5.4
CVE-2026-23809 - MAC Address Spoofing leads to Inter-BSSID Isolation Bypass Resulting in Traffic Redirection
A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation mayβ¦
5.4
CVE-2026-23808 - Client Isolation Bypass via GTK Manipulation
A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorizβ¦
5.4
CVE-2026-23601 - Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tβ¦
4.4
CVE-2026-22285 - Plaintext Password Storage in Dell Device Management Agent Enables Local Unauthorized Access
Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized Access.
5.3
CVE-2025-59787 - HTTP 5XX Internal Server Errors
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input and potential security or availability impacts.
6
CVE-2025-59786 - Cookies are not Invalidated upon Logout and Password Change
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
5.3
CVE-2025-59785 - API - Insufficient Input Validation
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges.
6.9
CVE-2025-59784 - Log Pollution - Control Characters Not Escaped
2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges.
8.8
CVE-2025-59783 - OS Command Injection over API
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges.
6.8
CVE-2025-62879 - Rancher Backup Operator pod's logs leak S3 tokens
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.