Lucene search
K

221 matches found

OSV
OSV
added 2026/03/13 5:37 a.m.4 views

MAL-2026-1385 Malicious code in conductor-managed-airflow-environment (npm)

The package exfiltrates system data to remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5f29800aadc2ebe943dd6adcc062837b02d670ffa617e03508fa7d6c7366494 The package conductor-managed-airflow-environment was found to contain malicious code. Source:...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/13 5:37 a.m.7 views

Malicious code in conductor-managed-airflow-environment (npm)

The package exfiltrates system data to remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5f29800aadc2ebe943dd6adcc062837b02d670ffa617e03508fa7d6c7366494 The package conductor-managed-airflow-environment was found to contain malicious code. Source:...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/01/27 9:15 p.m.6 views

CVE-2025-21589

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

9.8CVSS0.01434EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/27 8:32 p.m.2 views

CVE-2025-21589

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

9.8CVSS5.9AI score0.01434EPSS
Exploits0References4Affected Software3
EUVD
EUVD
added 2026/01/27 8:32 p.m.5 views

EUVD-2025-206381

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

9.8CVSS5.9AI score0.01434EPSS
Exploits0References3
CVE
CVE
added 2026/01/27 8:32 p.m.42 views

CVE-2025-21589

CVE-2025-21589 is an API authentication bypass vulnerability in Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Routers. A network-based attacker could bypass authentication and gain administrative control. Affected versions include Session Smart Router: 5.6.7–5....

9.8CVSS6.1AI score0.01434EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/27 8:32 p.m.4 views

CVE-2025-21589 Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentication Bypass vulnerability

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

9.8CVSS5.9AI score0.01434EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/27 8:32 p.m.23 views

CVE-2025-21589 Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentication Bypass vulnerability

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

9.8CVSS0.01434EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.10 views

Several products of Juniper Networks have security vulnerabilities

Juniper Networks Session Smart Conductor is a product of the American company Juniper Networks. Juniper Networks Session Smart Conductor is a centralized management and control platform for wide-area network architectures. Juniper Networks Session Smart Router is a software-based intelligent...

9.8CVSS7.5AI score0.01434EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.6 views

CVE-2025-37173

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected...

7.2CVSS6.7AI score0.00367EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 8:16 p.m.7 views

CVE-2025-37173

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected...

7.2CVSS0.00367EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/13 8:5 p.m.24 views

CVE-2025-37174 Authenticated Arbitrary File Write Vulnerability in AOS 10 and AOS-8 Web-Based Management Interface

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary...

7.2CVSS0.00476EPSS
Exploits0References1
CVE
CVE
added 2026/01/13 8:4 p.m.28 views

CVE-2025-37173

The CVE-2025-37173 issue affects Aruba Networks AOS-8 and AOS-10 Web UI/web-based management interfaces. The root cause is improper input handling, leading to multiple vulnerabilities (arbitrary file deletion, stack overflow, and command injection) that an authenticated attacker with valid creden...

7.2CVSS6.3AI score0.00367EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/01/07 5:19 a.m.6 views

Origin validation error vulnerability in Fujitsu Security Solution AuthConductor Client Basic V2

Overview Fujitsu Security Solution AuthConductor Client Basic V2 provided by Fujitsu Client Computing Limited contains the following vulnerability. Origin validation error CWE-346 - CVE-2026-20893 MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.5CVSS7.8AI score0.00123EPSS
Exploits0References5
OSV
OSV
added 2025/10/24 2:13 a.m.3 views

MAL-2025-48570 Malicious code in mender-conductor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2aa35f37c40538fc027dc3f86e83c914f7285a8968a9811e5bbc8a5fc5b863da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/10/24 2:13 a.m.6 views

Malicious Package

Overview mender-conductor-enterprise is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/24 2:13 a.m.2 views

Malicious Package

Overview mender-conductor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/24 2:13 a.m.3 views

EUVD-2025-35768

Malicious code in mender-conductor npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/24 2:13 a.m.4 views

Malicious code in mender-conductor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2aa35f37c40538fc027dc3f86e83c914f7285a8968a9811e5bbc8a5fc5b863da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/24 2:13 a.m.6 views

Malicious code in mender-conductor-enterprise (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a94fd07c8d4a77f846cebefc65582f689ea864796af0d0cbff8241f82d31a97e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder