24h | 7d | 30d

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager

25 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
2.19%

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

  • 10 Posts
  • 3 Interactions

Last activity: 5 hours ago

Fediverse

Profile picture fallback

Cisco Talos is tracking active exploitation of CVE-2026-20127 affecting Cisco Catalyst SD-WAN Controllers. Customers are strongly advised to review our latest threat advisory (cs.co/9001hs79z) and follow the published guidance (cs.co/9001hs7aL) to protect your environment.

  • 1
  • 2
  • 0
  • 21h ago
Profile picture fallback

Cisco SDWAN Controller vulnerability in the wild and at the network edge. CVE-2026-20127 by UAT-8616. Heads up. blog.talosintelligence.com/uat

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on an affected system by sending a crafted request. thehackernews.com/2026/02/ci...
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
📌 CVE-2026-20127 - A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly... https://www.cyberhub.blog/cves/CVE-2026-20127
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
⚠️ CISA added CVE-2026-20127 to its KEV catalog and issued ED 26-03 after active exploitation of Cisco Catalyst SD-WAN. An auth bypass lets unauthenticated attackers gain admin access and manipulate SD-WAN configs. Patch now. Modat Magnify Query: web.html~"Cisco SD-WAN" OR web.html~"Cisco Catalyst"
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
Cisco SD-WAN ゼロデイ脆弱性 CVE-2026-20127 が 2023 年から管理者アクセスに悪用される Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access #HackerNews (Feb 26) thehackernews.com/2026/02/cisc...
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
The latest update for #ArcticWolf includes "CVE-2026-20127: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability" and "Welcoming Sevco Security: Expanding the Aurora Platform with Visionary Exposure Management". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems (CVE-2026-20127) #patchmanagement
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
~Sophos~ CISA warns two Cisco SD-WAN vulnerabilities are actively exploited, allowing for authentication bypass and privilege escalation. - IOCs: CVE-2026-20127, CVE-2022-20775 - #CVE202620127 #Cisco #ThreatIntel
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
The latest update for #CyCognito includes "Emerging Threat: Cisco Catalyst SD-WAN Authentication Bypass (CVE-2026-20127)" and "Emerging Threat – Dell RecoverPoint for VMs Hardcoded Credential (CVE-2026-22769)". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Juniper Networks
  • Junos OS Evolved

25 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.25%

KEV

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS.

Statistics

  • 5 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

Juniper Networks has released an update for its Junos OS Evolved to fix a critical vulnerability (CVE-2026-21902) affecting PTX series routers. This flaw, if exploited by an unauthenticated attacker, could allow for arbitrary code execution with root privileges, potentially giving an attacker complete control over the device.
securityweek.com/juniper-netwo

  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback

The security issue is identified as CVE-2026-21902 and is caused by incorrect permission assignment in the ‘On-Box Anomaly Detection’ framework, which should be exposed to internal processes only over the internal routing interface. bleepingcomputer.com/news/security/critical-juniper-networks-ptx-flaw-allows-full-router-takeover/

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root (CVE-2026-21902) URL: supportportal.juniper.net/s/article/20... Classification: Critical, Solution: Official Fix, Exploit Maturity: Unproven, CVSSv4.0: 9.3
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Juniper Networks released an emergency patch for CVE-2026-21902, a critical vulnerability in Junos OS Evolved that allows unauthenticated remote attackers to execute arbitrary code with root privileges on PTX routers.
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
The security issue is identified as CVE-2026-21902 and is caused by incorrect permission assignment in the ‘On-Box Anomaly Detection’ framework. bleepingcomputer.com/news/security/critical-juniper-networks-ptx-flaw-allows-full-router-takeover/
  • 0
  • 0
  • 0
  • Last hour

Overview

  • anthropics
  • claude-code

03 Oct 2025
Published
03 Oct 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.10%

KEV

Description

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.

