| CVE-2024-27892 |
critical |
9.6 |
9.6 |
|
|
|
21h ago |
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the swi… |
| CVE-2024-27891 |
medium |
5.3 |
5.3 |
|
|
|
21h ago |
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgo… |
| CVE-2024-27890 |
critical |
9.6 |
9.6 |
|
|
|
21h ago |
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the swi… |
| CVE-2023-5502 |
medium |
5.9 |
5.9 |
|
|
|
21h ago |
On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to by… |
| CVE-2026-11322 |
medium |
6.5 |
6.5 |
|
|
|
22h ago |
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the d… |
| CVE-2026-10871 |
high |
7.2 |
7.2 |
|
|
|
22h ago |
A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv… |
| CVE-2024-6858 |
unknown |
— |
— |
|
|
|
22h ago |
In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN. |
| CVE-2026-5066 |
medium |
6.3 |
6.3 |
|
|
|
23h ago |
A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_… |
| CVE-2026-42538 |
medium |
6.3 |
6.3 |
|
|
|
23h ago |
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application ca… |
| CVE-2026-42329 |
medium |
4.7 |
4.7 |
|
|
|
23h ago |
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redir… |
| CVE-2026-10870 |
high |
7.2 |
7.2 |
|
|
|
23h ago |
A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to … |
| CVE-2026-42547 |
medium |
5.4 |
5.4 |
|
|
|
1d ago |
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assi… |
| CVE-2026-42543 |
medium |
4.3 |
4.3 |
|
|
|
1d ago |
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca… |
| CVE-2026-47708 |
unknown |
— |
— |
|
|
|
1d ago |
MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper |
| CVE-2026-42540 |
medium |
4.3 |
4.3 |
|
|
|
1d ago |
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulate… |
| CVE-2026-42539 |
medium |
6.5 |
6.5 |
|
|
|
1d ago |
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required fo… |
