8.8
CVE-2026-20094 - Cisco Integrated Management Controller Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation β¦
6.5
CVE-2026-20095 - Cisco Integrated Management Controller Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper valiβ¦
9.8
CVE-2026-20093 - Cisco Integrated Management Controller Authentication Bypass Vulnerability
A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. β¦
6.1
CVE-2026-20085 - Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability bβ¦
6.1
CVE-2026-20041 - Cisco Nexus Dashboard Server Side Request Forgery Vulnerability
A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attβ¦
6.5
CVE-2026-20042 - Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypβ¦
6.8
CVE-2026-33990 - Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)
Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's WWW-Authentβ¦
5.4
CVE-2026-33978 - Notesnook: Stored XSS in mobile share editor via unescaped web clip title metadata
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the mobilβ¦
6.5
CVE-2026-2265 - Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization
An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object.
7.1
CVE-2026-34603 - @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions
Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the mβ¦