6.9
CVE-2026-4832 - Hard‑coded SNMP Credentials Enable Unauthorized Device Access
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.
5.4
CVE-2026-4914 - Stored XSS in Ivanti N-ITSM Leads to Session Information Disclosure
Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required.
5.7
CVE-2026-4913 - Authenticated Bypass of Account Disabling in Ivanti Neurons for ITSM
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.
7.1
CVE-2026-4344 - Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc…
7.1
CVE-2026-4345 - Stored Cross-Site Scripting (XSS) Vulnerability in Design Name
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o…
7.1
CVE-2026-4369 - Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to …
9.1
CVE-2025-8095 - Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other supporte…
8.2
CVE-2025-7389 - Unauthorized Arbitrary File Read via RMI in AdminServer Interface
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read arb…
7.4
CVE-2026-2450 - Thread Hijack via .NET Impersonation Misconfiguration
.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.
9
CVE-2026-2449 - Privilege Escalation via Argument Injection in upKeeper Instant Privilege Access
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.