Overview
- Juniper Networks
- Junos OS Evolved
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.25%
KEV
Description
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root.
The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device.
Please note that this service is enabled by default as no specific configuration is required.
This issue affects Junos OS Evolved on PTX Series:
* 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO.
This issue does not affect Junos OS Evolved versions before 25.4R1-EVO.
This issue does not affect Junos OS.
Statistics
- 4 Posts
Last activity: 10 hours ago
Fediverse
CVE-2026-21902 represents a high-impact infrastructure exposure.
Affected platform: Junos OS Evolved on PTX series routers.
Attack vector: Unauthenticated network access.
Privilege level: Root execution.
Service: On-Box Anomaly Detection, enabled by default.
Strategic risk:
• Traffic interception capability
• Policy manipulation
• Controller redirection
• Lateral pivoting
• Long-term foothold persistence
Although no exploitation has been observed, historically, high-performance routing infrastructure is a prime target due to its control-plane visibility and network centrality.
Recommended actions:
– Immediate patch validation
– Control-plane traffic monitoring
– Service exposure review
– Network segmentation validation
– Threat hunting for anomalous routing behavior
Are infrastructure devices integrated into your continuous detection engineering pipeline?
Source: https://www.securityweek.com/juniper-networks-ptx-routers-affected-by-critical-vulnerability/
Engage below.
Follow TechNadu for high-signal vulnerability intelligence.
Repost to strengthen security awareness.
#Infosec #CVE2026 #Juniper #RouterSecurity #CriticalInfrastructure #ThreatModeling #DetectionEngineering #NetworkDefense #ZeroTrustArchitecture #CyberRisk #SecurityOperations #VulnerabilityManagement
Bluesky
Juniper PTX routers affected by critical RCE (CVE-2026-21902).
Unauthenticated attacker.
Root-level execution.
Service enabled by default.
Patched in latest Junos OS Evolved releases.
Router compromise = traffic vantage point + pivot risk...
#Infosec #RouterSecurity #CyberThreats #PatchNow
CVE-2026-21902: Juniper PTX Routers — One Packet to Root (CVSS 9.8) -
Detection: How to Know If You're Exposed
dev.to/deepseax/cve...
Overview
Description
A vulnerability was found in Tenda F453 1.0.0.3. This issue affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
Statistics
- 1 Post
- 1 Interaction
Last activity: 1 hour ago
Fediverse
🚨 CVE-2026-3380: HIGH-severity buffer overflow in Tenda F453 (v1.0.0.3). Remotely exploitable, no auth needed — PoC public. Isolate devices, restrict WAN, monitor for /goform/L7Im traffic. Patch pending. https://radar.offseq.com/threat/cve-2026-3380-buffer-overflow-in-tenda-f453-54481f34 #OffSeq #Vulnerability #Tenda #InfoSec
Overview
Description
Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network and exfiltrate the full response body. By exploiting this vulnerability, an attacker can steal sensitive data from internal services and cloud metadata endpoints. Version 1.2.2 fixes the issue.
Statistics
- 1 Post
- 1 Interaction
Last activity: 5 hours ago
Overview
- evershopcommerce
- evershop
26 Feb 2026
Published
27 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV
Description
EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password" functionality. When specifying a target email address, the API response returns the password reset token. This allows an attacker to take over the associated account. Version 2.1.1 fixes the issue.
Statistics
- 1 Post
- 1 Interaction
Last activity: 10 hours ago
Overview
Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a document ID (`doc_id`) without verifying that the document belongs to the current user’s authorized patient or encounter. An authenticated user can read or modify DICOM viewer state (e.g. annotations, view settings) for any document by enumerating document IDs. Version 8.0.0 fixes the issue.
Statistics
- 1 Post
- 1 Interaction
Last activity: 22 hours ago
Overview
- ImageMagick
- ImageMagick
24 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.04%
KEV
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Statistics
- 1 Post
- 1 Interaction
Last activity: 17 hours ago
Overview
Description
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider signatures by setting `type=admin-signature` and specifying any provider user ID. This could potentially lead to signature forgery on medical documents, legal compliance violations, and fraud. The issue occurs when portal users are allowed to modify provider signatures without proper authorization checks. Version 8.0.0 fixes the issue.
Statistics
- 1 Post
- 1 Interaction
Last activity: 3 hours ago
Overview
Description
Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "[::1]" and "[::]", but IPv4-mapped IPv6 is not covered. When sending a "CreatePermission" or "ChannelBind" request with the "XOR-PEER-ADDRESS" value of "::ffff:127.0.0.1", a successful response is received, even though "127.0.0.0/8" is blocked via "denied-peer-ip". The root cause is that, prior to the updated fix implemented in version 4.9.0, three functions in "src/client/ns_turn_ioaddr.c" do not check "IN6_IS_ADDR_V4MAPPED". "ioa_addr_is_loopback()" checks "127.x.x.x" (AF_INET) and "::1" (AF_INET6), but not "::ffff:127.0.0.1." "ioa_addr_is_zero()" checks "0.0.0.0" and "::", but not "::ffff:0.0.0.0." "addr_less_eq()" used by "ioa_addr_in_range()" for "denied-peer-ip" matching: when the range is AF_INET and the peer is AF_INET6, the comparison returns 0 without extracting the embedded IPv4. Version 4.9.0 contains an updated fix to address the bypass of the fix for CVE-2020-26262.
Statistics
- 1 Post
- 1 Interaction
Last activity: 22 hours ago
Overview
- Red Hat
- Enterprise Linux 9
- OpenSSH
01 Jul 2024
Published
11 Dec 2025
Updated
CVSS
Pending
EPSS
33.18%
KEV
Description
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Statistics
- 2 Posts
Last activity: 18 hours ago
Bluesky
Zero-Day Alert: CVE-2024-6387 Exposes OpenSSH Servers to Unauthenticated RCE – Urgent Patching Required + Video
Introduction: A critical regression vulnerability, designated CVE-2024-6387 and nicknamed "regreSSHion," has resurfaced in OpenSSH's signal handler, reintroducing a flaw originally…
Overview
- OliveTin
- OliveTin
25 Feb 2026
Published
27 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.12%
KEV
Description
OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check (`checkShellArgumentSafety`) blocks several dangerous argument types but not `password`. A user supplying a `password`-typed argument can inject shell metacharacters that execute arbitrary OS commands. A second independent vector allows unauthenticated RCE via webhook-extracted JSON values that skip type safety checks entirely before reaching `sh -c`. When exploiting vector 1, any authenticated user (registration enabled by default, `authType: none` by default) can execute arbitrary OS commands on the OliveTin host with the permissions of the OliveTin process. When exploiting vector 2, an unauthenticated attacker can achieve the same if the instance receives webhooks from external sources, which is a primary OliveTin use case. When an attacker exploits both vectors, this results in unauthenticated RCE on any OliveTin instance using Shell mode with webhook-triggered actions. As of time of publication, a patched version is not available.
Statistics
- 1 Post
Last activity: Last hour