CVE-2026-20182
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability - Active in CISA KEV catalog.
Critical vulnerabilities, curated daily for security professionals
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Wednesday's disclosures center on the WordPress plugin ecosystem and HP infrastructure tooling, with multiple CVSS 9.8 flaws affecting widely deployed WordPress installations and a pair of CVSS 10 issues in HP CtrlPanel and HP/Node components. Critical CVEs climbed to 24 from 10 the prior day (+140%) while high-priority disclosures rose to 64 from 35 (+83%). Notable entries include CVE-2026-43633 and CVE-2026-34234 in HP products at CVSS 10, CVE-2026-47107 affecting Windmill at CVSS 9.6, and CVE-2026-8953 impacting Firefox and Thunderbird sandboxing. Attack patterns skew toward remote code execution, memory corruption across multiple products, and authentication weaknesses in web-facing applications. Patch availability stands at 0% across yesterday's batch, requiring compensating controls and exposure reduction until vendor fixes land; two KEV entries cover Cisco Catalyst SD-WAN (CVE-2026-20182) and Microsoft (CVE-2026-42897).
Immediate action: Prioritize inventory and exposure reduction for WordPress sites, HP CtrlPanel deployments, Windmill instances, and Firefox/Thunderbird endpoints, and apply mitigations for the actively exploited Cisco Catalyst SD-WAN and Microsoft flaws. With 0% patch availability on yesterday's disclosures, rely on WAF rules, network segmentation, and disabling vulnerable plugins or features until vendor updates ship.
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability - Active in CISA KEV catalog.
A cross-site scripting (XSS) vulnerability in Microsoft Exchange Server allows unauthenticated attackers to perform spoofing over a network.
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to insufficient file extension blacklisting, enabling remote code execution.
The ProSolution WP Client WordPress plugin is vulnerable to arbitrary file upload due to improper validation of the upload array, allowing remote code execution.
The Boost plugin for WordPress is vulnerable to PHP Object Injection via an untrusted cookie, which may lead to remote code execution if a POP chain exists.
HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated remote attackers to achieve root-level code execution. Attackers can inject crafted data into HTTP headers that are processed by the PHP session handler but incorrectly deserialized by the Node.js web terminal component as trusted session values, resulting in arbitrary command execution on systems with the web terminal feature enabled.
The Easy Elements for Elementor plugin is vulnerable to privilege escalation, allowing unauthenticated users to register as administrators.
CtrlPanel contains an unauthenticated Remote Code Execution (RCE) vulnerability in its web-based installer, allowing attackers to execute arbitrary commands on the server.
Windmill contains a sandbox escape vulnerability due to incorrect default permissions in nsjail configurations, allowing authenticated users to modify critical system files.
A use-after-free vulnerability in the Disability Access APIs of Mozilla products can lead to a sandbox escape and potential arbitrary code execution.
Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Memory safety bugs present in Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
A same-origin policy bypass exists in the networking component of Mozilla Firefox and Thunderbird, potentially allowing unauthorized cross-origin data access.
A same-origin policy bypass in the DOM networking component of Mozilla Firefox and Thunderbird allows for unauthorized cross-origin interactions.
Apache OFBiz contains a vulnerability involving the use of hard-coded cryptographic keys, which could allow unauthorized decryption or manipulation of sensitive data.
Apache OFBiz is susceptible to LDAP injection, enabling attackers to manipulate LDAP queries through unsanitized user input.
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
An integer wrapping vulnerability in the Kitty terminal emulator can lead to heap-based buffer corruption, allowing for potential arbitrary code execution.
A remote code execution vulnerability in the GlassFish server-side template rendering mechanism allows attackers to execute arbitrary commands via malicious Expression Language (EL) injection.
An authenticated remote code execution vulnerability exists in the GlassFish Administration Console, allowing users with console access to execute arbitrary commands.
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. By bypassing the loopback-only restriction, the attacker can modify the Assistant's configuration to enable full access, which in turn allows the execution of arbitrary commands via the Claude Code sub-agent. This issue is resolved in version 3.10.0.
An authentication bypass vulnerability in the Panabit PAP-XM320 embedded HTTP server allows attackers to bypass login requirements via directory traversal.
Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021.
NGINX JavaScript has a vulnerability when the js_fetch_proxyΒ directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx
The Creative Mail β Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' parameter in all versions up to, and including, 1
Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24
E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents
The Fortis for WooCommerce WordPress plugin before 1
The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1
The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3
The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including, 28
The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current_url' and 'user_name' parameters in versions up to, and including, 2
The Advanced Database Cleaner β Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4
The AcyMailing β An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10
JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods
Sandbox escape in Firefox and Firefox Focus for Android
The Kirki β Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6
HSC MailInspector v5
HSC MailInspector 5
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz
NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization
NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass
Use-after-free in the DOM: Bindings (WebIDL) component
NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read
NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow
Funnel Builder for WooCommerce Checkout prior to 3
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow
A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7
libheif is a HEIF and AVIF file format decoder and encoder
Privilege escalation in the Security component
CtrlPanel is open-source billing software for hosting providers
Information disclosure, sandbox escape in the Security: Process Sandboxing component
An improper authentication vulnerability was discovered in the Motorola Factory TestΒ componentΒ (com
A broken access control issue has been identified in the Talend Administration Center, that allows a user with βViewβ permission to modify the Talend Studio update URL
A flaw was found in Keycloak's URL validation logic during redirect operations
Mitigation bypass in the DOM: Security component
CtrlPanel is open-source billing software for hosting providers
Rsync versionΒ 3
In memcached before 1
In memcached before 1
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status page(s) via XENMEM_add_to_physmap
A flaw was found in Keycloak
A session fixation vulnerability was found in Keycloak's login-actions endpoints
Incorrect boundary conditions in the Audio/Video: Web Codecs component
Integer overflow in the Widget: Win32 component
Incorrect boundary conditions, integer overflow in the Audio/Video component
Spoofing issue in WebExtensions
Spoofing issue in the Web Speech component
Spoofing issue in the Popup Blocker component
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component
HestiaCP versions 1
Terrascan v1
Terrascan v1
Terrascan v1
In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available
Kitty is a cross-platform GPU based terminal
Offline Hospital Management System 5
An issue was discovered in ModelScope 1
An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request
A flaw was found in Keycloak
libheif is a HEIF and AVIF file format decoder and encoder
libheif is a HEIF and AVIF file format decoder and encoder