Security & Lifecycle News

Aggregated from vendor advisories, security research, and industry publications.

2026-05-02 Cisco Security Advisories

Cisco Webex Services Certificate Validation Vulnerability

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user w…

Cisco CVE-2026-20184

2026-05-02 Cisco Security Advisories

Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This …

Cisco CVE-2026-20174

2026-05-02 Cisco Security Advisories

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command inje…

Cisco CVE-2024-20432

2026-05-02 Cisco Security Advisories

Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family CAPWAP Denial of Service Vulnerability

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family…

Cisco CVE-2026-20086

2026-05-02 Cisco Security Advisories

Cisco Catalyst SD-WAN Vulnerabilities

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to…

Cisco CVE-2026-20122 CVE-2026-20126 CVE-2026-20128

2026-05-02 Cisco Security Advisories

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense

On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromi…

Cisco CVE-2025-20333 CVE-2025-20362

2026-05-02 Cisco Security Advisories

Cisco Webex Contact Center Cross-Site Scripting Vulnerability

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cis…

Cisco CVE-2026-20170

2026-05-02 Palo Alto Security Advisories

PAN-SA-2026-0005 Informational Bulletin: Precautionary Fixes for Non-Exploitable OSS CVEs in PAN-OS (Severity: INFORMATIONAL)

Palo Alto

2026-05-02 Palo Alto Security Advisories

PAN-SA-2026-0006 Informational Bulletin: Impact assessment of OSS CVEs in PAN-OS (Severity: INFORMATIONAL)

Palo Alto

2026-05-02 Palo Alto Security Advisories

CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration (Severity: HIGH)

Palo Alto CVE-2026-0234

2026-05-02 Palo Alto Security Advisories

Security & Lifecycle News

Cisco Webex Services Certificate Validation Vulnerability

Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability

Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family CAPWAP Denial of Service Vulnerability

Cisco Catalyst SD-WAN Vulnerabilities

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense

Cisco Webex Contact Center Cross-Site Scripting Vulnerability

PAN-SA-2026-0003 Chromium: Monthly Vulnerability Update (March 2026) (Severity: MEDIUM)

CVE-2026-0231 Cortex XDR Broker VM: Sensitive Information Disclosure Vulnerability (Severity: MEDIUM)

CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS (Severity: MEDIUM)

CVE-2023-48795 Impact of Terrapin SSH Attack (Severity: MEDIUM)

PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) (Severity: HIGH)

CVE-2026-0229 PAN-OS: Denial of Service in Advanced DNS Security Feature (Severity: MEDIUM)

CVE-2026-0228 PAN-OS: Improper Validation of Terminal Server Agent Certificate (Severity: LOW)

CVE-2026-0232 Cortex XDR Agent: Local Administrator can disable the agent on Windows (Severity: MEDIUM)

PAN-SA-2026-0005 Informational Bulletin: Precautionary Fixes for Non-Exploitable OSS CVEs in PAN-OS (Severity: INFORMATIONAL)

PAN-SA-2026-0006 Informational Bulletin: Impact assessment of OSS CVEs in PAN-OS (Severity: INFORMATIONAL)

CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration (Severity: HIGH)

PAN-SA-2026-0004 Chromium: Monthly Vulnerability Update (April 2026) (Severity: MEDIUM)

CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: MEDIUM)

CVE-2025-4619 PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets (Severity: MEDIUM)

PAN-SA-2025-0018 Chromium and Prisma Browser: Monthly Vulnerability Update (November 2025) (Severity: MEDIUM)

PAN-SA-2025-0017 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION (Severity: INFORMATIONAL)

PAN-SA-2025-0016 Chromium: Monthly Vulnerability Update (October 2025) (Severity: MEDIUM)

CVE-2025-4614 PAN-OS: Session Token Disclosure Vulnerability (Severity: LOW)

CVE-2025-0117 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM)

PAN-SA-2025-0015 Chromium: Monthly Vulnerability Update (September 2025) (Severity: MEDIUM)

CVE-2025-4234 Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials (Severity: LOW)

CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account password (Severity: MEDIUM)

PAN-SA-2026-0001 Chromium: Monthly Vulnerability Update (January 2026) (Severity: MEDIUM)