6.5
CVE-2026-5758 - Mafintosh's protocol-buffers-schema is vulnerable to prototype pollution
JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution.
9.3
CVE-2025-15610 - Deserialization of Untrusted Data Allows Object Injection in OpenText RightFax
Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4.
7.6
CVE-2025-63029 - WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1.
7.5
CVE-2026-6372 - WordPress Accept Cryptocurrencies with Plisio plugin <= 2.0.5 - Payment Bypass vulnerability
Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5.
6
CVE-2026-20136 - Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to rβ¦
6.1
CVE-2026-20059 - Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-β¦
4.3
CVE-2026-20061 - Cisco Unity Connection SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vβ¦
4.7
CVE-2026-20060 - Cisco Unity Connection Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabilβ¦
6.1
CVE-2026-20170 - Unauthenticated XSS in Cisco Webex Contact Center Desktop Agent
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. Thiβ¦
9.8
CVE-2026-20184 - Cisco Webex Meetings Certificate Validation Vulnerability
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerabilitβ¦