CVE-2026-8664 OS Command Injection in Rapid7 InsightConnect Finger Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction...

CVE-2026-9155

The CVE-2026-9155 issue affects the Rapid7 InsightConnect Sed Plugin running on Linux. It is a command-injection vulnerability in the expression parameter, caused by insufficient input validation, enabling authenticated attackers to run arbitrary OS commands on the host. The commonly cited score ...

CVE-2026-9780

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

CVE-2026-8659

CVE-2026-8659 describes an OS command injection in Rapid7 InsightConnect SQLmap Plugin on Linux. An authenticated attacker can execute arbitrary OS commands via api_host or api_port during connection configuration due to insufficient input validation. CVSSv3.1 base score 6.0 (MEDIUM); attack vect...

CVE-2026-37454

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption...

PT-2026-52211

Name of the Vulnerable Software and Affected Versions NSD version 4.14.0 Description NSD contains a memory corruption flaw occurring during the serialization of a zone to disk. The issue stems from improper input validation and bounds checking of the address-family length field within Address...

Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability

Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME contain a server-side request forgery SSRF Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that...

CVE-2026-37453

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSISERVICE2 pipe...

PT-2026-52396

Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Windows versions prior to 2.3 Description An Improper Access Control issue exists where a low privileged attacker with local access could potentially achieve code execution. Improper Access Control occu...

PT-2026-52614

Name of the Vulnerable Software and Affected Versions Flowise versions 3.0.0 through 3.0.7 Description Flowise fails to invalidate existing sessions and session tokens after a user changes their password. This allows an attacker who possesses an active session, such as through a stolen session...

PT-2026-52395

Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Mac versions prior to 2.3 Description A race condition exists, which occurs when a system attempts to perform two or more operations at the same time that both access the same shared resource. A low...

PT-2026-52602

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description PKCS12 MAC verification uses a comparison length controlled by an attacker, which weakens the integrity check on the Message Authentication Code MAC and allows a...

PT-2026-52565

Name of the Vulnerable Software and Affected Versions OHIF affected versions not specified Description The DICOMWebProxy and DICOMJSON data sources, when used with default configurations, fetch an arbitrary URL parameter without proper validation. A global authentication service within the...

PT-2026-52583

Name of the Vulnerable Software and Affected Versions qrscp affected versions not specified Description The C-STORE handler in the qrscp application fails to sanitize specific instances within attacker-supplied DICOM Digital Imaging and Communications in Medicine datasets. These unsanitized value...

PT-2026-52619

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.201 Description A use after free issue exists in the Payments component. This flaw allows a local attacker with physical access to the device to potentially exploit heap corruption, which...

CVE-2026-9774

CVE-2026-9774 affects ATEN Unizon via the updateLicense directory traversal, enabling arbitrary file deletion. The flaw stems from insufficient validation of a user-supplied path used in file operations. The vulnerability is exploitable remotely over network with authentication required; impact i...

CVE-2026-52794 Sentry: Inefficient Regular Expression Complexity in sentry

Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume...

Security Bulletin: IBM Cloud Pak System is vulnerable to HTML injection[CVE-2023-38007].

Summary IBM Cloud Pak System is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Vulnerability was addressed in IBM Cloud Pak System. Vulnerability...

CVE-2026-52798

Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this...

CVE-2026-52931

A flaw was found in the batman-adv tpmeter module of the Linux kernel. A remote attacker could exploit this vulnerability by sending a specially crafted acknowledgment ACK packet to a node configured as a receiver in an ongoing tpmeter session. This could lead to the use of uninitialized sender...