5.4
CVE-2026-23601 - Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tβ¦
4.4
CVE-2026-22285 - Plaintext Password Storage in Dell Device Management Agent Enables Local Unauthorized Access
Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized Access.
5.3
CVE-2025-59787 - HTTP 5XX Internal Server Errors
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.
6
CVE-2025-59786 - Cookies are not Invalidated upon Logout and Password Change
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
5.3
CVE-2025-59785 - API - Insufficient Input Validation
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges.
6.9
CVE-2025-59784 - Log Pollution - Control Characters Not Escaped
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges.
8.8
CVE-2025-59783 - OS Command Injection over API
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges.
6.8
CVE-2025-62879 - Rancher Backup Operator pod's logs leak S3 tokens
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.
6.5
CVE-2025-12801 - Nfs-utils: rpc.mountd in the nfs-utils privilege escalation
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported β¦
6.3
CVE-2025-40896 - Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive informaβ¦