F5 BIG-IP Appliance Mode - Command Injection

When running in Appliance mode, an authenticated user assigned the Administrator role may bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. id: CVE-2022-41800 info: name: F5 BIG-IP Appliance Mode - Command Injection author: dwisiswant0 severity: high description...

CVE-2026-20246

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...

EUVD-2026-37751

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...

CVE-2026-20246

Summary: CVE-2026-20246 affects Cisco Umbrella Virtual Appliance. A vulnerability in the vmadmin CLI allows an authenticated, local attacker with vmadmin privileges to escalate to root by abusing certain commands at the CLI. The root-cause is insufficient validation of user-supplied commands in v...

Security Bulletin: Vulnerability in edk2 affects IBM Netezza Appliance

Summary The edk2 package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-9230 Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigge...

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities (CVE-2026-23193, CVE-2026-23231, CVE-2026-3497)

Summary IBM MQ Appliance has addressed multiple open source vulnerabilities. Vulnerability Details CVEID:CVE-2026-3497 DESCRIPTION: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions...

Ivanti Cloud Services Appliance - Path Traversal

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. id: CVE-2024-8963 info: name: Ivanti Cloud Services Appliance - Path Traversal author: johnk3r severity: critical description: | Path Traversal in the Ivanti CSA befo...

Quest KACE System Management Appliance 8.0.318 - Remote Code Execution

The '/common/downloadagentinstaller.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. id: CVE-2018-11138 info: name: Quest KACE System Management Appliance 8.0.318 - Remote Code Executi...

Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion

Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processe...

Ivanti EPM Cloud Services Appliance Code Injection

Ivanti EPM Cloud Services Appliance CSA before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions nobody. id: CVE-2021-44529 info: name: Ivanti EPM Cloud Services Appliance Code Injection...

Veeam Software Appliance < 13.0.2.29 Arbitrary File Write (CVE-2026-32997)

The version of Veeam Backup and Replication Veeam Software Appliance installed on the remote Linux host is prior to 13.0.2.29. It is, therefore, affected by a vulnerability that allows an authenticated user with the Backup Administrator role to write arbitrary files on the Linux-based Veeam Backu...

CVE-2026-53470

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

CVE-2026-53470 Migration-planner: getsourcedownloadurl missing organization check

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

CVE-2026-53470 Migration-planner: getsourcedownloadurl missing organization check

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

CVE-2026-53470

CVE-2026-53470 affects migration-planner. An authenticated attacker can exploit an improper access control on /api/v1/sources/{id}/image-url to bypass ownership checks and obtain presigned S3 URLs for other users’ Open Virtual Appliance (OVA) images, potentially downloading images containing long...

EUVD-2026-36034

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

CVE-2026-53476

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEsCVE-2025-39925, CVE-2025-39979 Vulnerability Details CVEID:CVE-2025-39925 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement...

Security Bulletin: IBM Technical Support Appliance is affected by an LDAP Injection Vulnerability in Bouncy Castle BC-JAVA

Summary IBM Technical Support Appliance TSA includes a vulnerable version of the Bouncy Castle BC-JAVA provider library bcprov-jdk18on-1.78.1.jar. A flaw in the BC-JAVA LDAP certificate store implementation LDAPStoreHelper could allow improper neutralization of special elements used in LDAP...

CVE-2026-24464

When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Software versions which have reached End of Technica...