CPython configparser – Configuration Injection via Carriage Return (CVE-2026-0864)

Scope: CPython, All Versions Prior to 3.15.0

Severity: Medium

Read More

ManageEngine Products – Predictable SSO Ticket Generation / Account Takeover (CVE-2026-11374)

Scope: ADSelfService Plus (prior to build 6529), RecoveryManager Plus (prior to 6321), M365 Manager Plus (prior to 4817), and ADAudit Plus (prior to 8703)

Read More

Claude Code – Indirect Prompt Injection and WebFetch Data Exfiltration (CVE-2026-54316)

Scope: Anthropic Claude Code Developer Tool, All Vulnerable Versions

Severity: High

Read More

Contest Gallery WordPress Plugin Authenticated Privilege Escalation to Administrator (CVE-2026-12165)

Scope: Contest Gallery WordPress Plugin Versions 0 through 30.0.2

Severity: High

Read More

Cisco Identity Services Engine Unauthenticated Information Disclosure Exposes Password Hashes (CVE-2026-20190)

Scope: Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), All Versions Prior to Fixed Releases

Severity: High

Read More

Cisco Identity Services Engine Authenticated Remote Code Execution and Root Privilege Escalation (CVE-2026-20181 / CVE-2026-20190)

cope: Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), All Versions Prior to Fixed Releases

Severity: Red

Read More