AIX : Multiple Vulnerabilities (IJ57162)

The version of AIX installed on the remote host is prior to APAR IJ57162. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ57162 advisory. - A flaw was identified in the X.Org X server's X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap...

PT-2026-21285

Name of the Vulnerable Software and Affected Versions PROLiNK PRC2402M versions prior to 2021-06-13 Description The PROLiNK PRC2402M router firmware contains a flaw that allows for arbitrary OS command execution. The issue resides in the live api.cgi script when handling the page=satellite list...

CVE-2021-35402

PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...

Liquid Prompt 操作系统命令注入漏洞

Liquid Prompt is an open-source prompt tool developed by Liquid Prompt. Liquid Prompt has a vulnerability related to operating system command injection. This vulnerability arises from command injection when processing specially crafted branch names, which may lead to code execution...

CVE-2026-26320

OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...

CVE-2025-67304

In Ruckus Network Director RND 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user. In the default configuration, the PostgreSQL service is accessible over the network on TCP port 5432. An attacker can use the hardcoded credentials to authenticate...

CVE-2026-22284

Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution...

OpenClaw 操作系统命令注入漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability that stems from the failure of maintainer/developer scripts/update-clawtributors.ts to properly filter construct command special characters, commands...

SECCN Dingcheng G10 操作系统命令注入漏洞

SECCN Dingcheng G10 is an industrial-grade edge computing gateway developed by SECCN Technology. Version 3.1.0.181203 of SECCN Dingcheng G10 contains a vulnerability related to operating system command injection. This vulnerability arises from incorrect handling of the parameter “User” in the fil...

Photon OS 4.0: Openjdk11 PHSA-2026-4.0-0961

An update of the openjdk11 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0961. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

AIX (IJ57276)

The version of AIX installed on the remote host is prior to APAR IJ57276. It is, therefore, affected by a vulnerability as referenced in the IJ57276 advisory. - A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function...

Photon OS 5.0: Glib PHSA-2026-5.0-0763

An update of the glib package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0763. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Security Bulletin: Multiple vulnerabilities impact AIX/VIOS due to ISC BIND (CVE-2025-40778, CVE-2025-40780, CVE-2025-8677)

Summary Vulnerabilities in ISC BIND could allow an attacker to inject forged data into the cache CVE-2025-40778, predict the source port and query ID that BIND will use CVE-2025-40780, or cause CPU exhaustion CVE-2025-8677. AIX uses ISC BIND as as part of its DNS functions. Vulnerability Details...

CVE-2025-71235

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. 105954.384919 RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 105954.384920 R10:...

Vulnerability in libxml2 (CVE-2025-8732) affects AIX

IBM SECURITY ADVISORY First Issued: Wed Feb 18 08:44:14 CST 2026 |Updated: Fri Mar 13 13:55:04 CDT 2026 |Update: Added iFix information for VIOS 3.1. The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/libxml2advisory10.asc Security Bulleti...

编号撤回

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. This CVE number has been withdrawn...

PT-2026-20540

ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory...

CVE-2026-2629

CVE-2026-2629 affects the jishi node-sonos-http-api, specifically the TTS Provider’s mac-os.js, in the Promise function. The issue is an argument-phrase manipulation that enables os command injection. A remote attacker could initiate the attack. Public exploit details exist, and the project uses ...

CVE-2026-22769

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized...

CVE-2026-22769

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized...