Security & Lifecycle News

Aggregated from vendor advisories, security research, and industry publications.

2026-05-02 Cisco Security Advisories

Cisco Unity Connection Arbitrary File Download Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabiliti…

Cisco CVE-2026-20078 CVE-2026-20081

2026-05-02 Cisco Security Advisories

Cisco Webex Services Certificate Validation Vulnerability

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user w…

Cisco CVE-2026-20184

2026-05-02 Cisco Security Advisories

Cisco Integrated Management Controller Authentication Bypass Vulnerability

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and ga…

Cisco CVE-2026-20093

2026-05-02 Cisco Security Advisories

Cisco Secure Firewall Management Center Software SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authe…

Cisco CVE-2024-20340

2026-05-02 Cisco Security Advisories

Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrati…

Cisco CVE-2026-20136

2026-05-02 Cisco Security Advisories

Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files …

Cisco CVE-2026-20042

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software for Catalyst 9000 Series Switches DHCP Snooping Denial of Service Vulnerability

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resultin…

Cisco CVE-2026-20084

2026-05-02 Cisco Security Advisories

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense

On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromi…

Cisco CVE-2025-20333 CVE-2025-20362

2026-05-02 Cisco Security Advisories

Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS)…

Cisco CVE-2026-20085 CVE-2026-20087 CVE-2026-20088

2026-05-02 Cisco Security Advisories

Cisco Catalyst SD-WAN Vulnerabilities

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to…

Cisco CVE-2026-20122 CVE-2026-20126 CVE-2026-20128

2026-05-02 Cisco Security Advisories

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system…

Cisco CVE-2026-20151

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software Secure Copy Protocol Server Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of serv…

Cisco CVE-2026-20083

2026-05-02 Cisco Security Advisories

Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote …

Cisco CVE-2026-20147 CVE-2026-20148

2026-05-02 Cisco Security Advisories

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command inje…

Cisco CVE-2024-20432

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software Secure Channel for Meraki Information Disclosure Vulnerability

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a dev…

Cisco Meraki CVE-2026-20115

2026-05-02 Cisco Security Advisories

Cisco Secure Firewall Adaptive Security Appliance Software SSH Partial Private Key Authentication Bypass Vulnerability

A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow…

Cisco CVE-2026-20009

2026-05-02 Cisco Security Advisories

Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco IOS XR Software could allow an authenticated, local attacker to execute commands as root on an underlying operating system or gain full administra…

Cisco CVE-2026-20040 CVE-2026-20046

2026-05-02 Cisco Security Advisories

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system …

Cisco CVE-2026-20161

2026-05-02 Cisco Security Advisories

Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack t…

Cisco CVE-2026-20041

2026-05-02 Cisco Security Advisories

Cisco Secure Web Appliance Authentication Bypass Vulnerability

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authenticat…

Cisco CVE-2026-20152

2026-05-02 Palo Alto Security Advisories

PAN-SA-2026-0004 Chromium: Monthly Vulnerability Update (April 2026) (Severity: MEDIUM)

Palo Alto

2026-05-02 Palo Alto Security Advisories

CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate (Severity: MEDIUM)

Palo Alto CVE-2026-0233

2026-05-02 Palo Alto Security Advisories

CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration (Severity: HIGH)

Palo Alto CVE-2026-0234

2026-05-02 Palo Alto Security Advisories

PAN-SA-2026-0005 Informational Bulletin: Precautionary Fixes for Non-Exploitable OSS CVEs in PAN-OS (Severity: INFORMATIONAL)

Palo Alto

2026-05-02 Palo Alto Security Advisories

Security & Lifecycle News

Cisco Unity Connection Arbitrary File Download Vulnerabilities

Cisco Webex Services Certificate Validation Vulnerability

Cisco Integrated Management Controller Authentication Bypass Vulnerability

Cisco Secure Firewall Management Center Software SQL Injection Vulnerability

Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability

Cisco IOS XE Software for Catalyst 9000 Series Switches DHCP Snooping Denial of Service Vulnerability

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense

Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities

Cisco Catalyst SD-WAN Vulnerabilities

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

Cisco IOS XE Software Secure Copy Protocol Server Denial of Service Vulnerability

Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability

Cisco IOS XE Software Secure Channel for Meraki Information Disclosure Vulnerability

Cisco Secure Firewall Adaptive Security Appliance Software SSH Partial Private Key Authentication Bypass Vulnerability

Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability

Cisco Secure Web Appliance Authentication Bypass Vulnerability

PAN-SA-2026-0004 Chromium: Monthly Vulnerability Update (April 2026) (Severity: MEDIUM)

CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate (Severity: MEDIUM)

CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration (Severity: HIGH)

PAN-SA-2026-0005 Informational Bulletin: Precautionary Fixes for Non-Exploitable OSS CVEs in PAN-OS (Severity: INFORMATIONAL)

CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal (Severity: HIGH)

PAN-SA-2026-0006 Informational Bulletin: Impact assessment of OSS CVEs in PAN-OS (Severity: INFORMATIONAL)

CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate (Severity: LOW)

PAN-SA-2026-0003 Chromium: Monthly Vulnerability Update (March 2026) (Severity: MEDIUM)

PAN-SA-2025-0018 Chromium and Prisma Browser: Monthly Vulnerability Update (November 2025) (Severity: MEDIUM)

CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature (Severity: MEDIUM)