CVE-2026-20246

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...

EUVD-2026-37751

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...

CVE-2026-20246

Summary: CVE-2026-20246 affects Cisco Umbrella Virtual Appliance. A vulnerability in the vmadmin CLI allows an authenticated, local attacker with vmadmin privileges to escalate to root by abusing certain commands at the CLI. The root-cause is insufficient validation of user-supplied commands in v...

CVE-2026-53470

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

CVE-2026-53470 Migration-planner: getsourcedownloadurl missing organization check

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

EUVD-2026-36034

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

CVE-2026-53470 Migration-planner: getsourcedownloadurl missing organization check

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

CVE-2026-53470

CVE-2026-53470 affects migration-planner. An authenticated attacker can exploit an improper access control on /api/v1/sources/{id}/image-url to bypass ownership checks and obtain presigned S3 URLs for other users’ Open Virtual Appliance (OVA) images, potentially downloading images containing long...

CVE-2022-34363

Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp...

CVE-2022-34363

Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp...

CVE-2022-34363

Dell Unisphere for PowerMax vApp versions prior to 10.0.0.2 contain an authorization bypass vulnerability in the Unisphere for VMAX application running in the vApp. Affected component is the Unisphere for VMAX service within the vApp, with the root cause described as an authorization bypass. The ...

EUVD-2022-37318

Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp...

Dell Unisphere for PowerMax vApp 授权问题漏洞

Dell Unisphere for PowerMax vApp is a virtualization management solution developed by the American company Dell. Versions of Dell Unisphere for PowerMax vApp prior to 10.0.0.2 had an authorization-related vulnerability. This vulnerability stemmed from an attempt to bypass authorization...

CVE-2026-20199

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...

CVE-2026-20199

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...

CVE-2026-20199

CVE-2026-20199 affects Cisco ThousandEyes Virtual Appliance. The issue stems from insufficient validation in SSL certificate handling, allowing an authenticated, remote attacker (with valid admin credentials) to upload a crafted certificate and execute arbitrary code as root on the underlying OS....

Cisco ThousandEyes Virtual Appliance Authenticated Remote Code Execution Vulnerability

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...

PT-2026-42191

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...

Cisco ThousandEyes Virtual Appliance 注入漏洞

The Cisco ThousandEyes Virtual Appliance is a virtualization network monitoring device developed by Cisco Corporation. It provides network path monitoring and digital experience observability capabilities. The device has an injection vulnerability, which stems from insufficient user input...

EUVD-2026-9948

Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent VMware before build 36943, Acronis Cyber Protect 17 VMware before build 41186...