CVE-2025-67840

CVE-2025-67840 corresponds to multiple authenticated OS command injection vulnerabilities in Cohesity TranZman 4.0 Build 14614 (TZM_1757588060_SEP2025_FULL.depot). The web API endpoints (including Scheduler and Actions) concatenate user-controlled parameters into system commands, allowing an auth...

CVE-2025-67840

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity formerly Stone Ram TranZman 4.0 Build 14614 through TZM1757588060SEP2025FULL.depot web application API endpoints including Scheduler and Actions pages. The appliance directly concatenates user-controlled parameters...

CVE-2026-21902

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be...

CVE-2026-21902 Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be...

CVE-2026-21902 Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be...

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access...

PT-2026-21964

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved on PTX Series versions prior to 25.4R1-S1-EVO, 25.4R2-EVO, and 26.2R1-EVO Description A critical issue exists in Juniper Networks Junos OS Evolved, specifically within the On-Box Anomaly Detection framework on...

CVE-2025-10010

The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple...

CVE-2025-10010 Integrity Validation Bypass in CryptoPro Secure Disk for BitLocker

The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple...

PT-2026-21741

Name of the Vulnerable Software and Affected Versions CPSD CryptoPro Secure Disk affected versions not specified Description The CPSD CryptoPro Secure Disk application utilizes a small Linux operating system for user authentication prior to BitLocker decryption of the Windows partition. The Linux...

CVE-2026-2035 Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability

Deciso OPNsense diagbackup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. The specific flaw...

NewStart CGSL MAIN 6.06 (SP) : openssh Vulnerability (NS-SA-2026-0002)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has openssh packages installed that are affected by a vulnerability: - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 inclusive may allow arbitrary code execution with root privileges. Successful exploitation has be...

CVE-2026-24834 Kata Container to Guest micro VM privilege escalation

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM...

CVE-2026-23599

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...

PT-2026-20867

Name of the Vulnerable Software and Affected Versions Kata Containers versions prior to 3.27.0 Description Kata Containers is an open source project focused on providing a standard implementation of lightweight Virtual Machines VMs that function like containers. A flaw in Kata with Cloud Hypervis...

CVE-2026-23599

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...

HPE Aruba Networking ClearPass OnGuard Software 安全漏洞

HPE Aruba Networking ClearPass OnGuard Software is a terminal compliance checking component provided by the American company HPE. There is a security vulnerability present in HPE Aruba Networking ClearPass OnGuard Software, which stems from an increase in local privileges. This vulnerability may...

CVE-2026-23599

CVE-2026-23599 describes a local privilege-escalation vulnerability in HPE Aruba Networking ClearPass OnGuard Software for Linux. An attacker with local access could exploit this to achieve arbitrary code execution with root privileges. The CVSS 3.1 data indicates a local attack vector, low attac...

CVE-2026-23599

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...

PT-2026-7669

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...