Vulnerability intelligence

CVE-2026-20127 is an authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (formerly SD-WAN vSmart) and Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage). This flaw resides within the peering authentication mechanism, which is responsible for establishing trust relationships between SD-WAN components. An unauthenticated, remote attacker can exploit this vulnerability by sending specially crafted requests to an affected system, thereby bypassing the authentication process. Successful exploitation allows the attacker to gain administrative privileges on the affected system, enabling them to log in as a high-privileged, non-root user. From there, the attacker can access NETCONF, which permits the manipulation of network configurations for the entire SD-WAN fabric. This vulnerability has been actively exploited in the wild by sophisticated threat actors, with evidence of malicious activity dating back to 2023.

CVE-2024-23222 is a type confusion vulnerability found within WebKit, the browser engine that powers Apple's Safari and all web browsers on iOS and iPadOS. This flaw allows for arbitrary code execution if a user processes maliciously crafted web content. Apple has acknowledged reports indicating that this issue may have been actively exploited. The vulnerability was addressed by Apple with improved checks and was fixed in various operating system updates, including iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, and tvOS 17.3. It has also been noted as part of the "Coruna" exploit kit, which targeted iOS devices.

CVE-2023-41993 is a vulnerability found within WebKit, the browser engine powering Safari and other web-browsing functions across Apple's ecosystem. This flaw allows for arbitrary code execution when processing maliciously crafted web content. An attacker could exploit this by tricking a user into visiting a specially designed malicious webpage. Apple disclosed this vulnerability on September 21, 2023, and confirmed that it was actively exploited in the wild against versions of iOS prior to 16.7. The issue was addressed with improved checks and fixed in updates for iOS, iPadOS, macOS, and Safari.

CVE-2025-68613 is a Remote Code Execution (RCE) vulnerability found in n8n, an open-source workflow automation platform. The vulnerability exists in versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0. It stems from the workflow expression evaluation system, where expressions supplied by authenticated users during workflow configuration might be evaluated in an execution context lacking sufficient isolation from the underlying runtime. An authenticated attacker could exploit this vulnerability to execute arbitrary code with the privileges of the n8n process. Successful exploitation could lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. The issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0.

CVE-2026-1603 is an authentication bypass vulnerability found in Ivanti Endpoint Manager (EPM) that allows a remote, unauthenticated attacker to extract specific stored credential data. This flaw arises from improper authentication mechanisms within the software, specifically through an alternate path or channel that fails to adequately enforce authentication requirements. Attackers can exploit this vulnerability to bypass standard authentication controls and gain unauthorized access to sensitive credential information stored within the Ivanti Endpoint Manager system. The vulnerability affects Ivanti Endpoint Manager versions prior to 2024 SU5.

CVE-2021-22054 is a Server-Side Request Forgery (SSRF) vulnerability found in various versions of the VMware Workspace ONE UEM console. This flaw allows a malicious actor with network access to the UEM console to send unauthenticated requests. Exploitation of this vulnerability could enable an attacker to gain access to sensitive information. Affected versions include VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37.