Vulnerability Disclosure

Cisco Advisories Vulnerability Disclosure Cisco Apr 16

Cisco Webex Services Certificate Validation Vulnerability

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to...

T1598

Cisco Advisories →

Tenable Blog Vulnerability Disclosure Tenable Apr 16

Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching

See how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Proto...

Tenable Blog →

Wordfence Blog Vulnerability Disclosure WordPress Apr 16

Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin

On April 6th, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Ninja Forms – File Upload, a WordPress plugin with an estimated 5...

T1190

Wordfence Blog →

Wordfence Blog Vulnerability Disclosure Intel WordPress Apr 16

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)

Last week, there were 153 vulnerabilities disclosed in 117 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulne...

Wordfence Blog →

Cisco Advisories Vulnerability Disclosure Cisco Apr 16

Cisco Secure Web Appliance Authentication Bypass Vulnerability

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacke...

T1556

Cisco Advisories →

Infosecurity Magazine Vulnerability Disclosure Amazon Apr 16

NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities

NIST’s National Vulnerability Database will now prioritize enriching new and exploited flaws to address the record growth of reported CVEs

Infosecurity Magazine →

Infosecurity Magazine Vulnerability Disclosure Apr 16

Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads

Ox Security claims as many as 200,000 servers are exposed by newly discovered MCP vulnerability

Infosecurity Magazine →

Recorded Future Vulnerability Disclosure Apr 16

From Bazooka to Fake Nikes

A deep dive into business impersonation fraud — from fake companies cashing stolen checks to AI-powered shopping scams — and why the same vulnerability enabl...

Recorded Future →

Qualys Blog Vulnerability Disclosure Oracle Qualys Apr 15

Qualys VMDR and TotalCloud™ Now Available on Oracle Cloud Marketplace

Key Takeaways As organizations accelerate cloud adoption, security teams are under increasing pressure to gain unified visibility, prioritize risk effectivel...

Qualys Blog →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Identity Services Engine Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlyin...

T1190

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local att...

T1059 T1548

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with adm...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary fil...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Unity Connection Arbitrary File Download Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To expl...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to conduct a cross-site scripting (XSS) attack, an open redirect attack, and...

2 IOCs

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 15

Cisco Webex Contact Center Cross-Site Scripting Vulnerability

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site...

T1598

Cisco Advisories →

Infosecurity Magazine Vulnerability Disclosure Apr 15

AI Companies to Play Bigger Role in CVE Program, Says CISA

At VulnCon, Lindsey Cerkovnik, head of vulnerability management at CISA, said AI companies should play a bigger role in vulnerability disclosures in the future

Infosecurity Magazine →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 15

ZDI-26-275: Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Qlib. Authentication is not required to...

T1190 T1059

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 15

ZDI-26-274: Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Qlib. User interaction is required to exploit thi...

T1190

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 15

ZDI-26-273: Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Olive. User interaction is required to exploit th...

T1190

Zero Day Initiative →