[SECURITY] Fedora 43 Update: node-exporter-1.10.2-3.fc43

Prometheus exporter for hardware and OS metrics exposed by NIX kernels, writ ten in Go with pluggable metric collectors...

Photon OS 5.0: Expat PHSA-2026-5.0-0756

An update of the expat package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0756. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the function sub4211C8 in the file/goform/setfiltering, which may le...

CVE-2026-2188 UTT 进取 521G formPdbUpConfig sub_446B18 os command injection

A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-2184 Great Developers Certificate Generation System csv.php os command injection

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

CVE-2026-2155

The CVE-2026-2155 entry concerns D-Link DIR-823X (version 250416) and the Configuration Handler’s /goform/set_dmz component. The flaw resides in function sub_4208A0, where manipulating the arguments dmz_host/dmz_enable enables operating system command injection. This allows remote execution of co...

CVE-2026-2143

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/setddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is...

CVE-2026-2131 XixianLiang HarmonyOS-mcp-server input_text os command injection

A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function inputtext. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used...

CVE-2026-2120

CVE-2026-2120 affects D-Link DIR-823X 250416. The issue is an OS command injection in the Configuration Parameter Handler, triggered by manipulating arguments in /goform/set_server_settings (terminal_addr, server_ip, server_port). The attack can be remote and publicly available exploits exist. Af...

CVE-2026-2120 D-Link DIR-823X Configuration Parameter set_server_settings os command injection

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability arises from incorrect operations on the parameters interface/destip/netmask/gateway/metric in the...

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the function sub420688 within the file/goform/setqos, which may lead...

PT-2026-6988

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A security issue exists in D-Link DIR-823X version 250416. The sub 4175CC function within the /goform/set static route table file is susceptible to OS command injection. Manipulation of the interface,...

UTT 521G 操作系统命令注入漏洞

UTT 521G is a router produced by the Chinese company Aite UTT. The version UTT 521G 3.1.1-190816 contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of the parameter policyNames in the function sub446B18 within the...

CVE-2026-1731 Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

BeyondTrust Remote Support RS and certain older versions of Privileged Remote Access PRA contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the...

EUVD-2025-206884

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a...

CVE-2025-69212 OpenSTAManager has an OS Command Injection in P7M File Processing

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a...

OpenSTAManager has an OS Command Injection in P7M File Processing

Summary A critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server. Vulnerable Code File:...

CVE-2026-1769

Xerox CentreWare Web on Windows is affected by a Stored XSS in CentreWare Web versions through 7.0.6. The vulnerability arises from improper neutralization of input during web page generation, allowing malicious scripts to be stored and potentially executed in the context of other users’ sessions...

[SECURITY] Fedora 42 Update: openqa-5^20250711git28a0214-4.fc42

openQA is a testing framework that allows you to test GUI applications on one hand and bootloader and kernel on the other. In both cases, it is difficult to script tests and verify the output. Output can be a popup window or it can be an error in early boot even before init is executed. openQA is...