Tag: ssrf
6 articles

Cisco Confirms Active Exploitation of Unified CM Flaw
Over 200 Cisco Unified Communications Manager instances are vulnerable to a remotely exploitable flaw, CVE-2026-20230, which allows low-complexity server-side request forgery attacks with a simple crafted HTTP request. This critical vulnerability puts widely used IP telephony systems at risk, particularly in Asia and North America.

Cisco Vulnerabilities Targeted in String of Exploits
Hackers are actively exploiting a recently patched Cisco vulnerability, CVE-2026-20230, using a clever chain of attacks that can grant them root privileges on compromised devices. This alarming exploit activity was uncovered by threat-intel company Defused, highlighting the urgent need for robust security measures.

Cisco Unified CM Flaw Exploited in Active Attacks
Hackers are actively exploiting a high-severity flaw in Cisco Unified CM, tracked as CVE-2026-20230, which allows them to send malicious HTTP requests and potentially take control of affected devices. This vulnerability, with a CVSS score of 8.6, could enable attackers to write files to the underlying operating system and escalate their privileges.

Cisco Unified CM flaw exploited in targeted attacks
Hackers are actively exploiting a high-severity flaw in Cisco Unified Communications Manager, allowing them to gain unauthorized access and control over vulnerable systems. This newly discovered vulnerability, tracked as CVE-2026-20230, has a CVSS score of 8.6, indicating a significant threat to security.

Cisco Fixes Unified CM Flaw as Exploit Code Goes Public
Cisco has patched a critical vulnerability in its Unified Communications Manager, known as CVE-2026-20230, which could allow hackers to write arbitrary files to the server's operating system and potentially escalate privileges to root. With proof-of-concept exploit code now public, the threat level has significantly increased.

LMDeploy Vulnerability Exploited Within 13 Hours of Disclosure
A critical vulnerability in LMDeploy's vision-language module was exploited in the wild just 13 hours after its disclosure, allowing attackers to access sensitive resources and internal networks. This server-side request forgery flaw, tracked as CVE-2026-33626, affects all versions of the toolkit prior to 0.12.0.