Cisco Catalyst SD-WAN Manager
Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability — Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability — Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a
Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability — Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which c
Extortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposed
Ivanti Sentry OS Command Injection Vulnerability — Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level
454,635 records exposed — Academic records, Citizenship statuses, Dates of birth, Disabilities and 11 more
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability — Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HT
Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability — Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerab
Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability — Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch
Check Point Security Gateway Improper Authentication Vulnerability — Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacke
BerriAI LiteLLM Command Injection Vulnerability — BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrar
102,935 records exposed — Email addresses, Names, Phone numbers, Physical addresses and 1 more
396,313 records exposed — Email addresses, Employers, Job titles, Names and 3 more
SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability — SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: de
Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability — Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to a
2,553,599 records exposed — Dates of birth, Email addresses, Genders, Government issued IDs and 4 more
Android Framework Integer Overflow Vulnerability — Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.
Linux Kernel Improper Authentication Vulnerability — Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.
Oracle WebLogic Server Unspecified Vulnerability — Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.
177,860 records exposed — Device information, Email addresses, IP addresses, Passwords and 2 more
63,926 records exposed — Email addresses, IP addresses, Passwords, Support tickets and 1 more
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability — Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorize
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
4,851,517 records exposed — Email addresses, Job titles, Names, Phone numbers and 1 more
269,299 records exposed — Email addresses, Names, Partial credit card data, Phone numbers and 2 more