IOS XE

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/cve-images/cves/cve-2026-20127-1772060804671.png

A critical authentication bypass vulnerability in the web management interface of Cisco IOS XE Software allows an unauthenticated, remote attacker to bypass authentication controls and gain administrative access to affected devices.

Cisco Security Advisory

CISA KEV Catalog

Cisco IOS XE Web UI Authentication Bypass

Struts

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/cve-images/cves/cve-2025-49113-1772060883163.png

A critical vulnerability in Apache Struts 2.5.0 through 2.5.30 allows remote attackers to execute arbitrary code via crafted OGNL expressions in HTTP request parameters when Dynamic Method Invocation is enabled.

National Vulnerability Database

Apache Struts Security Advisory

Remote Code Execution in Apache Struts Framework via OGNL Expression Injection

Connect Secure

Policy Secure

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/cve-images/cves/cve-2023-46805-1772063264561.png

A critical authentication bypass vulnerability in Ivanti Connect Secure and Policy Secure Gateways allows unauthenticated remote attackers to bypass authentication controls and gain unauthorized administrative access to affected systems.

Ivanti Security Advisory

Ivanti Connect Secure Authentication Bypass Vulnerability

Adaptive Security Appliance (ASA) Software

Firepower Threat Defense (FTD) Software

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/cve-images/cves/cve-2024-20353-1772063289752.jpeg

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Cisco ASA/FTD Web Services Denial of Service Vulnerability

IOS XE Software

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/cve-images/cves/cve-2022-20775-1772060778649.jpeg

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. This vulnerability is due to insufficient validation of user-supplied input.

Cisco IOS XE Software Command Injection Vulnerability

Cloud Platform

https://hlfitrjkdcidoupducby.supabase.co/storage/v1/object/public/cve-images/cves/cve-2026-25108-1772060858399.png

The Acme Cloud Platform versions 4.2.0 through 4.2.8 contains an unauthenticated remote code execution vulnerability in the API gateway component. A remote attacker can execute arbitrary code by sending specially crafted HTTP requests to the management interface.

Acme Security Advisory

Unauthenticated Remote Code Execution in Acme Cloud Platform

ScreenConnect

ConnectWise ScreenConnect (formerly ScreenConnect) versions prior to 23.9.8 contain an authentication bypass vulnerability that allows an unauthenticated attacker to execute arbitrary commands on the server and gain unauthorized access to the application.

Today's Vulnerability, Explained.

Today's CVE

ConnectWise ScreenConnect Authentication Bypass Vulnerability