Skip to main content

ManageEngine Products – Predictable SSO Ticket Generation / Account Takeover (CVE-2026-11374)

Scope: ADSelfService Plus (prior to build 6529), RecoveryManager

CPython configparser – Configuration Injection via Carriage Return (CVE-2026-0864)

Scope: CPython, All Versions Prior to 3.15.0

Cisco Identity Services Engine Unauthenticated Information Disclosure Exposes Password Hashes (CVE-2026-20190)

Scope: Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), All Versio

Dell AIOps Collector Hard-Coded Default Credentials Allow Unauthorized Filesystem Access (CVE-2026-32652)

Scope: Dell AIOps Collector Versions Prior to 1.18.3 (Fresh Installations Only)

Cisco Identity Services Engine Authenticated Remote Code Execution and Root Privilege Escalation (CVE-2026-20181 / CVE-2026-20190)

cope: Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), All Version

Contest Gallery WordPress Plugin Authenticated Privilege Escalation to Administrator (CVE-2026-12165)

Scope: Contest Gallery WordPress Plugin Versions 0 through 30.0.2

Microsoft 365 Copilot "SearchLeak" One-Click Data Exfiltration via Prompt Injection Now Patched (CVE-2026-42824)

Scope: Microsoft 365 Copilot Enterprise Search (All Tenants, Now Patched Server-Side)

Subscribe to Advisories