Security advisories
Advisory: CVE feed.
Tracking vulnerabilities reported through the VAPT platform with public detail pages, remediation state, and machine-readable identifiers for downstream monitoring.
Session bootstrap token bypass in Nimbus Gateway administrative API
Nimbus Gateway accepted stale bootstrap session material on the administrative API, allowing remote attackers to regain privileged access without re-authentication.
Template renderer command injection in Orbit Mail maintenance jobs
A trusted maintenance workflow in Orbit Mail passed unsanitized template directives to a shell-backed renderer, leading to authenticated remote command execution.
Pre-authenticated directory traversal in Aurora VPN diagnostic export
Aurora VPN exposed a pre-authenticated file disclosure issue in its diagnostic export handler, allowing remote retrieval of arbitrary files from the appliance filesystem.
Agent enrollment token reuse in hybrid automation fleet
A provisioning flaw allowed previously issued enrollment tokens to be replayed during bootstrap, leading to unauthorized agent registration in specific hybrid deployments.
Router management interface exposed to the public internet
Multiple customer edge deployments exposed administrative interfaces without enforced MFA, allowing attackers to pivot into internal management planes.