CVE-2026-2249

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

CVE-2025-59957

An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system. When a device isn't...

CVE-2024-39344

The CVE-2024-39344 issue affects the Docusign API package version 8.142.14 for Salesforce. The Apttus_DocuApi__DocusignAuthentication__mdt object installed from the package stores configuration information and, under default settings, can be accessed to disclose keys. Those disclosed components c...

Code injection

A user with a compromised configuration can start an unsigned binary as a service...

CVE-2018-12331

The CVE-2018-12331 entry concerns ECOS System Management Appliance (SMA) v5.2.68. Affected component: SMA authentication during Easy Enrollment. Root cause: authentication bypass via IP spoofing enabling a man-in-the-middle to access activation codes, passwords, and configurations. Documented imp...