PT-2026-26033

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

Apple Security Advisory 03-17-2026-1

Apple Security Advisory 03-17-2026-1 - Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2 addresses a bypass vulnerability...

VulnCheck KEV: CVE-2025-43520

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause...

CVE-2025-58112

Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...

PT-2026-26066

The "Privileged Helper" component of the Arturia Software Center MacOS does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation...

Important Photon OS Security Update - PHSA-2026-4.0-0979

Updates of 'vim' packages of Photon OS have been released...

Security Bulletin: AIX/VIOS Perl is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

Summary Vulnerabilities in Perl could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4, XMLExternalEntityParserCreate does n...

Security Bulletin: AIX/VIOS Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

Summary Vulnerabilities in Python could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4,...

EUVD-2026-12614

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands...

CVE-2026-32298

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands...

CVE-2026-32298

Technical details (affected product/component/versions/root cause/impact) are not present in the connected documents. The provided Initial Description notes a vulnerability in Angeet ES3 KVM related to cfg.lua sanitation, but no concrete technical specifics are supplied here. Monitor for updates.

AIX Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

IBM SECURITY ADVISORY First Issued: Tue Mar 17 15:18:12 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory18.asc Security Bulletin: AIX Python is vulnerable to a null pointer dereference CVE-2026-24515 and an intege...

Photon OS 5.0: Curl PHSA-2026-5.0-0785

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0785. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

PT-2026-25954

CVE-2026-3856 IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integ… https://t.co/3y33wLJj0n...

EUVD-2026-12333

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege...

GHSA-XCH3-2F9X-WH9F MLflow has a command injection in mlflow/sagemaker/__init__.py

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

CVE-2026-4170

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...

CVE-2026-31386

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege...

CVE-2026-31386

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege...

CVE-2026-31386

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege...