CVE-2026-23774

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker...

Ziostation2 vulnerable to path traversal

Overview Ziostation2 provided by Ziosoft, Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-40062 Yuta Miura of Five Drive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

PT-2026-34533

Dell PowerProtect Data Domain with Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker...

Stable Channel Update for ChromeOS / ChromeOS Flex

The ChromeOS Stable channel is being updated to OS version 16610.44.0 Browser version 147.0.7727.115 for most ChromeOS devices. If you find new issues, please let us know one of the following ways: 1. File a bug 2. Visit our ChromeOS communities 1. General: Chromebook Help Community 2. Beta...

CVE-2026-40604

CVE-2026-40604 affects ClearanceKit on macOS, where the opfilter system extension (bundle uk.craigbass.clearancekit.opfilter) can be suspended or signalled by any root process (SIGSTOP/SIGTERM/SIGKILL). While suspended, AUTH Endpoint Security events timeout and default to allow, silently bypassin...

EUVD-2026-24213

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension bundle ID uk.craigbass.clearancekit.opfilter can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any...

OSCP-CVE-exploit-suggester

No d...

Bad Apples: Weaponizing native macOS primitives for movement and execution

As macOS adoption grows among developers and DevOps, it has become a high value target; however, native "living-off-the-land" LOTL techniques for the platform remain significantly under-documented compared to Windows. Adversaries can bypass security controls by repurposing native features like...

EUVD-2026-24054

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...

CVE-2026-5965

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...

PT-2026-33915

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...

(0Day) Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must view a folder containing malicious content. The specific flaw exists within the...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.7)

The version of AOS installed on the remote host is prior to 7.3.1.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.7 advisory. - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raste...

CIQ Extended Support

A CIQ package update service provides extended support and/or OS hardening for the remote host. %NASLMINLEVEL 80900 C Tenable Network Security, Inc. include"compat.inc"; if description scriptid307904; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/04/21";...

CVE-2025-46605

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access...

CVE-2026-24506

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this...

CVE-2026-26942

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contains an Improper Neutralization of Special Elements used in an OS Command 'OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command...

CVE-2026-23774

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker...

CVE-2026-23774

Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.10, LTS2024 7.13.1.0–7.13.1.40 contains an OS command injection vulnerability. A high-privilege attacker with remote access could achieve arbitrary command execution. Affected component: DD OS (OS-level...

CVE-2026-3517

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command...