CVE-2026-10521

An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability...

CVE-2026-10521

CVE-2026-10521 describes authenticated high-privilege remote access to a hidden configuration method that allows modification of critical program parameters, potentially leading to total loss of confidentiality, integrity, and availability. Reported metrics indicate high-severity impact (CVSS 3.1...

EUVD-2026-38422

An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability...

CVE-2026-10521 Authenticated unintended access to critical program parameters

An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability...

Malicious code in vectordb-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42695503b90ec4adc30c038c3321d637f05038f841bcc5f463a16b891fe4e3e0 During pip install, a custom buildext step in src/vectordbenginebuild.py runs an obfuscated payload that performs targeted reconnaissance and...

Malicious code in @weirdorg/dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dce94a089c58246a54a1e4496d323c92bb46dac654e1a1403e875292be94b198 Package is a near-verbatim republication of the popular dotenv library same README, API, and file layout under the @weirdorg/dotenv name. The only...

CVE-2026-20732

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59957

An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system. When a device isn't...

CVE-2025-59957

CVE-2025-59957 affects Juniper Networks Junos OS on EX4600 Series and QFX5000 Series switches. Affected versions: all prior to 21.4R3 and 22.2 prior to 22.2R3-S3. The vulnerability is a runtime/Origin Validation Error in an insufficient protected file , allowing an unauthenticated attacker with p...

PT-2025-41402

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 21.4R3 Juniper Networks Junos OS versions 22.2 before 22.2R3-S3 Description An Origin Validation Error exists in a file within Juniper Networks Junos OS on EX4600 Series and QFX5000 Series. An...

CVE-2024-56322

GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4.0 inclusive can allow GoCD admins to abuse a hidden/unused configuration repository pipelines as code feature to allow XML External Entity XXE injection on the GoCD Server which will be executed when GoCD periodically scans...

DEBIAN-CVE-2023-32076

in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...