Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-20133 — Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file…

catalyst_sd-wan_manager | Remote | Information Disclosure
Feb 25, 2026 Mar 04, 2026
Feb 25, 2026
Mar 04, 2026
9.8 CRITICAL
CVE-2026-20129 — Cisco Catayst SD-WAN Authentication Bypass Vulnerability

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmi…

catalyst_sd-wan_manager | Remote | Authentication
Feb 25, 2026 Mar 04, 2026
Feb 25, 2026
Mar 04, 2026
7.5 HIGH
CVE-2026-20128 — Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit …

catalyst_sd-wan_manager | Authentication
Feb 25, 2026 Mar 04, 2026
Feb 25, 2026
Mar 04, 2026
10.0 CRITICAL
CVE-2026-20127 — Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability - [Activ…

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, …

catalyst_sd-wan_manager sd-wan_vsmart_controller | CISA KEV Remote | Authentication
Feb 25, 2026 Feb 26, 2026
Feb 25, 2026
Feb 26, 2026
8.8 HIGH
CVE-2026-20126 — Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is …

catalyst_sd-wan_manager | Remote | Authentication
Feb 25, 2026 Mar 04, 2026
Feb 25, 2026
Mar 04, 2026
5.4 MEDIUM
CVE-2026-20122 — Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the att…

catalyst_sd-wan_manager | Remote | Path Traversal
Feb 25, 2026 Mar 04, 2026
Feb 25, 2026
Mar 04, 2026
5.5 MEDIUM
CVE-2026-20107 — Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability

A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexp…

application_policy_infrastructure_controller | Denial of Service
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.7 MEDIUM
CVE-2026-20099 — Cisco UCS Manager and FXOS Software Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform…

unified_computing_system | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
4.8 MEDIUM
CVE-2026-20091 — Cisco UCS Manager and FXOS Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS…

unified_computing_system | Remote | Cross-Site Scripting
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.4 HIGH
CVE-2026-20051 — Cisco Nexus 3600-R and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service V…

A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, …

nx-os | Denial of Service
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.7 HIGH
CVE-2026-20048 — Cisco NX-OS Software SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of se…

Remote | Denial of Service
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
4.4 MEDIUM
CVE-2026-20037 — Cisco UCS Manager File Write Vulnerability

A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions…

unified_computing_system | Authorization
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2026-20036 — Cisco UCS Manager Software Command Injection Vulnerability

A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary com…

unified_computing_system | Remote | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.4 HIGH
CVE-2026-20033 — Cisco NX-OS Software Denial of Service Vulnerability

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vu…

| Denial of Service
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
7.4 HIGH
CVE-2026-20010 — Cisco Nexus 3000 and 9000 Series Switches Link Layer Discovery Protocol Denial of Service…

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause a…

nx-os unified_computing_system | Denial of Service
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
1.3 LOW
CVE-2026-3206 — Improper management of context cancelations

Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules). This issue affects KrakenD-CE: before 2.13.1…

krakend-ce krakend-ee | Remote | Denial of Service
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
5.3 MEDIUM
CVE-2026-3188 — feiyuchuixue sz-boot-parent API templates path traversal

A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a m…

Remote | Path Traversal
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2026-27848 — Missing neutralization in Linksys MR9600, Linksys MX4200

Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user. This issue affects MR9600: 1.0.4.2…

mr9600_firmware mx4200_firmware | Remote | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
9.8 CRITICAL
CVE-2026-27847 — Missing authentication in Linksys MR9600, Linksys MX4200

Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can b…

mr9600_firmware mx4200_firmware | Remote | Injection
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
6.2 MEDIUM
CVE-2026-27846 — Missing authentication in Linksys MR9600, Linksys MX4200

Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network  to gain access to sensitive information, includ…

mr9600_firmware mx4200_firmware | Authentication
Feb 25, 2026 Feb 27, 2026
Feb 25, 2026
Feb 27, 2026
Showing 20 of 5066 Results