Discover Vulnerabilities Now!

Vulnerabilities
---
Vendors
---
Products
---
Vulnerability Media Exposure
These listed vulnerabilities have been referenced across multiple public sources, indicating high media attention and potential significance.
See more
CVE-2026-20127 EUVD-2026-8675
CRITICAL

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

cisco:catalyst_sd-wan_manager
cisco:sd-wan_vsmart_controller
CVE-2026-20122 EUVD-2026-8673
MEDIUM

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

cisco:catalyst_sd-wan_manager
CVE-2017-7921 EUVD-2017-16892
CRITICAL

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

hikvision:ds-2cd2032-i_firmware
hikvision:ds-2cd2112-i_firmware
hikvision:ds-2cd2132-i_firmware
hikvision:ds-2cd2212-i5_firmware
hikvision:ds-2cd2232-i5_firmware
hikvision:ds-2cd2312-i_firmware
hikvision:ds-2cd2332-i_firmware
hikvision:ds-2cd2412f-i\(w\)_firmware
hikvision:ds-2cd2432f-i\(w\)_firmware
hikvision:ds-2cd2512f-i\(s\)_firmware
hikvision:ds-2cd2532f-i\(s\)_firmware
hikvision:ds-2cd2612f-i\(s\)_firmware
hikvision:ds-2cd2632f-i\(s\)_firmware
hikvision:ds-2cd2712f-i\(s\)_firmware
hikvision:ds-2cd2732f-i\(s\)_firmware
hikvision:ds-2cd2t32-i3_firmware
hikvision:ds-2cd2t32-i5_firmware
hikvision:ds-2cd2t32-i8_firmware
hikvision:ds-2cd4012f-\(a\)_firmware
hikvision:ds-2cd4012f-\(p\)_firmware
hikvision:ds-2cd4012f-\(w\)_firmware
hikvision:ds-2cd4012fwd-\(a\)_firmware
hikvision:ds-2cd4012fwd-\(p\)_firmware
hikvision:ds-2cd4012fwd-\(w\)_firmware
hikvision:ds-2cd4024f-\(a\)_firmware
hikvision:ds-2cd4024f-\(p\)_firmware
hikvision:ds-2cd4024f-\(w\)_firmware
hikvision:ds-2cd4032fwd-\(a\)_firmware
hikvision:ds-2cd4032fwd-\(p\)_firmware
hikvision:ds-2cd4032fwd-\(w\)_firmware
hikvision:ds-2cd4112f-i\(z\)_firmware
hikvision:ds-2cd4112fwd-i\(z\)_firmware
hikvision:ds-2cd4124f-i\(z\)_firmware
hikvision:ds-2cd4132fwd-i\(z\)_firmware
hikvision:ds-2cd4212f-i\(h\)_firmware
hikvision:ds-2cd4212f-i\(s\)_firmware
hikvision:ds-2cd4212f-i\(z\)_firmware
hikvision:ds-2cd4212fwd-i\(h\)_firmware
hikvision:ds-2cd4212fwd-i\(s\)_firmware
hikvision:ds-2cd4212fwd-i\(z\)_firmware
hikvision:ds-2cd4224f-i\(h\)_firmware
hikvision:ds-2cd4224f-i\(s\)_firmware
hikvision:ds-2cd4224f-i\(z\)_firmware
hikvision:ds-2cd4232fwd-i\(h\)_firmware
hikvision:ds-2cd4232fwd-i\(s\)_firmware
hikvision:ds-2cd4232fwd-i\(z\)_firmware
hikvision:ds-2cd4312f-i\(h\)_firmware
hikvision:ds-2cd4312f-i\(s\)_firmware
hikvision:ds-2cd4312f-i\(z\)_firmware
hikvision:ds-2cd4324f-i\(h\)_firmware
hikvision:ds-2cd4324f-i\(s\)_firmware
hikvision:ds-2cd4324f-i\(z\)_firmware
hikvision:ds-2cd4332fwd-i\(h\)_firmware
hikvision:ds-2cd4332fwd-i\(s\)_firmware
hikvision:ds-2cd4332fwd-i\(z\)_firmware
hikvision:ds-2cd6412fwd_firmware
hikvision:ds-2dfx_series_firmware
hikvision:ds-2cd63xx_series_firmware
CVE-2026-20079 EUVD-2026-9438
CRITICAL

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.

CVE-2026-20128 EUVD-2026-8676
HIGH

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

cisco:catalyst_sd-wan_manager
Newly recorded security issues per week
Stay up to date! New information is added to our knowledge database every day. Here you can see the history of newly added vulnerabilities that have been added to our CVE DB in recent years.
Vulnerabilities by severity (over the last 7 days)
Information about the vulnerabilities of the last 7 days can be found here. As you can see, critical vulnerabilities are also added on a daily basis. Therefore, validate your current security situation sets on a daily basis to ensure the security of your IT.
CVSS Score Distribution
The CVSS score rates security vulnerabilities from 0 to 10, based on factors like attack vectors and impacts on confidentiality, integrity, and availability.
EPSS Score Distribution
The EPSS score predicts the likelihood of a known vulnerability being exploited, complementing CVSS by assessing real-world exploitability based on threat activity and exploit availability.
Latest Vulnerability Reports
The 10 most recently published CVE reports.

  • CVE-2026-26125

    HIGH

    Payment Orchestrator Service Elevation of Privilege Vulnerability

  • CVE-2026-26124

    MEDIUM

    Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

  • CVE-2026-26122

    MEDIUM

    Microsoft ACI Confidential Containers Information Disclosure Vulnerability

  • CVE-2026-23651

    MEDIUM

    Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

  • CVE-2026-21536

    CRITICAL

    Microsoft Devices Pricing Program Remote Code Execution Vulnerability

  • CVE-2026-3606

    LOW

    A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

  • CVE-2026-2593

    MEDIUM

    The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_gspb_post_css` post meta value and the `dynamicAttributes` block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

  • CVE-2026-29613

    HIGH

    OpenClaw versions prior to 2026.2.12 contain a vulnerability in the BlueBubbles (optional plugin) webhook handler in which it authenticates requests based solely on loopback remoteAddress without validating forwarding headers, allowing bypass of configured webhook passwords. When the gateway operates behind a reverse proxy, unauthenticated remote attackers can inject arbitrary BlueBubbles message and reaction events by reaching the proxy endpoint.

  • CVE-2026-29612

    MEDIUM

    OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. Remote attackers can supply oversized base64 payloads to cause memory pressure and denial of service.

  • CVE-2026-29611

    MEDIUM

    OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension (must be installed and enabled) media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath parameters against an allowlist, enabling attackers to request sensitive files like /etc/passwd and exfiltrate them as media attachments.