TeamT5 ThreatSonar Anti-Ransomware 安全漏洞

TeamT5 ThreatSonar Anti-Ransomware is an active and intelligent endpoint detection and response solution provided by TeamT5. TeamT5 ThreatSonar Anti-Ransomware has a security vulnerability, which stems from an OS command injection issue. This vulnerability could allow authenticated remote attacke...

CVE-2026-35153

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command 'argument injection' vulnerability. A high privileged...

CVE-2026-35153

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command 'argument injection' vulnerability. A high privileged...

Dell PowerProtect Data Domain（Dell PowerProtect DD） 安全漏洞

The Dell PowerProtect Data Domain is a data protection storage appliance that is primarily used for enterprise-class backup, archiving, and disaster recovery. An OS command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutrali...

CVE-2026-21915

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell...

CVE-2026-5707 Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

PT-2026-30745

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions 2025.03 through 2025.12.01 Description An issue exists in the virtual desktop session name handling that could allow a remote authenticated actor to execute arbitrary commands as root on the...

CVE-2026-34990

A flaw was found in OpenPrinting CUPS. A local unprivileged user can exploit this vulnerability by coercing the cupsd service to authenticate to an attacker-controlled Internet Printing Protocol IPP service. This allows the user to create a persistent printer queue that can overwrite arbitrary...

CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

CVE-2026-34990

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

CVE-2026-34990

OpenPrinting CUPS (OpenPrinting CUPS) CVE-2026-34990 affects versions 2.4.16 and earlier. A local unprivileged user can coerce cupsd to authenticate to an attacker-controlled localhost IPP service using a reusable Authorization: Local token, enabling /admin/ requests on localhost. By combining CU...

OpenPrinting CUPS 安全漏洞

OpenPrinting CUPS is an open-source printing system developed by OpenPrinting Inc., suitable for Linux® and other Unix®-based operating systems. OpenPrinting CUPS versions 2.4.16 and earlier contain security vulnerabilities. These vulnerabilities stem from the ability of non-privileged local user...

EUVD-2026-17956

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An...

SUSE CVE-2026-32241

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

CVE-2026-34005

In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...

CVE-2026-34005

In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...

CVE-2026-34005

In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...

CVE-2026-34005

The CVE-2026-34005 entry affects Xiongmai/DVR–NVR devices (AHB7008T-MH-V2, NBD7024H-P) with firmware 4.03.R11. It enables root OS command injection via shell metacharacters in the HostName field of an authenticated DVRIP request (TCP 34567) to NetWork.NetCommon, because the system() function is i...

PT-2026-28591

Name of the Vulnerable Software and Affected Versions Xiongmai DVR/NVR devices versions 4.03.R11 Xiongmai AHB7008T-MH-V2 Xiongmai NBD7024H-P Description A root OS command injection can occur through the use of shell metacharacters in the HostName value. This occurs via an authenticated DVRIP...

GHSA-VCHX-5PR6-FFX2 Flannel has cross-node remote code execution via extension backend BackendData injection

Background The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. This backend uses shell commands stored in Kubernetes annotations to configure network connectivity on the node. Note: consumers are only affected by this vulnerabili...