Posted by GregD via Fulldisclosure on Mar 12
Hi,
I’m disclosing five vulnerabilities discovered during an authorised
security assessment of the Cohesity TranZman Migration Appliance
(formerly Stone Ram TranZman), Release 4.0 Build 14614.
CVE-2025-67840 – Web API Command Injection (CVSS 7.2 High)
The /api/v1/scheduler/run and /api/v1/actions/run endpoints allow
authenticated administrators to execute arbitrary commands as root by
injecting into POST request parameters. Input is…
– Read More – Full Disclosure
![AttackFeed by Joe Wagner | [IWCC 2026] CfP: 15th International Workshop on Cyber Crime - Linköping, Sweden, Aug 24-27, 2026 - Full Disclosure](https://attackfeed.com/wp-content/uploads/2026/04/fulldisclosure-img-UEfQSI.webp "[IWCC 2026] CfP: 15th International Workshop on Cyber Crime – Linköping, Sweden, Aug 24-27, 2026")
![AttackFeed by Joe Wagner | [SECURITY ADVISORY] CVE-2026-34474 - ZTE H298A/H108N Unauthenticated Admin Credential Exposure - Full Disclosure](https://attackfeed.com/wp-content/uploads/2026/05/fulldisclosure-img-rInpGC.png "[SECURITY ADVISORY] CVE-2026-34474 – ZTE H298A/H108N Unauthenticated Admin Credential Exposure")