CVE-2026-25622 Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...

CVE-2026-25622

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...

CVE-2026-25622 Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...

EUVD-2026-9495

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...

CVE-2024-12830

Arista NG Firewall customhandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2024-12830 Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability

Arista NG Firewall customhandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists...

PT-2024-17750 · Arista · Arista Ng Firewall

Name of the Vulnerable Software and Affected Versions: Arista NG Firewall affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this issue. The specific...

(0Day) Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the customhandler method. The issue results from the lack of...

Hades - Go Shellcode Loader That Combines Multiple Evasion Techniques

Hades is a proof of concept loader that combines several evasion technques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRs. Usage The easiest way, is probably building the project on Linux using make. git clone https://github.com/f1zm0/hades && cd hades make The...

Design/Logic Flaw

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 Vaadin 10.0.0 through 10.0.18, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, and 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0....

Apache Struts REST Plugin can potentially allow a DoS attack

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here...