Statistics

  • 2 Posts
  • 17 Interactions

Last activity: 18 hours ago

Fediverse

Profile picture fallback

Anthropic has addressed some of the concerns raised here, but the fact remains that Claude Code will run code in configuration files with minimal visibility to the end user. In this way, it presents similar dangers to VS Code and Cursor.

research.checkpoint.com/2026/r

  • 9
  • 6
  • 0
  • 21h ago

Bluesky

Profile picture fallback
Critical RCE in Code: How Attackers Can Hijack AI Assistants and Steal API Keys (CVE-2025-59536 & CVE-2026-21852) + Video Introduction: The recent discovery by Oded Vanunu of Check Point Research has exposed a critical flaw in Code, an AI‑powered coding assistant. Attackers can exploit specially…
  • 0
  • 2
  • 0
  • 18h ago

Overview

  • Apache Software Foundation
  • Apache Log4j2

10 Dec 2021
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
94.36%

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Statistics

  • 5 Posts

Last activity: 5 hours ago

Fediverse

Profile picture fallback

SENTINEL BRIEF: Log4Shell (CVE-2021-44228) is an architectural failure, not just a bug. Our V7.4 Forensic Analysis explores the JNDI lookup logic failure that subverts Zero Trust topology. Moving beyond the patch to topological defense. Read the full report at The Cyber Mind Co.

thecybermind.co/2026/02/26/log

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
Critical RCE Vulnerability in Apache Log4j Exposed: How Attackers Exploit and How to Mitigate + Video Introduction: The recent disclosure of a critical remote code execution (RCE) vulnerability in Apache Log4j (CVE-2021-44228), dubbed "Log4Shell," has sent shockwaves through the cybersecurity…
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
Critical Log4Shell Vulnerability Exploited in Global Ransomware Campaign: A Comprehensive Technical Analysis and Mitigation Guide + Video Introduction: The recent widespread exploitation of the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j has sent shockwaves through the cybersecurity…
  • 0
  • 0
  • 1
  • 22h ago
Profile picture fallback
Hunters, Load Your Queries: The Log4J Icon Hash That Exposes Vulnerable Systems + Video Introduction: The infamous Log4Shell vulnerability (CVE-2021-44228) remains a persistent threat years after its disclosure, with unpatched systems still scattered across the internet. Security researchers and…
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Tenable
  • Agent

16 Jun 2025
Published
16 Jun 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 19 hours ago

Fediverse

Profile picture fallback

On a recent engagement, we exploited a previously disclosed privilege escalation bug in Tenable's Nessus Agent. No public PoC was available, so we made one; check it out here github.com/atredispartners/pro

  • 3
  • 1
  • 0
  • 19h ago

Overview

  • Google
  • Chrome

13 Feb 2026
Published
26 Feb 2026
Updated

CVSS
Pending
EPSS
0.34%

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
  • 7 Interactions

Last activity: 22 hours ago

Fediverse

Profile picture fallback

Щли недели с публикации данных о CVE-2026-2441, а Яндекс до сих пор не выпустил патч для своего браузера.

  • 2
  • 5
  • 0
  • 22h ago

Overview

  • xz
  • xz

29 Mar 2024
Published
20 Nov 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
85.80%

KEV

Description

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 14 hours ago

Fediverse

Profile picture fallback

Veritasium covers the #xz compromise. This is well done. It starts off explaining open source. It explains encryption and compression. It explains software dependencies. It explains how the back door would have worked. Good watch.

#Backdoor #Veritasium #CVE #CVE20243094
youtu.be/aoag03mSuXQ

  • 1
  • 2
  • 0
  • 14h ago

Overview

  • Web-ofisi
  • Firma

22 Feb 2026
Published
25 Feb 2026
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.09%

KEV

Description

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 13 hours ago

Bluesky

Profile picture fallback
📌 CVE-2019-25457 - Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code... https://www.cyberhub.blog/cves/CVE-2019-25457
  • 0
  • 2
  • 0
  • 13h ago

Overview

  • Web-ofisi
  • Firma Rehberi

22 Feb 2026
Published
23 Feb 2026
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.12%

KEV

Description

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 15 hours ago

Bluesky

Profile picture fallback
📌 CVE-2019-25458 - Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting S... https://www.cyberhub.blog/cves/CVE-2019-25458
  • 0
  • 1
  • 0
  • 15h ago

Overview

  • Web-ofisi
  • Emlak

22 Feb 2026
Published
23 Feb 2026
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.10%

KEV

Description

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 17 hours ago

Bluesky

Profile picture fallback
📌 CVE-2019-25459 - Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries... https://www.cyberhub.blog/cves/CVE-2019-25459
  • 0
  • 1
  • 0
  • 17h ago
Showing 1 to 10 of 67 CVEs