CVE-2026-5054 NoMachine External Control of File Path Local Privilege Escalation Vulnerability

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2026-5054

CVE-2026-5054 – NoMachine Local Privilege Escalation . The issue is in NoMachine’s handling of command line parameters, where user-supplied paths are not properly validated before file operations. This can allow a local attacker who can execute low-privilege code to escalate to root and run arbit...

CVE-2026-5054 NoMachine External Control of File Path Local Privilege Escalation Vulnerability

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

NoMachine 安全漏洞

NoMachine is a remote desktop access tool developed by NoMachine Company in Luxembourg. NoMachine has a security vulnerability, which stems from improper handling of command-line parameters, potentially leading to an increase in local privileges...

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-beta.12), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-beta.12) potentially affected by CVE-2026-40163 via @saltcorn/server (>=1.6.0-alpha.0 <=1.6.0-beta.3)

@saltcorn/server NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.12 Source cves: CVE-2026-40163 Source advisory: SNYK:JS-SALTCORNSERVER-15990855...

CVE-2026-35659 OpenClaw < 2026.3.22 - Unresolved Service Metadata Routing via Bonjour and DNS-SD Discovery

OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious...

[SECURITY] Fedora 42 Update: doctl-1.154.0-1.fc42

The official command line interface for the DigitalOcean API...

[SECURITY] Fedora 43 Update: cockpit-360-1.fc43

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

[SECURITY] Fedora 43 Update: doctl-1.154.0-1.fc43

The official command line interface for the DigitalOcean API...

AlmaLinux 9 : python3.9 (ALSA-2026:6766)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6766 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly from...

PraisonAI 路径遍历漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a path traversal vulnerability. This vulnerability occurred because the recipe CLI did not validate paths when decompressing.praison archives, potentially...

cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

344-2.0.1 - Storage: Enable btrfs support Orabug: 37464632 - Replaced upstream urls in documentation with oracle links Orabug: 36528753 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in cockpit Orabug: 34030494 - Update documentation...

RHEL 9 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7382)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7382 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELin...

CVE-2026-33791 Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set...

CVE-2026-21916 Junos OS: A low privileged user can escalate their privileges so that they can login as root

A UNIX Symbolic Link Symlink Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file lin...

CVE-2026-21916

CVE-2026-21916 is a local privilege-escalation vulnerability in Juniper Networks Junos OS CLI via UNIX Symlink Following. It permits a low-privilege, authenticated attacker to escalate to root after performing a specific file link CLI operation and later when another user commits unrelated config...

RLSA-2026:6766 Important: python3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

Important: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

GHSA-WMMM-F939-6G9C vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, librechat, langfuse, langfuse-fips, kibana, gemini-cli, opensearch-dashboards-fips...