Activity

Vulnerability name

Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability

Product

Cisco Unified Communications Manager

CVE-2026-20230 is an unauthenticated Server-Side Request Forgery (SSRF) vulnerability found in the WebDialer component of Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition. This flaw stems from improper input validation of specific HTTP requests, allowing a remote, unauthenticated attacker to send crafted requests. Successful exploitation of this vulnerability enables an attacker to write arbitrary files to the underlying operating system. These files can subsequently be used to escalate privileges to root on the affected system. While proof-of-concept exploit code is publicly available, Cisco has not observed active exploitation of this vulnerability. The affected WebDialer service is disabled by default, meaning only deployments where it has been explicitly enabled are susceptible.

Vulnerability name

PTC Windchill and FlexPLM Improper Input Validation Vulnerability

Product

PTC Windchill and FlexPLM

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030

Vulnerability name

Ubiquiti UniFi OS Improper Input Validation Vulnerability

Product

Ubiquiti UniFi OS

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Vulnerability name

Ubiquiti UniFi OS Path Traversal Vulnerability

Product

Ubiquiti UniFi OS

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

Vulnerability name

Ubiquiti UniFi OS Improper Access Control Vulnerability

Product

Ubiquiti UniFi OS

CVE-2026-34908 is an Improper Access Control vulnerability (CWE-284) affecting Ubiquiti UniFi OS devices. Disclosed on May 21, 2026, this flaw allows a malicious actor with network access to bypass access restrictions and make unauthorized changes to the system. The vulnerability does not require authentication or user interaction for exploitation. This issue impacts various Ubiquiti UniFi OS devices, including models such as UDM, UDM-Pro, UDM-SE, and UDM-Pro-Max systems. Ubiquiti has released security updates to address this vulnerability.