Lucene search
+L

2513 matches found

Nuclei
Nuclei
added 2 days ago77 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...

10CVSS7.1AI score0.39544EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago115 views

Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

10CVSS7.2AI score0.39335EPSS
Exploits1References4
Nuclei
Nuclei
added 2 days ago96 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerabili...

10CVSS7.1AI score0.42551EPSS
Exploits1References3
OSV
OSV
added 5 days ago3 views

CLEANSTART-2026-AV21509 Security fixes for CVE-2026-27145, CVE-2026-33816, CVE-2026-34986, CVE-2026-39821, CVE-2026-39824, CVE-2026-39883, CVE-2026-41602, CVE-2026-42504, CVE-2026-42507, CVE-2026-46595, ghsa-6g7g-w4f8-9c9x, ghsa-p77j-4mvh-x3m3, ghsa-xmrv-pmrh-hhx2 applied in versions: 0.144.0-r3, 0.144.0-r4, 0.150.0-r0, 0.150.0-r1

Multiple security vulnerabilities affect the opentelemetry-collector-contrib package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.1AI score0.01163EPSS
Exploits1References24
OSV
OSV
added 5 days ago3 views

MAL-2026-10403 Malicious code in @iana-rzms/bff-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7adbad0c719aec3345c5aa16b3435e8621f4a81b5a0e0cf0e0d979509e5d21f Package published to the public @iana-rzms scope as a dependency-confusion squat targeting an internal ICANN namespace. The preinstall lifecycle scri...

6.1AI score
Exploits0References1
EUVD
EUVD
added 2026/07/10 12:31 a.m.10 views

EUVD-2026-42718

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...

6CVSS6AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/07/09 10:17 p.m.7 views

CVE-2026-57029

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...

6CVSS0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 9:12 p.m.14 views

CVE-2026-57029

CVE-2026-57029 describes a missing synchronization vulnerability in the flow collector handler of Junos OS Evolved on QFX Series. When the reachability of an sFlow collector changes, updating the next-hop entry can race with the sFlow thread accessing the same data, causing the evo-pfemand proces...

6CVSS6AI score0.0019EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/09 9:12 p.m.33 views

CVE-2026-57029 Junos OS Evolved: QFX Series: When sFlow collector reachability changes evo-pfemand process can crash

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...

6CVSS0.0019EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/09 9:12 p.m.7 views

CVE-2026-57029

A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...

6CVSS6AI score0.0019EPSS
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/09 8:40 p.m.14 views

Malicious code in fury_frontend-andes-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29bea4f118854efa6568545722d7210a76e06e64cad4036e0cc0b45c45aafe37 The package's postinstall hook auto-executes index.js on npm install. The script collects the installer's OS username os.userInfo, current working...

6AI score
Exploits0References2
NVD
NVD
added 2026/07/09 8:16 a.m.8 views

CVE-2026-31985

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS0.00121EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 7:23 a.m.17 views

CVE-2026-31985

CVE-2026-31985 affects the Remote Collector when configuring a Guardian or CMC via n2os-tui. The generated configuration disables TLS certificate verification, with no option to re-enable it, enabling MITM and potentially theft of the sync token, impersonation of the server, injection of spoofed ...

8.3CVSS6AI score0.00121EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 7:23 a.m.34 views

CVE-2026-31985 Disabled and non-configurable TLS certificate validation in n2os-tui when connecting the Remote Collector to a Guardian or CMC, in Remote Collector before v26.2.0

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS0.00121EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 7:23 a.m.6 views

EUVD-2026-42535

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS6AI score0.00121EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.8 views

Juniper Junos OS Vulnerability (JSA110089)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA110089 advisory. - A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to...

6CVSS6AI score0.0019EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/07/07 12:5 p.m.4 views

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpri...

9.6CVSS7.3AI score0.00939EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.6 views

MiracleLinux 9 : opentelemetry-collector-0.144.0-2.el9_8 (AXSA:2026-1213:03)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-1213:03 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go:...

9.1CVSS7AI score0.01557EPSS
Exploits1References9
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.5 views

Disabled and non-configurable TLS certificate validation in n2os-tui when connecting the Remote Collector to a Guardian or CMC, in Remote Collector before v26.2.0

Summary When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. Impact A malicious actor could perform a man-in-the-middle attack and intercept the...

8.3CVSS6AI score0.00121EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/07/03 10:45 p.m.9 views

MAL-2026-6749 Malicious code in ipa-user-collector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5719ec23d0195e518782dbc26a8a05b54fd827d1ec18d41619d163f7175eaa28 The package ships an empty runtime module src/ipausercollector/init.py contains only version but overrides setup.py cmdclass for install, develop, an...

6.5AI score
Exploits0References3
Rows per page
Query Builder