CVE-2026-32648

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...

CVE-2026-32648 Anviz Products Missing Authorization

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...

CVE-2026-32648 Anviz Products Missing Authorization

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnaissance against the device...

CVE-2026-31927 Anviz CX7 Firmware Relative Path Traversal

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...

CVE-2026-31927

CVE-2026-31927 concerns the Anviz CX7 Firmware, where an authenticated CSV upload vulnerability enables path traversal to overwrite arbitrary files (for example, /etc/shadow). This can lead to unauthorized SSH access when combined with debug‑setting changes. The available connected sources confir...

CVE-2026-31927

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...

CVE-2026-4659

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative and urlToPath functions, combined with the...

PT-2026-33496

Name of the Vulnerable Software and Affected Versions Anviz CX2 Lite affected versions not specified Anviz CX7 affected versions not specified Description Anviz CX2 Lite and CX7 are susceptible to unauthenticated POST requests that modify debug settings, such as enabling SSH. This allows...

PT-2026-33515

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW TAG formal parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007603)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007603 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreadcap16 The following warning was observed runnin...

PT-2026-33490

CVE-2026-32648 Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details e.g., SSH/RTTY status, assisting attackers in reconnais… https://t.co/9Exm9A5Lee...

PT-2026-33486

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007418)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007418 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq-dbg pointer in mlx5debugcqremove Prior to this patch in case...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007361)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007361 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: add a schedule point in ioaddbuffers Looping 65535 times doing kmalloc calls can trigger...

GHSA-95MQ-XWJ4-R47P Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints

Summary An unauthenticated debug endpoint in Dgraph Alpha exposes the full process command line, including the configured admin token from --security "token=...". This does not break token validation logic directly; instead, it discloses the credential and enables unauthorized admin-level access ...

EUVD-2026-23117

Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints...

Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints

Summary An unauthenticated debug endpoint in Dgraph Alpha exposes the full process command line, including the configured admin token from --security "token=...". This does not break token validation logic directly; instead, it discloses the credential and enables unauthorized admin-level access ...

SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

Exploit for CVE-2026-22679

CVE-2026-22679: Weaver E-cology Unauthenticated RCE via dubboA...

Malicious code in devops-debug-tool-ctf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d30d25ee7c0447913c62771e8ddcec556db40753e2133f73ec7613939b5ca35c The package devops-debug-tool-ctf was found to contain malicious code...