CVSS
Coverage of CVSS in the Nexus archive.
- Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
Threat actors are exploiting a critical security flaw in Cisco Unified Communications Manager and Unified CM SME, tracked as CVE-2026-20230, which allows unauthenticated remote attackers to exploit improper HTTP request input validation. The vulnerability has a CVSS score of 8.6 and enables a path to root file-write capabilities.
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
Cisco has issued a warning about a high-severity security flaw (CVE-2026-20245) in its Catalyst SD-WAN Manager, which is being actively exploited. The vulnerability, with a CVSS score of 7.8, affects multiple deployment types including On-Prem, Cloud-Pro, Cloud (Cisco Managed), and SD-WAN for Government (FedRAMP). No patch is currently available.
- Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical remote code execution (RCE) vulnerability has been disclosed in Gogs, an open-source self-hosted Git service, allowing authenticated users to execute arbitrary code. The flaw is rated 9.4 on the CVSS scoring system and currently lacks a CVE identifier.
- Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft has disclosed two actively exploited vulnerabilities in Microsoft Defender, including a privilege escalation flaw (CVE-2026-41091) rated 7.8 on the CVSS scale that could allow attackers to gain SYSTEM privileges, and a denial-of-service vulnerability. These flaws are currently being exploited in the wild.
- Maximum Severity Cisco SD-WAN Bug Exploited in the Wild
A severe bug in Cisco's SD-WAN has been exploited by a threat actor, marking the second time this year a CVSS 10.0 vulnerability has been leveraged in Cisco's network control system. This exploit poses significant risks to affected networks. The vulnerability has a maximum severity score.
- Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Cisco released updates to address a severe authentication bypass flaw in Catalyst SD-WAN Controller, which has been exploited in limited attacks, carrying a CVSS score of 10.0. The vulnerability is tracked as CVE-2026-20182 and affects Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager.
- PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Threat actors attempted to exploit a security vulnerability in PraisonAI within four hours of public disclosure. The vulnerability, CVE-2026-44338, has a CVSS score of 7.3 and exposes sensitive endpoints due to missing authentication. This allows attackers to invoke certain actions.
- Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
A critical security vulnerability (CVE-2026-5752) in Cohere AI's Terrarium sandbox allows attackers to execute arbitrary code with root privileges and escape containers via JavaScript prototype chain traversal. The flaw, rated 9.3 on the CVSS scale, poses significant risks to systems using the Python-based sandbox.
- Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Adobe has released emergency updates to address a critical security flaw in Acrobat Reader (CVE-2026-34621) that is being actively exploited. The vulnerability, rated 8.6 on the CVSS scale, could allow attackers to execute malicious code on affected systems.
- Storm Brews Over Critical, No-Click Telegram Flaw
A critical vulnerability in Telegram, allegedly triggered by a corrupted sticker, has a 9.8 CVSS score but Telegram denies its existence. The flaw highlights potential security risks in messaging apps.