Important Photon OS Security Update - PHSA-2026-5.0-0756

Updates of 'expat' packages of Photon OS have been released...

EPyT-Flow 代码问题漏洞

EPyT-Flow is an open-source Python package developed by ERC Synergy Grant Water Futures, designed for generating hydraulic and water quality scenario data for water distribution networks. Versions of EPyT-Flow prior to 0.16.1 contained code vulnerabilities. These vulnerabilities stemmed from the...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from a concurrency issue in the graphical module’s reutilization...

Claude Code 操作系统命令注入漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.0.57 contained a vulnerability related to operating system command injection. This vulnerability arose from an inability to properly validate directory changes in conjuncti...

Claude Code 操作系统命令注入漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.0.55 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient validation of commands that utilized the echo...

OpenProject 操作系统命令注入漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.7 and 17.0.3 had a vulnerability related to operating system command injection. This vulnerability stemmed from an arbitrary file writing vulnerability present in the repository modification...

Gogs 操作系统命令注入漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.3 and earlier had an operating system command injection...

Juniper Junos OS Vulnerability (JSA100096)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100096 advisory. - An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high...

Security Bulletin: AIX/VIOS is vulnerable to denial of service and possible code execution due to Perl (WS-2025-0004)

Summary Vulnerability in Perl could allow an attacker to cause a denial of service or possibly execute code WS-2025-0004. AIX uses Perl in various operating system components. Vulnerability Details ID:WS-2025-0004 DESCRIPTION: Fix a class of false positives where input should have been rejected...

CVE-2026-25139

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...

CVE-2025-15312

CVE-2025-15312 describes an improper output sanitization vulnerability in Tanium Appliance (TanOS family) that affects output handling in the affected component. The public records consistently cite “improper output sanitization” as the root cause, with CVSS metrics indicating high impact to conf...

CVE-2025-15312 Tanium addressed an improper output sanitization vulnerability in TanOS.

Tanium addressed an improper output sanitization vulnerability in Tanium Appliance...

OS Command Injection

Apache HTTP Server is vulnerable to OS Command Injection. The vulnerability is due to improper handling of shell-escaped query strings when Server Side Includes SSI with exec cmd="..." are used alongside modcgid, which allows an attacker to inject and execute arbitrary system commands by crafting...

CVE-2025-11730

A post‑authentication command injection vulnerability in the Dynamic DNS DDNS configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50W series firmware versions from V5.35 through V5.41, and...

GHSA-7H2J-956F-4VF2 vulnerabilities

Vulnerabilities for packages: renovate, sqlpad, pulumi, npm, lerna, node-gyp...

Google Android Information Disclosure Vulnerability (CNVD-2026-10641)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that stems from a key-pairing-based logic error that can be exploited by an attacker to obtain sensitive information...

CVE-2025-22873

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...

CVE-2026-25157

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

CVE-2026-25157 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

CVE-2026-25139

RIOT OS (IoT embedded OS) versions 2025.10 and prior are affected by multiple out-of-bounds read vulnerabilities in the 6LoWPAN stack. The received packet is cast into a sixlowpan_sfr_rfrag_t struct and dereferenced without validating that the packet is large enough to contain the struct, allowin...