EUVD-2024-55613

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...

CVE-2026-11272

Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

HAX 操作系统命令注入漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX prior to 26.0.0 had a vulnerability related to operating system command injection. This vulnerability stemmed from improper cleanup of input values when constructing shell command strings in the Git.php...

Open XDMoD 操作系统命令注入漏洞

Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions 9.5.0 to 11.0.2 of Open XDMoD contain a vulnerability related to operating system command injection. This vulnerability allows attackers to remotely...

HAX 操作系统命令注入漏洞

HAX is an open-source microsite developed by HAX The Web, managed using PHP as the backend. Versions of HAX prior to 26.0.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from an authenticated file overwrite vulnerability, which could allow...

Termix 操作系统命令注入漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the POST /ssh/tunnel/connect endpoint, which directly inserted the...

D-Link DWR-M920 操作系统命令注入漏洞

The D-Link DWR-M920 is a router produced by D-Link Corporation. Versions of the D-Link DWR-M920 prior to 1.1.50 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the IMEIvalue parameter in the sub412DA0 function found in...

DEBIAN-CVE-2026-11058

Integer overflow in CredentialProvider in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform OS-level privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10944

Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-6846 vulnerabilities

Vulnerabilities for packages: binutils...

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

CVE-2026-47319

Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd...

SUSE CVE-2026-28904

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

SUSE CVE-2026-28958

This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data...

PT-2026-46399

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats path of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

Photon OS 5.0: Python3 PHSA-2026-5.0-0862

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0862. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

PT-2026-46407

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which stems from the fact that the tlssessionstore and tlssessionrestore functions in the TLS socket connection path do not validate the addrlen value. This leads t...

Photon OS 5.0: Rsync PHSA-2026-5.0-0861

An update of the rsync package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0861. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Critical Photon OS Security Update - PHSA-2026-5.0-0864

Updates of 'linux', 'linux-esx' packages of Photon OS have been released...