Stable Channel Update for ChromeOS / ChromeOS Flex

The ChromeOS Stable channel is being updated to OS version 16503.60.0 Browser version 144.0.7559.108 for most ChromeOS devices. If you find new issues, please let us know one of the following ways: 1. File a bug 2. Visit our ChromeOS communities 1. General: Chromebook Help Community 2. Beta...

Privilege escalation via bind command in Brocade Fabric OS (CVE-2025-58383)

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands...

PT-2026-4991

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

Multiple Linux Security Updates applied to Brocade Fabric OS 10.0

Multiple Linux Security Updates applied to Brocade Fabric OS 10.0.0. While the Brocade Fabric OS is not affected by any of these public vulnerabilities, security updates have been applied as part of a proactive security practice CVE-2024-26596 Brocade Fabric OS before 10.0.0 not affected VEX...

Improper Control of Dynamically-Managed Code Resources

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources due to the unsafe usage of the .call with globalPromise.prototype.then callbac...

CVE-2026-1428

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...

CVE-2026-1428

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...

CVE-2026-1427

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...

CVE-2026-1428

CVE-2026-1428 concerns WellChoose’s Single Sign-On Portal System. The connected documents describe an OS Command Injection vulnerability that allows authenticated remote attackers to inject arbitrary OS commands and execute them on the server. The advisories do not publicly provide exact affected...

EUVD-2026-4707

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...

CVE-2026-1427

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...

macOS Mavericks 10.9 Local Privilege Escalation Tooling

This is not an exploit but rather a theoretical ROP chain construction framework for macOS Mavericks 10.9 that is inspired by older research...

WellChoose Single Sign-On Portal System: Operating System Command Injection Vulnerability

WellChoose Single Sign-On Portal System is a single-sign-on portal system developed by WellChoose in Taiwan, China. The WellChoose Single Sign-On Portal System has a vulnerability related to operating system command injection. This vulnerability stems from the presence of OS command injection,...

Apple Security Update: iOS 26.2.1 and iPadOS 26.2.1

Apple recommends to install security update iOS 26.2.1 and iPadOS 26.2.1 on devices iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later...

GitHub Kanban MCP Server: Operating System Command Injection Vulnerability

GitHub Kanban MCP Server is an application developed by Maki, a personal developer. The GitHub Kanban MCP Server has a vulnerability related to operating system command injection. This vulnerability arises from executing system calls without validating user input when processing the createissue...

CVE-2025-67264

CVE-2025-67264 describes an OS command-injection in the com.sprd.engineermode component on Doogee Note59/Note59 Pro/Note59 Pro+. The vulnerability allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, attributed to incomplete patching of CVE-202...

CVE-2025-67264

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710...

ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability

ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for user input strings in the web-based interface, which may lead to...

ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability

ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for user input strings in the web-based interface, which may lead to...

MCP Manager for Claude Desktop: Operating System Command Injection Vulnerability

MCP Manager for Claude Desktop is a context-based protocol management software developed by zue’s individual developers. MCP Manager for Claude Desktop has a vulnerability related to operating system command injection. This vulnerability arises from the lack of validation of the strings provided ...