28 matches found
CVE-2026-25620
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
CVE-2026-25624 Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting
An administrative cross-site scripting XSS vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processin...
CVE-2026-25624
CVE-2026-25624 is an administrative cross-site scripting vulnerability in the web UI dashboard layout of Arista Edge Threat Management NGFW. The issue involves unvalidated user-supplied variables echoed back to administrative profiles, enabling XSS when an attacker has administrative UI access. A...
CVE-2026-25624 Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting
An administrative cross-site scripting XSS vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processin...
CVE-2026-25623 Arista Edge Threat Management NGFW UI Arbitrary Command Execution
An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions...
CVE-2026-25622 Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...
EUVD-2026-34907
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...
CVE-2026-25622 Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...
CVE-2026-25621 Arista Edge Threat Management NGFW Reports Application Insecure Input Validation
A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
CVE-2026-25620
The CVE-2026-25620 issue affects Arista Edge Threat Management NGFW (Captive Portal) in version 17.4.0 and earlier. It is a command injection vulnerability within the Captive Portal application framework that can be triggered by actions performed via the NGFW UI, requiring administrative access. ...
CVE-2026-25620
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
EUVD-2026-34903
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
CVE-2026-25620 Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
PT-2026-47046
Name of the Vulnerable Software and Affected Versions Arista Edge Threat Management - Arista Next Generation Firewall NGFW version 17.4.0 Description An infrastructure issue in the Reports application is caused by insecure input validation, which occurs when a program does not properly verify the...
Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞
Arista Edge Threat Management – Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. There are...
Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞
Arista Edge Threat Management – Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. Version...
Security Advisory 0133
Security Advisory 0133 PDF Date: February 3, 2026 Revision | Date | Changes ---|---|--- 1.0 | February 3, 2026 | Initial release Description Several vulnerabilities exist for the Arista Edge Threat Management - Arista NG Firewall NGFW. On affected platforms, an administrative account logged into...
Arista Edge Threat Management - Arista Next Generation Firewall Versions 安全漏洞
Arista Edge Threat Management - Arista Next Generation Firewall Versions is a next-generation firewall from Arista USA. A security vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall Versions, which stems from a Captive Portal that could expose sensitive...
EUVD-2024-25082
Malicious code in bioql PyPI...
PT-2025-3709
Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description A user with administrator privileges is able to retrieve authentication tokens. Recommendations At the moment, there is no information about a newer versi...