ALL POSTS

Key Findings Cisco patched four critical vulnerabilities in Identity Services Engine and Webex with CVSS scores ranging from 9.8 to 9.9 CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user through improper certificate validation CVE-2026-20147, CVE-2026-20180, and CVE-2026-20186 enable authenticated attackers with admin credentials to execute arbitrary code and OS commands No evidence of active exploitation in the wild, but immediate patching is stron

Key Findings Grafana has patched a critical vulnerability (CVE-2025-41115) in its SCIM (System for Cross-domain Identity Management) implementation with a CVSS score of 10.0. The flaw could allow a malicious or compromised SCIM client to provision a user with a numeric `externalId`, enabling potential impersonation or privilege escalation under certain configurations. The vulnerability affects Grafana Enterprise versions from 12.0.0 to 12.2.1 and has been addressed in Grafana