Articles tagged "CVE"

Found 341 articles

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure

Security Affairs

Actively Exploited

A serious vulnerability in Cisco Catalyst SD-WAN, identified as CVE-2026-20245, has been exploited by hackers for months before it was publicly disclosed. This flaw, which has a CVSS score of 7.8, allows authenticated attackers to execute privileged commands on affected systems. Google-owned Mandiant reported that the exploitation occurred at least two months prior to the disclosure, raising concerns about the security of networks using this technology. Organizations using Cisco Catalyst SD-WAN should take immediate action to secure their systems, as this vulnerability poses a significant risk to network integrity. The incident serves as a reminder of the importance of timely disclosure and patch management in cybersecurity.

Read Original
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

The Hacker News

Actively Exploited

A recently discovered vulnerability in Cisco Catalyst SD-WAN has been exploited by an unknown attacker for at least two months before its public disclosure. This security flaw, identified as CVE-2026-20245, has a high severity rating of 7.8 and allows an authenticated local attacker to execute arbitrary commands with elevated privileges. This means that if an attacker gains access to a system, they could potentially take control of critical functions within the network. Companies using Cisco Catalyst SD-WAN should be aware of the risk posed by this vulnerability and take immediate action to protect their systems. The findings from Mandiant underscore the importance of timely patching and monitoring for unusual activity in network environments.

Read Original

Mandiant has reported on a serious vulnerability in Cisco's Catalyst SD-WAN, identified as CVE-2026-20245, which has been exploited by hackers to gain root access to affected devices. This zero-day attack allows attackers to create unauthorized root accounts, compromising network security for organizations using this technology. The vulnerability poses a significant risk to businesses relying on Cisco's SD-WAN solutions, as it can lead to unauthorized access and potential data breaches. Companies should urgently assess their systems for this vulnerability and implement necessary security measures to protect their networks.

Read Original

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a serious vulnerability affecting Lantronix EDS5000 Series devices. This flaw, identified as CVE-2025-67038, has a high severity score of 9.8 and involves a code injection issue that could allow attackers to execute malicious code. CISA is urging Federal Civilian Executive Branch agencies to implement available fixes before the deadline of June 26, 2026. The active exploitation of this vulnerability raises concerns about potential unauthorized access and control over affected devices, which could lead to significant security breaches. Organizations using these devices should prioritize applying security updates to mitigate risks.

Read Original

A newly discovered vulnerability in Samsung's KNOX security platform, identified as CVE-2026-20971, arises from a race condition in the kernel's process integrity validation. This flaw could potentially allow attackers to bypass security measures, putting devices at risk. Users of Samsung devices utilizing the KNOX platform should be particularly cautious, as the vulnerability might expose sensitive data or allow unauthorized access. Samsung has addressed this issue by releasing a patch, and it is crucial for users to apply this update promptly to secure their devices. Keeping software up to date is essential to avoid exploitation of such vulnerabilities.

Read Original

A newly discovered vulnerability, CVE-2026-20230, affects Cisco's Unified Communications Manager (Unified CM) and is currently being exploited in the wild. This issue is a server-side request forgery (SSRF) flaw that allows attackers to drop webshells and execute code remotely on the affected servers. According to threat intelligence firm Defused, automated attacks have been observed using the Tor network to deploy these webshells. The exploitation process involves abusing the WebDialer SSRF to install a malicious Apache Axis service, which then facilitates the execution of further malicious payloads. Organizations using Cisco Unified CM should be aware of this security threat and take steps to mitigate potential risks.

Read Original

A serious security flaw has been discovered in Cisco Unified Communications Manager (Unified CM) and its Session Management Edition (Unified CM SME). The vulnerability, identified as CVE-2026-20230, has a CVSS score of 8.6, indicating its severity. It involves improper input validation for specific HTTP requests, which could allow attackers to execute commands remotely without authentication. This means that unauthorized individuals could potentially gain root access to affected systems. Companies using these Cisco products need to act quickly to protect their networks, as the flaw is already being exploited in the wild.

