Microsoft Windows GDI 缓冲区错误漏洞

Microsoft Windows GDI is a core underlying standard interface in the Windows operating system developed by Microsoft, responsible for drawing graphical objects on the screen or printer, managing fonts, and processing images. There is a buffer error vulnerability present in Microsoft Windows GDI...

Microsoft Windows Secure Boot 安全漏洞

Microsoft Windows Secure Boot is a security boot feature provided by Microsoft Corporation. There are security vulnerabilities associated with Microsoft Windows Secure Boot. The following products and versions are affected: Windows 11 Version 26H1 for ARM64-based Systems, Windows 11 Version 26H1...

PT-2026-32791

Name of the Vulnerable Software and Affected Versions Windows LUAFV affected versions not specified Description A time-of-check time-of-use toctou race condition occurs in Windows LUAFV. This allows an authorized attacker to elevate privileges locally. A race condition is a situation where the...

Microsoft Windows Ancillary Function Driver for WinSock 资源管理错误漏洞

The Microsoft Windows Ancillary Function Driver for WinSock is a supplementary function driver for Winsock by Microsoft Corporation. There is a resource management vulnerability present in the Microsoft Windows Ancillary Function Driver for WinSock. Attackers can exploit this vulnerability to gai...

Chamilo LMS 操作系统命令注入漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained a vulnerability related to operating system command...

PT-2026-32687

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 4.4.0 through 4.4.8 Description An OS command injection issue exists in the JRPC API of FortiSandbox due to improper neutralization of the pipe symbol | when processing the jid parameter. This flaw allows an unauthenticat...

Microsoft Windows 安全漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are security vulnerabilities in the Microsoft Windows Advanced Rasterization Platform. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and...

SAP Landscape Transformation 代码注入漏洞

SAP Landscape Transformation is a tool developed by SAP, a German company, for system data migration and integration. SAP Landscape Transformation has a code injection vulnerability; this vulnerability stems from vulnerabilities in the RFC-exposed function modules, which may allow for the injecti...

MaxKB 操作系统命令注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from issues with the MCP node, a workflow engine,...

Microsoft Windows TCP/IP 资源管理错误漏洞

Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There is a resource management vulnerability in Microsoft Windows TCP/IP. Attackers can exploit this vulnerability to gain elevated privileges. The following products...

PT-2026-32624

A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read...

Photon OS 5.0: Systemd PHSA-2026-5.0-0819

An update of the systemd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0819. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a resource management vulnerability in Microsoft Windows. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windows...

Microsoft Windows 竞争条件问题漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are vulnerabilities related to the Microsoft Windows User Interface Core. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are...

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There are security vulnerabilities in Microsoft SQL Server. Attackers can exploit these vulnerabilities to execute code...

PT-2026-32555

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...

Podman 操作系统命令注入漏洞

Podman is an open-source engine developed by Podman for developing, managing, and running OCI containers on Linux systems. Versions of Podman 4.8.0 to 5.8.1 contain a vulnerability related to operating system command injection. This vulnerability stems from command injection issues in the HyperV...

Fortinet FortiSandbox 操作系统命令注入漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device developed by the American company Fortinet. This device offers features such as dual sandbox technology, dynamic threat intelligence systems, a real-time control panel, and reporting capabilities. Versions of Fortinet...

Photon OS 5.0: Nginx PHSA-2026-5.0-0811

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0811. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Libtiff PHSA-2026-5.0-0815

An update of the libtiff package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0815. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...