GHSA-92MV-8F8W-WQ52 vulnerabilities

Vulnerabilities for packages: traefik...

aws-mcp-server 操作系统命令注入漏洞

aws-mcp-server is a lightweight service developed by Alexei Ledenev. It enables AI assistants to execute AWS CLI commands through the Model Context Protocol MCP in a secure, containerized environment. aws-mcp-server has an operating system command injection vulnerability, which stems from...

Photon OS 5.0: Linux PHSA-2026-5.0-0806

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0806. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Linux PHSA-2026-5.0-0813

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0813. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EUVD-2026-21595

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

CVE-2026-33092

CVE-2026-33092 affects Acronis True Image OEM (macOS) before build 42571 and Acronis True Image (macOS) before build 42902. It is a local privilege escalation caused by improper handling of environment variables, with CVSSv3.0 vector LOCAL/LOW/PR:L/UI:N and impact on confidentiality, integrity, a...

CVE-2026-33092

Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM macOS before build 42571, Acronis True Image macOS before build 42902...

EUVD-2026-21319

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched...

CVE-2026-6029 Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. Th...

CVE-2026-6027

CVE-2026-6027 affects Totolink A7100RU (firmware 7.4cu.2313_b20191024). The vulnerability is in the CGI Handler’s /cgi-bin/cstecgi.cgi, function setUrlFilterRules, where manipulating the enable argument can trigger an os command injection. The issue is exploitable remotely, and public exploit inf...

CVE-2026-6025

CVE-2026-6025 affects Totolink A7100RU (firmware 7.4cu.2313_b20191024). The vulnerability resides in the CGI handler function setSyslogCfg within /cgi-bin/cstecgi.cgi , where improper handling of the input argument enables OS command injection . The issue can be triggered remotely over the networ...

GHSA-M72M-MHQ2-9P6C vulnerabilities

Vulnerabilities for packages: hadoop-fips...

EUVD-2026-21272

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument laninfo can lead to os command injection. The attack may be performed from...

EUVD-2026-21090

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service DoS. In an EVPN-MPLS...

EUVD-2026-21195

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the device. On MX platform...

EUVD-2026-21205

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon chassisd of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local attacker with low privileges to cause a complete Denial of Service DoS. When a specific 'show chassis'...

EUVD-2026-21095

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

EUVD-2026-21207

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set...

EUVD-2026-21206

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon flowd of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart. Continued receipt and processing of these...