PT-2026-45565

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

Astra Linux - уязвимость в chromium

In the Managed Devices API of Google Chrome, before version 104.0.5112.79, a remote attacker who convinced a user to enable a specific Enterprise policy could potentially exploit heap corruption through a crafted HTML page...

CVE-2025-13914 Apstra: SSH host key validation vulnerability for managed devices

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

CVE-2025-13914

CVE-2025-13914 concerns Juniper Networks Apstra SSH host key validation, described as a Key Exchange without Entity Authentication vulnerability. The issue enables an unauthenticated attacker to perform a man-in-the-middle attack on SSH connections from Apstra to managed devices, allowing imperso...

CVE-2025-1121

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image...

EUVD-2012-3668

Malware in sbrugna...

EUVD-2020-22050

Malware in sbrugna...

EUVD-2022-34853

Malicious code in bioql PyPI...

EUVD-2024-35543

Malicious code in bioql PyPI...

EUVD-2024-40891

Malicious code in bioql PyPI...

EUVD-2022-41320

Malicious code in bioql PyPI...

EUVD-2024-49089

Malicious code in bioql PyPI...

Vulnerabilities fixed in Fortinet products

Fortinet has fixed vulnerabilities in FortiOS, FortiProxy, FortiPAM, FortiSIEM, FortiWeb and FortiADC. The most serious vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on FortiSIEM using custom CLI commands. Forti indicates that PoC code is available for this...

CVE-2024-26009

An authentication bypass using an alternate path or channel CWE-288 vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS 6.0 all versions, FortiPAM 1.2.0, FortiPAM 1.1.0 through 1.1.2, FortiPAM 1.0.0 through 1.0.3, FortiProxy 7.4.0 through 7.4.2, FortiProx...

CVE-2024-44133

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences...

PT-2025-22348

Name of the Vulnerable Software and Affected Versions Proget MDM affected versions not specified Description The issue concerns a privilege escalation in Proget MDM, where a low-privileged user can retrieve passwords for managed devices. This allows the user to access functionalities restricted b...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from a low-privileged user being able to retrieve passwords for managed devices and utilize MDM-restricted features...

Arista Networks CloudVision Portal 安全漏洞

Arista Networks CloudVision Portal is a suite of web-based user management portals for the CloudVision platform from Arista Networks, USA. The product includes features such as network device configuration, compliance management, change management, and network monitoring management. A security...

CVE-2025-1121

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image...

CVE-2022-38757

A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions e.g., install a bundle on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone bu...