PT-2026-42763

Name of the Vulnerable Software and Affected Versions Avantra versions prior to 25.3.0 Description An issue in syslink software AG Avantra on Linux and Windows allows the use of common or default usernames and passwords to gain unauthorized access. Recommendations Update to version 25.3.0 or late...

CVE-2026-2123 Privilege escalation vulnerability in Operations Agent

A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...

CVE-2026-23806 WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through = 2.8...

CVE-2025-69614

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31...

CVE-2025-69614

CVE-2025-69614 affects Deutsche Telekom AG Telekom Account Management Portal (versions prior to 2025-10-27). Root cause: Incorrect Access Control via activation token reuse on the password-reset endpoint, enabling unauthorized password resets and potential full account takeover. Impact is rated C...

Structure AG Libde265 安全漏洞

Structure AG Libde265 is a h.265 video codec developed by the German company Structure AG. There is a security vulnerability in Structure AG Libde265, which stems from a segmentation violation in the decoder context::computeframedroptable component...

Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling

Summary A Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...

CVE-2024-39001

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

GHSA-9C48-W39G-HM26 rsa crate has potential panic on a prime being equal to 1

When creating a RSA private key from its components, the construction panics, instead of returning an error, when one of the primes is 1. Discovered by Christian Reitter from Radically Open Security during a security review for Proton AG...

Array Networks ArrayOS AG OS Command Injection Vulnerability

Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

EUVD-2025-201500

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It's...

Array Networks ArrayOS AG 操作系统命令注入漏洞

Array Networks ArrayOS AG is an SSL-VPN product from Array Networks, Inc. that enables secure remote access regardless of user, device or location. Providing scalable and controlled remote and mobile access to corporate networks, enterprise applications and cloud services for any user, any device...

CVE-2025-66644

CVE-2025-66644 affects Array Networks ArrayOS AG before 9.4.5.9, with an OS command injection vulnerability that could allow an attacker to execute arbitrary commands. Exploitation has been observed in the wild between August and December 2025, impacting ArrayOS AG versions up to 9.4.5.8. Remedia...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

VulnCheck KEV: CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...