CVE-2024-56462 IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system...

EUVD-2024-55601

IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system...

CVE-2024-56462

IBM QRadar SIEM 7.5.0 to 7.5.0 UP15 Interim Fix 002 contains a vulnerability where a privileged user can upload a malicious backup archive, which could be restored to gain access to the underlying operating system. Affected versions: 7.5.0 through UP15 IF002. Root cause and exact remediation are ...

CVE-2026-45981

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in cssallocsubchannel cssallocsubchannel calls deviceinitialize before setting up the DMA masks. If dmasetcoherentmask or dmasetmask fails, the error path frees the subchannel structure...

CVE-2026-45910

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race condition in QP timer handlers I encontered the following warning: WARNING: drivers/infiniband/sw/rxe/rxetask.c:249 at rxeschedtask+0x1c8/0x238 rdmarxe, CPU0: swapper/0/0 ... libsha1 last unloaded: ip6udptunnel...

CVE-2025-12686

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...

EUVD-2025-209957

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in AdminCenter in Synology BeeStation Manager BSM before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

CVE-2026-45971

bpf: Limit bpf program signature size...

PT-2026-44162

Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...

MB Connect Line mbNET和MB Connect Line mbNET.mini 操作系统命令注入漏洞

MB Connect Line mbNET and MB Connect Line mbNET.mini are both products of the German company MB Connect Line. MB Connect Line mbNET is an industrial router. MB Connect Line mbNET.mini is a remote access router. Both MB Connect Line mbNET and MB Connect Line mbNET.mini have operating system comman...

UFO³ 操作系统命令注入漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Versions of UFO³ prior to v3.0.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the use of ShellReceiver.runshell, which directly...

PT-2026-43685

Name of the Vulnerable Software and Affected Versions IBM QRadar versions 7.5.0 through 7.5.0 UP15 Interim Fix 002 Description A privileged user can upload a malicious backup archive. When this archive is restored, it can be used to gain unauthorized access to the underlying operating system...

CVE-2026-46100

fs: afs: revert mmapprepare change...

Linux Distros Unpatched Vulnerability : CVE-2026-48695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in...

CVE-2026-46044

ipmi:ssif: Clean up kthread on errors...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions of Google Chrome on iOS prior to 148.0.7778.216, there was a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released by iOS, which could allow remote attackers to induce...

CVE-2026-45865

mctp i2c: initialise event handler read bytes...

CVE-2025-43451

CVE-2025-43451: A permissions issue in macOS Tahoe 26 was fixed by removing the vulnerable code. The advisory states that an app may be able to access sensitive user data. The available connected documents corroborate the fix in macOS Tahoe 26 and do not provide additional exploit details or affe...

CVE-2025-46280

CVE-2025-46280 is an out-of-bounds read vulnerability addressed by improved bounds checking, fixed in macOS Tahoe 26 . The issue can allow an app to cause unexpected system termination. Affected software: macOS Tahoe 26. Root cause: insufficient bounds checking leading to an out-of-bounds read. I...