Skip to main content
CVE-2026-23511 MEDIUM PATCH This Month

Zitadel versions prior to 4.9.1 and 3.4.6 contain a user enumeration vulnerability in their login interfaces that allows unauthenticated attackers to discover valid user accounts by testing usernames and user IDs. An attacker can leverage this information disclosure to build lists of existing users for targeted attacks against the identity management platform. The vulnerability has been patched in versions 4.9.1 and 3.4.6.

Information Disclosure Zitadel Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22645 MEDIUM This Month

Incoming Goods Suite exposes component names, versions, and license details to unauthenticated users, enabling attackers to identify and exploit known vulnerabilities in those dependencies. This information disclosure affects any organization running the application and allows remote adversaries to conduct targeted attacks without authentication.

Information Disclosure Incoming Goods Suite
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-13844 MEDIUM This Month

CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody. [CVSS 5.3 MEDIUM]

Memory Corruption Ecostruxure Power Build Rapsody
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-67081 MEDIUM This Month

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. [CVSS 4.9 MEDIUM]

SQLi Itflow
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-20076 MEDIUM This Month

Stored XSS in Cisco ISE's web management interface allows authenticated administrators to inject malicious scripts that execute in other users' browsers, potentially compromising sensitive information or hijacking administrative sessions. Exploitation requires valid admin credentials and user interaction, making it suitable for insider threats or compromised accounts. No patch is currently available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-20075 MEDIUM This Month

Stored XSS in Cisco Prime Infrastructure and EPNM web management interfaces allows authenticated administrators with high privileges to inject malicious scripts that execute in other users' browsers, potentially enabling session hijacking or credential theft. The vulnerability stems from insufficient input validation in specific data fields and requires valid admin credentials to exploit. No patch is currently available.

Cisco XSS Prime Infrastructure Evolved Programmable Network Manager
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-20047 MEDIUM This Month

Cisco ISE and ISE-PIC's web management interface fails to properly sanitize user input, enabling authenticated admins to inject malicious scripts that execute in other users' browsers. Successful exploitation allows attackers with valid administrative credentials to steal session data or perform actions on behalf of legitimate users through reflected XSS attacks. No patch is currently available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-22917 MEDIUM This Month

Denial of service conditions in TDC X401GL firmware can be triggered by authenticated network attackers through improper input handling at a system endpoint, resulting in resource exhaustion and service unavailability. The vulnerability requires valid credentials and network access but no user interaction, affecting the availability of affected devices. No patch is currently available for this medium-severity issue.

Denial Of Service Tdc X401gl Firmware
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22912 MEDIUM This Month

Insufficient validation of login parameters in TDC X401gl Firmware enables open redirect attacks that can redirect authenticated users to attacker-controlled websites. This allows threat actors to harvest credentials and conduct phishing attacks against unsuspecting users following successful authentication. The vulnerability requires user interaction but carries minimal complexity, affecting systems accessible over the network.

Open Redirect Tdc X401gl Firmware
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22916 MEDIUM This Month

TDC X401GL firmware lacks proper authorization controls on privileged operations, allowing authenticated users to trigger system functions like reboot or factory reset without appropriate restrictions. This could enable attackers with low-level credentials to disrupt service availability or erase device configurations. No patch is currently available for this vulnerability.

Information Disclosure Tdc X401gl Firmware
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22915 MEDIUM This Month

Tdc X401gl Firmware contains an information disclosure vulnerability that allows authenticated attackers to access files in restricted directories on the device. The low-privileged access requirement and network-based attack vector create risk for exposure of sensitive data stored on affected devices. No patch is currently available for this vulnerability.

Information Disclosure Tdc X401gl Firmware
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22918 MEDIUM This Month

Tdc X401gl firmware lacks clickjacking protections, allowing remote attackers to deceive users into executing unintended actions on maliciously crafted pages. An attacker could leverage this vulnerability to trick users into divulging sensitive information or modifying device settings without their knowledge or consent.

Information Disclosure XSS Tdc X401gl Firmware
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22646 MEDIUM This Month

Incoming Goods Suite exposes sensitive internal system information through error messages accessible to authenticated users, enabling attackers to gather reconnaissance data such as file paths and database details for further exploitation. With network accessibility and low complexity requirements, an attacker with valid credentials can leverage this information disclosure to map the application's architecture and identify additional vulnerabilities.

Information Disclosure Incoming Goods Suite
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22913 MEDIUM This Month

TDC X401GL firmware contains a reflected cross-site scripting vulnerability in URL parameter handling that allows unauthenticated attackers to inject malicious scripts executed in authenticated users' browsers. Successful exploitation enables attackers to steal sensitive data from compromised sessions without user knowledge. No patch is currently available.

Information Disclosure XSS Tdc X401gl Firmware
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-22914 MEDIUM This Month

TDC X401GL devices allow authenticated users to write files to restricted locations due to insufficient access controls, enabling unauthorized system modification. The vulnerability requires valid credentials and affects the device's integrity but not confidentiality or availability. No patch is currently available for this firmware issue.

Information Disclosure Tdc X401gl Firmware
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy