What's happening in cyber, in plain English
We pull from NCSC, CISA, Have I Been Pwned and the NVD every six hours, then summarise each item into what it is, who it affects, and what you can do about it.
- LowAdvisoryCisco PSIRT — security advisories· 24 Apr 2026· summary pending
Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense
On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices related to Cisco Secure Firewall Adaptive Security Appliance
- HighAdvisoryCisco PSIRT — security advisories· 24 Apr 2026· summary pending
Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue
- MediumAdvisoryCisco PSIRT — security advisories· 22 Apr 2026· summary pending
Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulner
- HighAdvisoryCisco PSIRT — security advisories· 22 Apr 2026· summary pending
Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affected system and elev
- CriticalAdvisoryCisco PSIRT — security advisories· 22 Apr 2026· summary pending
Cisco Catalyst SD-WAN Vulnerabilities
Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information, and overwrite arbitrary files. For more information abou
- CriticalAdvisoryCisco PSIRT — security advisories· 16 Apr 2026· summary pending
Cisco Webex Services Certificate Validation Vulnerability
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate va
- MediumAdvisoryCisco PSIRT — security advisories· 16 Apr 2026· summary pending
Cisco Secure Web Appliance Authentication Bypass Vulnerability
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of use
- MediumAdvisoryCisco PSIRT — security advisories· 15 Apr 2026· summary pending
Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on
- CriticalAdvisoryCisco PSIRT — security advisories· 15 Apr 2026· summary pending
Cisco Identity Services Engine Remote Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit these vulnerabilities, the attacker must have at l
- CriticalAdvisoryCisco PSIRT — security advisories· 15 Apr 2026· summary pending
Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote code execution or conduct path traversal attacks on an affected device. To explo
- MediumAdvisoryCisco PSIRT — security advisories· 15 Apr 2026· summary pending
Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS a
- MediumAdvisoryCisco PSIRT — security advisories· 15 Apr 2026· summary pending
Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating
- MediumAdvisoryCisco PSIRT — security advisories· 15 Apr 2026· summary pending
Cisco Webex Contact Center Cross-Site Scripting Vulnerability
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, a
- MediumAdvisoryCisco PSIRT — security advisories· 15 Apr 2026· summary pending
Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities
Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to conduct a cross-site scripting (XSS) attack, an open redirect attack, and an SQL injection attack. For more information about these vulnerabilities, see the Details section of
- MediumAdvisoryCisco PSIRT — security advisories· 15 Apr 2026· summary pending
Cisco Unity Connection Arbitrary File Download Vulnerabilities
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabiliti
- MediumAdvisoryCisco PSIRT — security advisories· 2 Apr 2026· summary pending
Cisco IOS XE Software Denial of Service Vulnerability
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incorrect privileges are associated with the start maintenanc
- CriticalAdvisoryCisco PSIRT — security advisories· 1 Apr 2026· summary pending
Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintention
- MediumAdvisoryCisco PSIRT — security advisories· 1 Apr 2026· summary pending
Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An
- HighAdvisoryCisco PSIRT — security advisories· 1 Apr 2026· summary pending
Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability
A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user infor
- HighAdvisoryCisco PSIRT — security advisories· 1 Apr 2026· summary pending
Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access. This vulnerabil
- CriticalAdvisoryCisco PSIRT — security advisories· 1 Apr 2026· summary pending
Cisco Integrated Management Controller Authentication Bypass Vulnerability
A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin . This vulnerability is due to incorrect handli
- MediumAdvisoryCisco PSIRT — security advisories· 1 Apr 2026· summary pending
Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability
A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validatio
- MediumAdvisoryCisco PSIRT — security advisories· 1 Apr 2026· summary pending
Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authenticatio
- CriticalAdvisoryCisco PSIRT — security advisories· 31 Mar 2026· summary pending
Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper u
- MediumAdvisoryCisco PSIRT — security advisories· 25 Mar 2026· summary pending
Cisco IOx Application Hosting Environment Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based managem
- HighAdvisoryCisco PSIRT — security advisories· 25 Mar 2026· summary pending
Cisco IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauth
- HighAdvisoryCisco PSIRT — security advisories· 25 Mar 2026· summary pending
Cisco IOS XE Software for Catalyst 9000 Series Switches DHCP Snooping Denial of Service Vulnerability
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service (DoS) condition. This vulnerability is due to improper
- HighAdvisoryCisco PSIRT — security advisories· 25 Mar 2026· summary pending
Cisco IOS Software and IOS XE Software Release 3E HTTP Server Denial of Service Vulnerability
A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulne
- MediumAdvisoryCisco PSIRT — security advisories· 25 Mar 2026· summary pending
Cisco IOS XE Software Secure Channel for Meraki Information Disclosure Vulnerability
A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker co
- MediumAdvisoryCisco PSIRT — security advisories· 25 Mar 2026· summary pending
Cisco IOS XE Software Lobby Ambassador Privilege Escalation Vulnerability
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This
Sources are pulled directly from each provider's public feed and never modified. AI summaries are produced for plain-English readability and are clearly labelled — always follow the source link for the authoritative advisory.