24h | 7d | 30d

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager

25 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
3.26%

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

  • 16 Posts
  • 3 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Cisco Talos is tracking active exploitation of CVE-2026-20127 affecting Cisco Catalyst SD-WAN Controllers. Customers are strongly advised to review our latest threat advisory (cs.co/9001hs79z) and follow the published guidance (cs.co/9001hs7aL) to protect your environment.

  • 1
  • 2
  • 0
  • 15h ago
Profile picture fallback

Cisco SDWAN Controller vulnerability in the wild and at the network edge. CVE-2026-20127 by UAT-8616. Heads up. blog.talosintelligence.com/uat

  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback

Five Eyes warning: Cisco SD-WAN actively exploited by UAT-8616.
• CVE-2026-20127
• CVE-2022-20775
• Root access & rogue control-plane peering
• Persistence in edge devices
Immediate patching & threat hunting required.

Full details:
technadu.com/cisco-sd-wan-is-a

Are you checking for downgrade events?

  • 0
  • 0
  • 0
  • 19h ago

Bluesky

Profile picture fallback
Cisco released emergency patches for a critical zero-day vulnerability (CVE-2026-20127) in Catalyst SD-WAN that allows unauthenticated remote attackers to bypass authentication and gain administrative privileges.
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
📢 Exploitation active de CVE-2026-20127 dans Cisco Catalyst SD‑WAN par l’acteur UAT‑8616 📝 Contexte: Cisco Talos signale une exploitation activ… https://cyberveille.ch/posts/2026-02-26-exploitation-active-de-cve-2026-20127-dans-cisco-catalyst-sd-wan-par-lacteur-uat-8616/ #CVE_2026_20127 #Cyberveille
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
🛡️ Using BaseFortify? Add Cisco Catalyst SD-WAN Manager or Controller as a component and instantly see if you're vulnerable to CVE-2026-20127. Clear risk insight. Practical mitigation guidance. Stay ahead, not reactive. #BaseFortify #VulnerabilityManagement #SMB #CyberDefense
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
🚨 NCSC warns of large-scale exploitation of critical Cisco SD-WAN flaw CVE-2026-20127 (CVSS 10.0). Actively exploited since 2023. Patch immediately. Full breakdown & remediation steps: basefortify.eu/posts/2026/0... #CyberSecurity #Cisco #CVE #ZeroDay
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
A critical zero-day vulnerability in Cisco Catalyst SD-WAN (CVE-2026-20127) has been actively exploited since 2023, allowing attackers to compromise controllers and inject malicious peers into networks.
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on an affected system by sending a crafted request. thehackernews.com/2026/02/ci...
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
📌 CVE-2026-20127 - A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly... https://www.cyberhub.blog/cves/CVE-2026-20127
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
⚠️ CISA added CVE-2026-20127 to its KEV catalog and issued ED 26-03 after active exploitation of Cisco Catalyst SD-WAN. An auth bypass lets unauthenticated attackers gain admin access and manipulate SD-WAN configs. Patch now. Modat Magnify Query: web.html~"Cisco SD-WAN" OR web.html~"Cisco Catalyst"
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
Cisco SD-WAN ゼロデイ脆弱性 CVE-2026-20127 が 2023 年から管理者アクセスに悪用される Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access #HackerNews (Feb 26) thehackernews.com/2026/02/cisc...
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
The latest update for #ArcticWolf includes "CVE-2026-20127: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability" and "Welcoming Sevco Security: Expanding the Aurora Platform with Visionary Exposure Management". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
Five Eyes agencies warn: Cisco SD-WAN actively exploited by UAT-8616. CVE-2026-20127 & CVE-2022-20775 enable root access, rogue peering & long-term persistence. Immediate patching and threat hunting advised. Is your SD-WAN environment hardened? #CyberSecurity #Cisco #SDWAN #ThreatIntel #CISA
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
~Sophos~ CISA warns two Cisco SD-WAN vulnerabilities are actively exploited, allowing for authentication bypass and privilege escalation. - IOCs: CVE-2026-20127, CVE-2022-20775 - #CVE202620127 #Cisco #ThreatIntel
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
The latest update for #CyCognito includes "Emerging Threat: Cisco Catalyst SD-WAN Authentication Bypass (CVE-2026-20127)" and "Emerging Threat – Dell RecoverPoint for VMs Hardcoded Credential (CVE-2026-22769)". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • anthropics
  • claude-code

03 Oct 2025
Published
03 Oct 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.10%

KEV

Description

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.

Statistics

  • 3 Posts
  • 17 Interactions

Last activity: 11 hours ago

Fediverse

Profile picture fallback

Anthropic has addressed some of the concerns raised here, but the fact remains that Claude Code will run code in configuration files with minimal visibility to the end user. In this way, it presents similar dangers to VS Code and Cursor.

research.checkpoint.com/2026/r

  • 9
  • 6
  • 0
  • 15h ago

Bluesky

Profile picture fallback
📢 Vulnérabilités critiques dans Claude Code : exécution de code et vol de clés API via configurations de dépôt 📝 Selon Che… https://cyberveille.ch/posts/2026-02-26-vulnerabilites-critiques-dans-claude-code-execution-de-code-et-vol-de-cles-api-via-configurations-de-depot/ #CVE_2025_59536 #Cyberveille
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
Critical RCE in Code: How Attackers Can Hijack AI Assistants and Steal API Keys (CVE-2025-59536 & CVE-2026-21852) + Video Introduction: The recent discovery by Oded Vanunu of Check Point Research has exposed a critical flaw in Code, an AI‑powered coding assistant. Attackers can exploit specially…
  • 0
  • 2
  • 0
  • 11h ago

Overview

  • Cisco
  • Cisco Catalyst SD-WAN

30 Sep 2022
Published
26 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
1.04%

Description

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF

Statistics

  • 4 Posts

Last activity: 4 hours ago

Fediverse

Profile picture fallback

Five Eyes warning: Cisco SD-WAN actively exploited by UAT-8616.
• CVE-2026-20127
• CVE-2022-20775
• Root access & rogue control-plane peering
• Persistence in edge devices
Immediate patching & threat hunting required.

