Skip to content
The Nexus
DossierENTITY

CVSS

Coverage of CVSS in the Nexus archive.

Earliest in view: Mar 30 · 15:01 UTCMost recent: Jun 24 · 06:50 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 24 · 06:50 UTCTHE HACKER NEWS
    Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

    Threat actors are exploiting a critical security flaw in Cisco Unified Communications Manager and Unified CM SME, tracked as CVE-2026-20230, which allows unauthenticated remote attackers to exploit improper HTTP request input validation. The vulnerability has a CVSS score of 8.6 and enables a path to root file-write capabilities.

  • SECURITYJun 6 · 04:19 UTCTHE HACKER NEWS
    Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

    Cisco has issued a warning about a high-severity security flaw (CVE-2026-20245) in its Catalyst SD-WAN Manager, which is being actively exploited. The vulnerability, with a CVSS score of 7.8, affects multiple deployment types including On-Prem, Cloud-Pro, Cloud (Cisco Managed), and SD-WAN for Government (FedRAMP). No patch is currently available.

  • SECURITYMay 28 · 17:24 UTCTHE HACKER NEWS
    Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

    A critical remote code execution (RCE) vulnerability has been disclosed in Gogs, an open-source self-hosted Git service, allowing authenticated users to execute arbitrary code. The flaw is rated 9.4 on the CVSS scoring system and currently lacks a CVE identifier.

  • SECURITYMay 21 · 10:55 UTCTHE HACKER NEWS
    Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

    Microsoft has disclosed two actively exploited vulnerabilities in Microsoft Defender, including a privilege escalation flaw (CVE-2026-41091) rated 7.8 on the CVSS scale that could allow attackers to gain SYSTEM privileges, and a denial-of-service vulnerability. These flaws are currently being exploited in the wild.

  • SECURITYMay 14 · 20:25 UTCDARK READING
    Maximum Severity Cisco SD-WAN Bug Exploited in the Wild

    A severe bug in Cisco's SD-WAN has been exploited by a threat actor, marking the second time this year a CVSS 10.0 vulnerability has been leveraged in Cisco's network control system. This exploit poses significant risks to affected networks. The vulnerability has a maximum severity score.

  • SECURITYMay 14 · 17:45 UTCTHE HACKER NEWS
    Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

    Cisco released updates to address a severe authentication bypass flaw in Catalyst SD-WAN Controller, which has been exploited in limited attacks, carrying a CVSS score of 10.0. The vulnerability is tracked as CVE-2026-20182 and affects Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager.

  • SECURITYMay 14 · 11:40 UTCTHE HACKER NEWS
    PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

    Threat actors attempted to exploit a security vulnerability in PraisonAI within four hours of public disclosure. The vulnerability, CVE-2026-44338, has a CVSS score of 7.3 and exposes sensitive endpoints due to missing authentication. This allows attackers to invoke certain actions.

  • SECURITYApr 22 · 07:16 UTCTHE HACKER NEWS
    Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

    A critical security vulnerability (CVE-2026-5752) in Cohere AI's Terrarium sandbox allows attackers to execute arbitrary code with root privileges and escape containers via JavaScript prototype chain traversal. The flaw, rated 9.3 on the CVSS scale, poses significant risks to systems using the Python-based sandbox.

  • SECURITYApr 12 · 04:25 UTCTHE HACKER NEWS
    Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

    Adobe has released emergency updates to address a critical security flaw in Acrobat Reader (CVE-2026-34621) that is being actively exploited. The vulnerability, rated 8.6 on the CVSS scale, could allow attackers to execute malicious code on affected systems.

  • SECURITYMar 30 · 15:01 UTCDARK READING
    Storm Brews Over Critical, No-Click Telegram Flaw

    A critical vulnerability in Telegram, allegedly triggered by a corrupted sticker, has a 9.8 CVSS score but Telegram denies its existence. The flaw highlights potential security risks in messaging apps.

CVSS · Dossier · The Nexus