systemtek.co.uk
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-19.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-19 2026 | Cisco Identity Services Engine Remote Code Execution and Information Disclosure VulnerabilitiesRCE | Writeup on CVE-2026-20181 and CVE-2026-20190 affecting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). CVE-2026-20181, a critical RCE vulnerability with a CVSS score of 9.1, requires administrative credentials and exploits insufficient input validation, allowing command execution and privilege escalation. CVE-2026-20190, a high-severity information disclosure vulnerability (CVSS 7.5), exploits improper authorization checks, potentially revealing hashed credentials. Both vulnerabilities are addressed by Cisco software updates. |
| 2026-06-16 2026 | Samsung rlottie Numeric Truncation Remote Code Execution Vulnerability (CVE-2026-8916)RCE | Writeup of CVE-2026-8916, a numeric truncation remote code execution vulnerability in Samsung's rlottie library. Attackers can exploit this flaw by providing unvalidated user data, leading to integer truncation and arbitrary code execution within the affected process. Samsung has released a patch, with details available via a GitHub pull request. |
| 2026-06-11 2026 | NVIDIA Transformers4Rec Model.load Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2026-24162)RCE | Writeup detailing CVE-2026-24162, a deserialization of untrusted data vulnerability in NVIDIA Transformers4Rec's Model.load function. Successful exploitation requires user interaction, such as visiting a malicious page or opening a file. Attackers can leverage this flaw to execute arbitrary code within the context of the affected process. NVIDIA has released an update to address this vulnerability. |
| 2026-06-08 2026 | Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability (CVE-2026-20230)SSRF | Writeup of CVE-2026-20230, a critical Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) vulnerability. This server-side request forgery (SSRF) flaw, caused by improper input validation for HTTP requests, allows unauthenticated, remote attackers to write files to the underlying operating system, potentially leading to root privilege escalation. Exploitation requires the WebDialer service to be enabled, which is disabled by default. |
| 2026-06-04 2026 | Cisco Webex Meetings Cross-Site Scripting Vulnerability (CVE-2026-20233)XSS | Writeup of CVE-2026-20233, a cross-site scripting (XSS) vulnerability in Cisco Webex Meetings. The flaw stemmed from insufficient user input validation, allowing an unauthenticated remote attacker to execute arbitrary script code or access sensitive browser information by tricking a user into clicking a malicious link. Cisco has resolved this issue in their cloud-based Webex Meetings service, requiring no customer action. |
| 2026-06-01 2026 | Exploitation of Critical SQL Injection Vulnerability in Drupal (CVE-2026-9082)SQLi | Writeup detailing the exploitation of CVE-2026-9082, a critical SQL injection vulnerability in Drupal affecting PostgreSQL databases. This unauthenticated flaw, rated 9.8 (CVSS), allows arbitrary SQL execution via crafted requests. CISA has added it to their KEV catalogue, with over 15,000 exploitation attempts detected across various sectors, primarily in the United States. Drupal recommends upgrading to the latest supported release or applying backported fixes. |
| 2026-05-11 2026 | Cisco Identity Services Engine Stored Cross-Site Scripting VulnerabilitiesXSS | Writeup on Cisco Identity Services Engine (ISE) stored cross-site scripting vulnerabilities, CVE-2025-20204 and CVE-2025-20205. These flaws stem from insufficient input validation in the web-based management interface, allowing authenticated attackers to inject malicious script code. Exploitation enables arbitrary script execution within the interface context or access to sensitive browser data, requiring administrative credentials. Cisco has released updates to address these issues. |
| 2026-05-07 2026 | Critical severity vulnerability affecting CPython (CVE-2026-6100)Python | Writeup of CVE-2026-6100, a critical use-after-free vulnerability in CPython affecting `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. The vulnerability arises when decompressor instances are reused after a `MemoryError` during decompression, leading to a dangling pointer. Standard one-shot decompression functions like `lzma.decompress()` are unaffected. |
| 2026-01-16 2026 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability (CVE-2026-20076)XSS | Writeup of CVE-2026-20076, a stored cross-site scripting vulnerability in Cisco Identity Services Engine's web-based management interface. Exploitation requires administrative credentials and involves injecting malicious code into specific pages, allowing script execution or access to sensitive browser-based information. Cisco has released software updates to address this issue. |