6.1
CVE-2026-20116 - Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities
A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX), and Cisco Unified Intelligence Center could allow an unauβ¦
8.8
CVE-2026-20046 - Cisco IOS XR Software CLI Privilege Escalation Vulnerability
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups wβ¦
7.4
CVE-2026-20074 - Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vβ¦
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of inβ¦
8.8
CVE-2026-20040 - Cisco IOS XR Software CLI Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI β¦
2.1
CVE-2026-1471 - Caching of authentication context
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint).Β We recomβ¦
6.5
CVE-2026-30239 - OpenProject has a Permission Check bypass on Budget deletion allows reassignment of WorkPackages inβ¦
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. This β¦
4.3
CVE-2026-30236 - OpenProject users that are not project members can be used to calculate Labor Budget, leaking theirβ¦
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate (if one was set up) toβ¦
8
CVE-2026-20163 - Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Spβ¦
In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the β¦
6.3
CVE-2026-20162 - Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a View β¦
5.4
CVE-2026-20166 - Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise
In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Spluβ¦