Skip to main content
CVE-2026-20985 MEDIUM This Month

Members versions up to 5.6.00.11 contains a vulnerability that allows attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privile (CVSS 4.3).

Samsung Members
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-40685 MEDIUM This Month

Log Analysis versions 1.3.5.0 versions up to 1.3.8.3 is affected by cross-site request forgery (csrf) (CVSS 4.3).

IBM Industrial CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1554 MEDIUM PATCH This Month

Central Authentication System Server versions up to 2.0.3 contains a security vulnerability (CVSS 4.2).

Drupal Privilege Escalation Central Authentication System Server
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-22247 MEDIUM This Month

GLPI versions 11.0.0 through 11.0.4 allow authenticated administrators to conduct Server-Side Request Forgery (SSRF) attacks via the Webhook functionality, potentially enabling reconnaissance of internal network resources. An attacker with administrative privileges could leverage this capability to probe internal services or bypass network access controls. A patch is available in version 11.0.5 and later.

SSRF Glpi
NVD GitHub
CVSS 3.1
4.1
EPSS
0.0%
CVE-2026-20056 MEDIUM This Month

Cisco Secure Web Appliance's DVS Engine improperly handles certain archive files, allowing unauthenticated remote attackers to bypass the anti-malware scanner and deliver malicious archives to end users. An attacker can exploit this by sending crafted archive files through affected devices to circumvent malware detection. While downloaded malware requires manual extraction and execution by the user, this vulnerability enables distribution of malicious content that would normally be blocked.

Cisco
NVD
CVSS 3.1
4.0
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy