Tag: cve-2026-21262

Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that can be exploited by anonymous attackers against sites using PostgreSQL databases. Tracked as the CVE-2026-9082 vulnerability, the issue resides in Drupal’s database abstraction API, which is supposed to sanitize queries before they reach the backend database. Drupal rates the flaw […]

CVE-2026-20223: Cisco Secure Workload Auth Bypass Grants Site Admin Access Cisco has patched a maximum-severity vulnerability in Cisco Secure Workload (CSW) Cluster Software tracked as CVE-2026-20223. The issue is an authentication and access-control bypass affecting internal REST API endpoints, and it can allow a remote, unauthenticated attacker to obtain Site Admin privileges. Site Admin is […]

CVE-2026-Adresse geschuetzt. The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek.

CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek.

CVE-2024-12802: SonicWall SSL-VPN MFA Bypass Persists on Gen6 CVE-2024-Adresse geschuetzt/ SonicWall SSL-VPN when the VPN is integrated with Microsoft Active Directory (AD) in certain configurations. The issue matters because defenders may think they are protected after upgrading firmware, yet Gen6 […]

The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection.  The post Critical Vulnerability Exposes Industrial Robot Fleets to Hacking appeared first on SecurityWeek.

A vulnerability affecting Cisco Catalyst SD-WAN Controller has drawn urgent attention after Cisco, Rapid7, and CISA confirmed active exploitation. CVE-2026-Adresse geschuetzt 10.0 score and can let an unauthenticated remote attacker gain administrative privileges on an affected […] The post CVE-2026-20182: Critical Authentication Bypass in Cisco SD-WAN Can Grant Admin Access appeared first on SOC Prime.

Microsoft has disclosed a vulnerability impacting on-premise versions of Exchange Server that is already seeing active exploitation in the wild. Tracked as CVE-2026-42897, the issue carries a CVSS score of 8.1 and affects Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition, while Exchange Online is not impacted. Microsoft describes it as a […]