Photon OS 4.0: Sudo PHSA-2026-4.0-1002

An update of the sudo package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1002. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense

On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency CISA issued an update to V1: Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices...

[SECURITY] Fedora 42 Update: libcap-2.73-3.fc42

libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities...

EUVD-2026-25140

A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system...

EUVD-2026-25125

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

CVE-2026-40062

A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system...

CVE-2026-40062

A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system...

CVE-2026-40062

A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system...

elFinder 操作系统命令注入漏洞

ElFinder is an open-source web file manager developed by Studio 42. Versions of ElFinder prior to 2.1.67 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the bg parameter in the resize command being passed into the shell command string witho...

Ziosoft Ziostation 路径遍历漏洞

Ziosoft Ziostation is a imaging processing workstation software developed by Ziosoft Corporation in Japan. It provides three-dimensional visualization of medical images and advanced analysis capabilities. Versions of Ziosoft Ziostation 2.9.8.7 and earlier contained a path traversal vulnerability...

Paperclip 操作系统命令注入漏洞

Paperclip is an AI proxy orchestration tool developed by Paperclip Open Source. Versions prior to Paperclip 2026.416.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the ability to allow proxy updates via adapterConfig, which could lead to...

PT-2026-34590

Name of the Vulnerable Software and Affected Versions Ziostation2 versions prior to 2.9.8.8 Description A path traversal issue allows a remote unauthenticated attacker to access sensitive information from the operating system. Recommendations Update to a version newer than 2.9.8.7...

Critical Photon OS Security Update - PHSA-2026-4.0-1002

Updates of 'protobuf', 'expat', 'sudo', 'openssh', 'nghttp2', 'linux', 'ImageMagick' packages of Photon OS have been released...

CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

GHSA-39Q2-94RC-95CP vulnerabilities

Vulnerabilities for packages: langfuse, opensearch-dashboards, nextcloud-server...

GHSA-355H-QMC2-WPWF vulnerabilities

Vulnerabilities for packages: apache-nifi, akhq, neo4j, apache-pulsar, kafka, solr, jenkins, strimzi-kafka-operator, cloudwatch-exporter...

CVE-2026-28950

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the devi...

CVE-2026-28950

CVE-2026-28950 describes a logging issue in Apple’s Notification Services where copies of notifications marked for deletion could be retained in the device’s storage. The vulnerability is addressed by patches in iOS 18.7.8 and iPadOS 18.7.8, and iOS 26.4.2 and iPadOS 26.4.2. Affected products inc...

CVE-2026-26354

Dell PowerProtect Data Domain with Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker...

CVE-2026-3519

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command...