FOGProject <= 1.5.10.1673 - Authentication Bypass

FOGProject version 1.5.10.1673 suffers from an authentication bypass vulnerability that allows unauthenticated users to access the management interface without proper authentication. This can lead to unauthorized access to system configuration, host management, and potentially database informatio...

FatPipe WARP/IPVPN/MPVPN - Authorization Bypass

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication. id: CVE-2021-27858 info: name:...

Tattile Camera < 1.181.5 - Default Login

Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...

Progress Kemp LoadMaster - Command Injection

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. id: CVE-2024-1212 info: name: Progress Kemp LoadMaster - Command Injection author: DhiyaneshDK severity: critical description: | Unauthenticated remote...

Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

Cisco VPN Routers - Unauthenticated Arbitrary File Upload

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

CVE-2026-56256

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

EUVD-2026-38743

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

CVE-2026-35019

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

Security Advisory 0143

Security Advisory 0143 PDF Date: June 23, 2026 Revision | Date | Changes ---|---|--- 1.0 | Jun 23, 2026 | Initial release Description All of the CVEs covered in this advisory apply to affected platforms running Arista EOS with the Streaming Telemetry Agent aka TerminAttr enabled. This issue...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘ipmi: fix msg stack when IPMI is disconnected’” This fix reverts to the previous behavior with the commit number c608966f3f9c2dca596967501d00753282b395fc. This patch contains a minor bug that can cause the IPMI driver to...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fixed a memory leak in the WMI firmware stats. The memory allocated for firmware pdev, vdev, and beacon statistics is not released during rmmod. This issue was fixed by calling the ath11kfwstatsfree function before...

CVE-2026-9158

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory use-after-free...

CVE-2026-9158

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory use-after-free...

CVE-2026-9158

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory use-after-free...

CVE-2026-9158

In Eclipse 4diac FORTE, versions 3.0.0 to 3.1.0 are affected by a vulnerability where a specially crafted DELETE command to the management interface can trigger a dangling pointer, allowing subsequent commands to access freed memory (use-after-free). This is the concrete issue described across co...

EUVD-2026-37896

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory use-after-free...

CVE-2026-0272

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface CLI to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access i...

CVE-2026-6444

A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges...

CVE-2026-0272 PAN-OS: Privilege Escalation (PE) Vulnerability in the Command Line Interface (CLI)

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface CLI to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access i...