CVE-2026-44874

The CVE 2026-44874 affects the web-based management interface of an AOS-10 Gateway. It enables an authenticated remote attacker to access sensitive files on the underlying operating system, leading to disclosure of confidential information and potentially enabling further attacks on the affected ...

PT-2026-35968

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parse uname string remoted op.c. This function processes OS identification data from agents a...

CVE-2026-40062

A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system...

PT-2026-34590

Name of the Vulnerable Software and Affected Versions Ziostation2 versions prior to 2.9.8.8 Description A path traversal issue allows a remote unauthenticated attacker to access sensitive information from the operating system. Recommendations Update to a version newer than 2.9.8.7...

Ziostation2 vulnerable to path traversal

Overview Ziostation2 provided by Ziosoft, Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-40062 Yuta Miura of Five Drive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

VulnCheck KEV: CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this...

CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this...

CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this...

PT-2026-21957

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description Insufficient file system restrictions in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on the underlying...

AWS VDP: AWS Auto Scaling Service Reporting "AWS Internal" for CloudTrail Events Generated from Specific Endpoints

A vulnerability was discovered in the AWS Auto Scaling service, where 6 API endpoints incorrectly reported the user-agent and network information as "AWS Internal" in CloudTrail logs. This allowed the adversary to perform API calls using these endpoints and evade the logging of their IP address a...

EUVD-2008-0985

Malware in sbrugna...

Drive Data Should Be Managed in Partitions

When installing the OS, plan different partitions for OS data and service data based on the scenario. Do not store all data in the same drive or partition. Properly planning drive partitions avoids or reduces the following risks: 1. Log files are too large and use up the space of the service driv...

CVE-2017-8003

EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of t...

Shopify: Unauthorized access to Zookeeper on http://locutus-zk3.ec2.shopify.com:2181

What is Zookeeper? ==================== Zookeeper is a coordination service for distributed applications. It allows common services such as naming, synchronisation, configuration management and group services to be managed by a simple interface and It uses a data model of File System on an...

CVE-2006-0374

Advantage Century Telecommunication ACT P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which 1 might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB...