CVE-2026-40461

CVE-2026-40461 affects Anviz CX2 Lite and CX7. The flaw allows unauthenticated POST requests to modify debug settings (e.g., enabling SSH), causing unauthorized state changes that can facilitate later compromise. According to the provided documents, affected components are the devices’ debug/admi...

CVE-2026-40461

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

CVE-2026-32648

Affected products: Anviz CX2 Lite and CX7. The CVE-2026-32648 vulnerability allows unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), aiding reconnaissance against the device. The available sources (NVD/NVD-based entries and ENISA EUVD) confirm the issue bu...

CVE-2026-32648

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...

CVE-2026-32648 Anviz Products Missing Authorization

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...

CVE-2026-32648 Anviz Products Missing Authorization

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...

CVE-2026-31927

CVE-2026-31927 concerns the Anviz CX7 Firmware, where an authenticated CSV upload vulnerability enables path traversal to overwrite arbitrary files (for example, /etc/shadow). This can lead to unauthorized SSH access when combined with debug‑setting changes. The available connected sources confir...

CVE-2026-31927 Anviz CX7 Firmware Relative Path Traversal

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...

CVE-2026-31927

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...

CVE-2026-4659

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative and urlToPath functions, combined with the...

PT-2026-33496

Name of the Vulnerable Software and Affected Versions Anviz CX2 Lite affected versions not specified Anviz CX7 affected versions not specified Description Anviz CX2 Lite and CX7 are susceptible to unauthenticated POST requests that modify debug settings, such as enabling SSH. This allows...

PT-2026-33515

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW TAG formal parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007603)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007603 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreadcap16 The following warning was observed runnin...

PT-2026-33486

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...

PT-2026-33490

CVE-2026-32648 Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnais… https://t.co/9Exm9A5Lee...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007361)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007361 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: add a schedule point in ioaddbuffers Looping 65535 times doing kmalloc calls can trigger...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007418)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007418 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq-dbg pointer in mlx5debugcqremove Prior to this patch in case...

GHSA-95MQ-XWJ4-R47P Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints

Summary An unauthenticated debug endpoint in Dgraph Alpha exposes the full process command line, including the configured admin token from --security "token=...". This does not break token validation logic directly; instead, it discloses the credential and enables unauthorized admin-level access ...

EUVD-2026-23117

Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints...

Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints

Summary An unauthenticated debug endpoint in Dgraph Alpha exposes the full process command line, including the configured admin token from --security "token=...". This does not break token validation logic directly; instead, it discloses the credential and enables unauthorized admin-level access ...