CVE-2025-31951 HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

CVE-2025-31951 HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

CVE-2025-31951

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

MAL-2026-3353 Malicious code in money-badger-open-rpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a9d70a5231934ee14ab33334a3de0db40d5520fb4ef092a5a24cbdffff9751e The package money-badger-open-rpc was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in money-badger-open-rpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a9d70a5231934ee14ab33334a3de0db40d5520fb4ef092a5a24cbdffff9751e The package money-badger-open-rpc was found to contain malicious code. Source: ossf-package-analysis...

Improperly Controlled Modification Of Dynamically-Determined Object Attributes

Apache Camel is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. The vulnerability is due to lack of header filtering when mapping CoAP query parameters to message headers, which allows an attacker to inject malicious headers and execute arbitrary...

openssh security update

An update is available for openssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...

ROS-20260506-73-0042

Vulnerability in flannel due to failure to clean data at the management level. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

RHCOS 4 : OpenShift Container Platform 4.6.55 (RHSA-2022:0565)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0565 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

RockyLinux 8 : openssh (RLSA-2026:13383)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13383 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

Geovision GV-ASWeb 代码注入漏洞

Geovision GV-ASWeb is a web-based software developed by Geovision Corporation. It is used for remote access and configuration of the GV-ASManager’s database. Version 6.2.0 of Geovision GV-ASWeb contains a code injection vulnerability. This vulnerability stems from a remote code execution issue in...

PT-2026-38275

Name of the Vulnerable Software and Affected Versions com.ritense.valtimo:document versions 12.0.0 through 12.31.0 com.ritense.valtimo:case versions 13.0.0 through 13.22.0 com.ritense.valtimo:contract versions 13.4.0 through 13.22.0 Description Valtimo is an open-source business process automatio...

RHCOS 4 : OpenShift Container Platform 4.6.57 (RHSA-2022:1620)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1620 advisory. - haproxy: Denial of service via set-cookie2 header CVE-2022-0711 - workflow-cps: OS command execution through crafted SCM contents...

PT-2026-37444

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

PT-2026-37652

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An...

RHCOS 4 : OpenShift Container Platform 4.8.31 (RHSA-2022:0483)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0483 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the FreemarkerEngine.parse function. An attacker can execute arbitrary commands on the server by injecting malicious template code that leverages unrestricted cla...

CVE-2026-39849

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the dns.interface configuration field in Pi-hole FTL accepted newline characters without validation, allowing an attacker to inject arbitrary directives into the generated...

CVE-2026-39849

Pi-hole FTL before version 6.6.1 is vulnerable to a newline-injection in the dns.interface configuration field. The field accepts newlines without validation, allowing a network-adjacent attacker to inject arbitrary directives into the generated dnsmasq configuration. On systems with no admin pas...

CVE-2026-42238

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...