OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.1.21 to 2026.2.19 had a vulnerability related to operating system command injection. This vulnerability stemmed from issues with the Windows shell backtracking mechanism implement...

Microsoft Bing 操作系统命令注入漏洞

Microsoft Bing is a web search engine developed by Microsoft Corporation in the United States. Microsoft Bing has a vulnerability related to operating system command injection. This vulnerability stems from issues with command injection in the operating system, which may allow unauthorized...

PT-2026-26364

Microsoft Bing Images Remote Code Execution Vulnerability CVE: CVE-2026-32191 PT-Identifier: PT-2026-26364 Vendor: Microsoft Product: Microsoft Bing Images CVSS: 9.8 Credits: n/a Description: Improper neutralization of special elements used in an os command 'os command injection' in Microsoft Bin...

Photon OS 4.0: Linux PHSA-2026-4.0-0980

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0980. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.22 had a vulnerability related to operating system command injection. This vulnerability stemmed from a bypass of the allowed list in the system.run exec analysis, allowing...

Photon OS 4.0: Binutils PHSA-2026-4.0-0981

An update of the binutils package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0981. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EUVD-2025-208846

Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...

CVE-2026-24062

The CVE-2026-24062 entry describes an issue in the MacOS Privileged Helper of Arturia Software Center where the Privileged Helper does not perform sufficient client code signature validation during XPC connections. This allows an attacker to connect to the helper and execute privileged actions, r...

CVE-2026-24062 Insufficient XPC Client validation leading to local privilege escalation in Arturia Software Center

The "Privileged Helper" component of the Arturia Software Center MacOS does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation...

EUVD-2026-12786

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

CVE-2026-22317 Command Injection Vulnerability in Root CA Certificate Transfer Workflow

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

CVE-2026-22317

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

CVE-2026-22317 Command Injection Vulnerability in Root CA Certificate Transfer Workflow

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 CVSS score: N/A, has been described as a cross-origin issue in WebKit's Navigation API that could be...

EUVD-2026-12724

OpenClaw versions prior to 2026.2.22 in macOS node-host system.run contain an allowlist bypass vulnerability that allows remote attackers to execute non-allowlisted commands by exploiting improper parsing of command substitution tokens. Attackers can craft shell payloads with command substitution...

CVE-2025-58112

Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

Critical Photon OS Security Update - PHSA-2026-5.0-0790

Updates of 'ImageMagick' packages of Photon OS have been released...

glances 操作系统命令注入漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper command splitting when Mustache template variables contained metacharacters,...

Roxy-WI 操作系统命令注入漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.6.3 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the /config/compare///show endpoint, where command...