ROS-20260417-73-0038

Vulnerability in zabbix7.2 is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability may allow an attacker acting remotely to execute arbitrary commands...

ROS-20260417-73-0039

Vulnerability in zabbix7.4 is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability may allow an attacker acting remotely to execute arbitrary commands...

Photon OS 4.0: Squid PHSA-2026-4.0-0996

An update of the squid package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0996. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

In this article 1. Sapphire Sleet’s campaign lifecycle 2. Defending against Sapphire Sleet intrusion activity 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise Executive summary Microsoft Threat Intelligence uncovered a macOS‑focused cyber campaign by the North Kore...

ROOT-OS-DEBIAN-11-CVE-2023-51792 CVE-2023-51792 in rootio-libde265 - Patched by Root

Root has patched CVE-2023-51792 in the rootio-libde265 package for Root:Debian:11. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-0992 CVE-2026-0992 in rootio-libxml2 - Patched by Root

Root has patched CVE-2026-0992 in the rootio-libxml2 package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-0990 CVE-2026-0990 in rootio-libxml2 - Patched by Root

Root has patched CVE-2026-0990 in the rootio-libxml2 package for Root:Debian:13. Multiple fixed versions available...

CVE-2026-3861

LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily...

CVE-2026-3861

LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily...

CVE-2026-3861

Affected software: LINE client for iOS (versions prior to 26.3.0). Vulnerability details: In the in-app browser, opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially making the iOS device temporarily ino...

Exploit for CVE-2026-40176

CVE-2026-40176: Composer Perforce OS Command Injection PoC...

CVE-2026-6349 HGiga｜iSherlock - OS Command Injection

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is an operating system developed by the American company Dell. It provides a horizontally scalable NAS solution through the PowerScale OneFS operating system. Versions of Dell PowerScale OneFS prior to 9.12.0.0 contained security vulnerabilities, which were due to improper...

PT-2026-33270

Name of the Vulnerable Software and Affected Versions LINE client for iOS versions prior to 26.3.0 Description An issue exists in the in-app browser where opening a specially crafted web page can repeatedly trigger OS-level dialogs. This behavior can lead to a denial of service, potentially causi...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials when the nexus.orient.binaryListenerEnabled configuration is set to true. This option is set by default in legacy HA-C mode, but not in standalone deployments, including HA deployments. An attacker can gain...

CVE-2026-40191

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

CVE-2026-33096

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network...

EUVD-2026-22970

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

EUVD-2026-22945

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...