CVE-2026-23647

Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded...

CVE-2026-23647 Glory RBG-100 Recycler System Hard-coded OS Credentials

Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded...

Photon OS 5.0: Linux PHSA-2026-5.0-0763

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0763. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

PT-2026-20346

Name of the Vulnerable Software and Affected Versions jishi node-sonos-http-api versions prior to 3776f0ee2261c924c7b7204de121a38100a08ca7 Description A flaw exists in jishi node-sonos-http-api that could allow for remote execution of operating system commands. The issue is related to the...

Photon OS 5.0: Go PHSA-2026-5.0-0763

An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0763. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid299285...

BIT-POSTGRESQL-2026-2005 PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

CVE-2021-26381

Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption...

EUVD-2026-6119

A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function childprocess.exec of the file run.js. The manipulation results in os command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond...

CVE-2026-2544

CVE-2026-2544 affects yued-fe LuLu UI up to version 3.0.0. The vulnerability lies in the run.js file’s use of child_process.exec, enabling os command injection via remote attack. Multiple sources confirm the issue and remote exploitability, with vendor contact noted but no response. CVSS scores i...

ROOT-OS-DEBIAN-13-CVE-2016-9580 CVE-2016-9580 in rootio-openjpeg2 - Patched by Root

Root has patched CVE-2016-9580 in the rootio-openjpeg2 package for Root:Debian:13. Multiple fixed versions available...

kodbox 操作系统命令注入漏洞

Kodbox is a network file manager developed by Warlee’s individual developer. Versions of Kodbox 1.64.05 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from an improper handling of the localFile parameter in the run function of the Media...

CVE-2026-26011

navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometrymsgs/PoseWithCovarianceStamped message with extreme covariance values to...

CVE-2025-54756

BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all...

CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

CVE-2025-43417

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.2. An app may be able to access user-sensitive data...

CVE-2026-20667

A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox...

CVE-2026-20676

A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management. Mitigation Do not visit untrusted websites. Also, do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require...

CVE-2026-20627

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data...