8.8
CVE-2025-59783 - OS Command Injection over API
API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges.
6.8
CVE-2025-62879 - Rancher Backup Operator pod's logs leak S3 tokens
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.
6.5
CVE-2025-12801 - Nfs-utils: rpc.mountd in the nfs-utils privilege escalation
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported β¦
6.3
CVE-2025-40896 - Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive informaβ¦
2
CVE-2025-40895 - HTML injection in Sensor Map in CMC before 25.6.0
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties to inject HTMβ¦
2.1
CVE-2025-40894 - HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerβ¦
5.3
CVE-2026-3103 - Deletion of passwords via RestApi
A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user to cause data loss.
5.3
CVE-2026-25907 - Overly Restrictive Account Lockout Mechanism Causing Denial of Service in Dell PowerScale OneFS
Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
3.4
CVE-2026-21422 - External Control of System Setting in Dell PowerScale OneFS Enables Protection Mechanism Bypass
Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass.
6.7
CVE-2026-21424 - Unnecessary Privilege Execution Elevates Local User Access in Dell PowerScale OneFS
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.