews.com/2026/02/ci...
📌 CVE-2026-20127 - A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly... https://www.cyberhub.blog/cves/CVE-2026-20127
⚠️ CISA added CVE-2026-20127 to its KEV catalog and issued ED 26-03 after active exploitation of Cisco Catalyst SD-WAN. An auth bypass lets unauthenticated attackers gain admin access and manipulate SD-WAN configs. Patch now. Modat Magnify Query: web.html~"Cisco SD-WAN" OR web.html~"Cisco Catalyst"
Cisco SD-WAN ゼロデイ脆弱性 CVE-2026-20127 が 2023 年から管理者アクセスに悪用される
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access #HackerNews (Feb 26)
thehackernews.com/2026/02/cisc...
The latest update for #ArcticWolf includes "CVE-2026-20127: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability" and "Welcoming Sevco Security: Expanding the Aurora Platform with Visionary Exposure Management".
#cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems (CVE-2026-20127) #patchmanagement
~Sophos~
CISA warns two Cisco SD-WAN vulnerabilities are actively exploited, allowing for authentication bypass and privilege escalation.
-
IOCs: CVE-2026-20127, CVE-2022-20775
-
#CVE202620127 #Cisco #ThreatIntel
Overview
- Juniper Networks
- Junos OS Evolved
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.25%
KEV
Description
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root.
The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device.
Please note that this service is enabled by default as no specific configuration is required.
This issue affects Junos OS Evolved on PTX Series:
* 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO.
This issue does not affect Junos OS Evolved versions before 25.4R1-EVO.
This issue does not affect Junos OS.
Statistics
- 5 Posts
Last activity: Last hour
Fediverse
Juniper Networks has released an update for its Junos OS Evolved to fix a critical vulnerability (CVE-2026-21902) affecting PTX series routers. This flaw, if exploited by an unauthenticated attacker, could allow for arbitrary code execution with root privileges, potentially giving an attacker complete control over the device.
https://www.securityweek.com/juniper-networks-ptx-routers-affected-by-critical-vulnerability/
The security issue is identified as CVE-2026-21902 and is caused by incorrect permission assignment in the ‘On-Box Anomaly Detection’ framework, which should be exposed to internal processes only over the internal routing interface. bleepingcomputer.com/news/security/critical-juniper-networks-ptx-flaw-allows-full-router-takeover/
Bluesky
Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated,
network-based attacker to execute code as root (CVE-2026-21902)
URL: supportportal.juniper.net/s/article/20...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Unproven, CVSSv4.0: 9.3
Juniper Networks released an emergency patch for CVE-2026-21902, a critical vulnerability in Junos OS Evolved that allows unauthenticated remote attackers to execute arbitrary code with root privileges on PTX routers.
Overview
- anthropics
- claude-code
03 Oct 2025
Published
03 Oct 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.10%
KEV
Description
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
Statistics
- 2 Posts
- 17 Interactions
Last activity: 18 hours ago
Fediverse
Bluesky
Overview
Description
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Statistics
- 5 Posts
Last activity: 5 hours ago
Fediverse
Bluesky
Critical RCE Vulnerability in Apache Log4j Exposed: How Attackers Exploit and How to Mitigate + Video
Introduction: The recent disclosure of a critical remote code execution (RCE) vulnerability in Apache Log4j (CVE-2021-44228), dubbed "Log4Shell," has sent shockwaves through the cybersecurity…
Critical Log4Shell Vulnerability Exploited in Global Ransomware Campaign: A Comprehensive Technical Analysis and Mitigation Guide + Video
Introduction: The recent widespread exploitation of the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j has sent shockwaves through the cybersecurity…
Overview
Description
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
Statistics
- 1 Post
- 4 Interactions
Last activity: 19 hours ago
Fediverse
On a recent engagement, we exploited a previously disclosed privilege escalation bug in Tenable's Nessus Agent. No public PoC was available, so we made one; check it out here https://github.com/atredispartners/proof-of-concept/tree/main/cve-2025-36632
Description
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Statistics
- 1 Post
- 7 Interactions
Last activity: 22 hours ago
Overview
Description
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Statistics
- 1 Post
- 3 Interactions
Last activity: 14 hours ago
Fediverse
Veritasium covers the #xz compromise. This is well done. It starts off explaining open source. It explains encryption and compression. It explains software dependencies. It explains how the back door would have worked. Good watch.
#Backdoor #Veritasium #CVE #CVE20243094
https://youtu.be/aoag03mSuXQ
Overview
Description
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.
Statistics
- 1 Post
- 2 Interactions
Last activity: 13 hours ago
Overview
- Web-ofisi
- Firma Rehberi
22 Feb 2026
Published
23 Feb 2026
Updated
CVSS v4.0
HIGH (8.8)
EPSS
0.12%
KEV
Description
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.
Statistics
- 1 Post
- 1 Interaction
Last activity: 15 hours ago
Overview
Description
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.
Statistics
- 1 Post
- 1 Interaction
Last activity: 17 hours ago