Read Original

Dify has experienced a serious security vulnerability identified as CVE-2026-41947, which affects its tracing system. This flaw allows attackers to establish a persistent channel that can extract any messages and responses from applications that the attacker can access, all without needing authentication. This could potentially expose sensitive data across different tenants using Dify's services. Organizations using Dify must take this issue seriously as it poses a risk to their data security. It's crucial for affected users to assess their exposure and implement necessary security measures to mitigate this risk.

Read Original

Samsung has patched a serious vulnerability in its KNOX security software that affects millions of Galaxy devices. The flaw, identified as CVE-2026-20971, is a use-after-free vulnerability located in the kernel, specifically within the PROCA/FIVE component. This issue could allow attackers to exploit the software designed to protect devices, raising significant security concerns for users. Samsung released a fix for this flaw in January 2026, but the potential for exploitation underscores the need for users to update their devices promptly. The vulnerability puts millions of Galaxy users at risk, highlighting the importance of maintaining security updates for mobile devices.

Read Original
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks

BleepingComputer

Actively Exploited

A serious vulnerability, identified as CVE-2026-20230, has been discovered in Cisco's Unified Communications Manager Server. This Server-Side Request Forgery (SSRF) flaw is currently being exploited by attackers, raising concerns for organizations using this software. The vulnerability could allow malicious actors to manipulate requests sent from the server, potentially leading to unauthorized access to sensitive systems. Companies that rely on Cisco's Unified Communications infrastructure need to prioritize patching their systems to protect against these active exploits. As the situation evolves, it is crucial for affected users to stay informed and take immediate action to mitigate risks.

Read Original

Hackers are taking advantage of a recently patched vulnerability in the Gravity SMTP plugin for WordPress, which is used on around 100,000 websites. This security flaw, identified as CVE-2026-4020, allows attackers without authentication to access sensitive information, including API keys and OAuth tokens. The vulnerability has a medium severity score of 5.3, but the potential exposure of critical data makes it a significant concern for site administrators. Users of the Gravity SMTP plugin need to ensure they update to the latest version to protect their sites from these attacks. The urgency of addressing this issue is heightened by the fact that the vulnerability is currently being exploited in the wild.

Read Original

A recently disclosed vulnerability in Splunk Enterprise, identified as CVE-2026-20253, has been exploited by attackers just days after it was made public. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to apply patches within three days to prevent potential unauthorized remote code execution. This vulnerability poses a serious risk, allowing attackers to execute malicious code without authentication, which could lead to significant data breaches or system compromises. Organizations using affected versions of Splunk Enterprise need to act quickly to secure their systems and protect sensitive information from exploitation.

Read Original

Apple has released a security update to address a vulnerability in its Beats Studio Buds, identified as CVE-2025-20701. This flaw was uncovered by researchers Dennis Heinze and Frieder Steinmetz from ERNW GmbH. While the specific nature of the vulnerability has not been detailed, it poses a potential risk to users of the Beats Studio Buds, which are popular wireless earbuds. Users are encouraged to install the latest firmware update to ensure their devices are protected. Ignoring this update could leave users vulnerable to potential exploits that might compromise their audio experience or privacy.

Read Original

F5 has issued urgent patches for two critical vulnerabilities in NGINX, identified as CVE-2026-42530 and CVE-2026-42055, both rated with a CVSS score of 9.2. These flaws affect the HTTP modules and can be exploited remotely without any authentication, allowing attackers to execute arbitrary code and potentially corrupt memory. This presents a significant risk for organizations using affected NGINX versions, as it could lead to unauthorized access and system compromise. F5's out-of-band updates are crucial for users to secure their systems and prevent potential exploitation. Users are strongly advised to apply these patches promptly to mitigate the risks associated with these vulnerabilities.

Read Original

Microsoft has confirmed a serious vulnerability in its Defender software, identified as the RoguePlanet zero-day (CVE-2026-50656), which has a CVSS score of 7.8. This flaw allows attackers to escalate privileges through the Microsoft Malware Protection Engine, potentially giving them greater access to affected systems. Microsoft is currently working on a security patch to address this issue but has not yet released specific details about the patch or when it will be available. Users of Microsoft Defender should remain vigilant and monitor for updates from Microsoft regarding this vulnerability, as it poses a significant risk to system security. The implications are serious, especially for organizations relying on Defender for malware protection.

Read Original
PreviousPage 5 of 23Next