Full details:
technadu.com/cisco-sd-wan-is-a

Are you checking for downgrade events?

  • 0
  • 0
  • 0
  • 19h ago

Bluesky

Profile picture fallback
🔎 The exploit bypasses authentication, grants admin access, downgrades the system, then escalates to root via CVE-2022-20775 — restoring the original version while keeping full control. Internet-exposed SD-WAN management = highest risk. #NetworkSecurity #ThreatIntel #SDWAN #Infosec
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
Five Eyes agencies warn: Cisco SD-WAN actively exploited by UAT-8616. CVE-2026-20127 & CVE-2022-20775 enable root access, rogue peering & long-term persistence. Immediate patching and threat hunting advised. Is your SD-WAN environment hardened? #CyberSecurity #Cisco #SDWAN #ThreatIntel #CISA
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
~Sophos~ CISA warns two Cisco SD-WAN vulnerabilities are actively exploited, allowing for authentication bypass and privilege escalation. - IOCs: CVE-2026-20127, CVE-2022-20775 - #CVE202620127 #Cisco #ThreatIntel
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Google
  • Chrome

13 Feb 2026
Published
26 Feb 2026
Updated

CVSS
Pending
EPSS
0.34%

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 2 Posts
  • 10 Interactions

Last activity: 16 hours ago

Fediverse

Profile picture fallback

Щли недели с публикации данных о CVE-2026-2441, а Яндекс до сих пор не выпустил патч для своего браузера.

  • 2
  • 5
  • 0
  • 16h ago
Profile picture fallback

Il fallait la trouver celle là !
Utiliser des CSS pour extraire des valeurs (par ex un token de protection contre les CSRF) !

sitepoint.com/zero-day-css-cve

  • 1
  • 2
  • 0
  • 19h ago

Overview

  • Apache Software Foundation
  • Apache Log4j2

10 Dec 2021
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
94.36%

Description

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Statistics

  • 3 Posts

Last activity: 10 hours ago

Fediverse

Profile picture fallback

SENTINEL BRIEF: Log4Shell (CVE-2021-44228) is an architectural failure, not just a bug. Our V7.4 Forensic Analysis explores the JNDI lookup logic failure that subverts Zero Trust topology. Moving beyond the patch to topological defense. Read the full report at The Cyber Mind Co.

thecybermind.co/2026/02/26/log

  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
Critical RCE Vulnerability in Apache Log4j Exposed: How Attackers Exploit and How to Mitigate + Video Introduction: The recent disclosure of a critical remote code execution (RCE) vulnerability in Apache Log4j (CVE-2021-44228), dubbed "Log4Shell," has sent shockwaves through the cybersecurity…
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
Critical Log4Shell Vulnerability Exploited in Global Ransomware Campaign: A Comprehensive Technical Analysis and Mitigation Guide + Video Introduction: The recent widespread exploitation of the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j has sent shockwaves through the cybersecurity…
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Tenable
  • Agent

16 Jun 2025
Published
16 Jun 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 13 hours ago

Fediverse

Profile picture fallback

On a recent engagement, we exploited a previously disclosed privilege escalation bug in Tenable's Nessus Agent. No public PoC was available, so we made one; check it out here github.com/atredispartners/pro

  • 3
  • 1
  • 0
  • 13h ago

Overview

  • xz
  • xz

29 Mar 2024
Published
20 Nov 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
85.80%

KEV

Description

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture fallback

Veritasium covers the #xz compromise. This is well done. It starts off explaining open source. It explains encryption and compression. It explains software dependencies. It explains how the back door would have worked. Good watch.

#Backdoor #Veritasium #CVE #CVE20243094
youtu.be/aoag03mSuXQ

  • 1
  • 2
  • 0
  • 7h ago

Overview

  • Web-ofisi
  • Firma

22 Feb 2026
Published
25 Feb 2026
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.07%

KEV

Description

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 6 hours ago

Bluesky

Profile picture fallback
📌 CVE-2019-25457 - Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code... https://www.cyberhub.blog/cves/CVE-2019-25457
  • 0
  • 2
  • 0
  • 6h ago

Overview

  • Web-ofisi
  • Emlak

22 Feb 2026
Published
25 Feb 2026
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.06%

KEV

Description

Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 9 hours ago

Bluesky

Profile picture fallback
📌 CVE-2019-25456 - Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code ... https://www.cyberhub.blog/cves/CVE-2019-25456
  • 0
  • 1
  • 0
  • 9h ago

Overview

  • Web-ofisi
  • Firma Rehberi

22 Feb 2026
Published
23 Feb 2026
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.07%

KEV

Description

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 9 hours ago

Bluesky

Profile picture fallback
📌 CVE-2019-25458 - Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting S... https://www.cyberhub.blog/cves/CVE-2019-25458
  • 0
  • 1
  • 0
  • 9h ago
Showing 1 to 10 of 184 CVEs