PT-2026-50006

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions V15 through V16 Description An issue exists in the Core component of the Oracle Enterprise Command Center Framework. A low privileged attacker with network access via HTTP can compromise the...

PT-2026-50004

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions V15 Oracle Enterprise Command Center Framework versions V16 Description An issue in the Core component of the Oracle Enterprise Command Center Framework allows a low privileged attacker with...

PT-2026-50007

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions V15 through V16 Description An issue in the Core component of the Oracle Enterprise Command Center Framework allows a low privileged attacker with network access via HTTPS to compromise the...

PT-2026-50005

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions V15 through V16 Description An issue in the Core component of the Oracle Enterprise Command Center Framework allows an unauthenticated attacker with network access via HTTPS to compromise the...

PT-2026-50008

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions V15 Oracle Enterprise Command Center Framework versions V16 Description An issue in the Core component of the Oracle Enterprise Command Center Framework allows a low privileged attacker with...

PT-2026-49827

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The device features a webserver that exposes a REST API authenticated via a token on the management network. An authenticated attacker can exploit an OS command...

PT-2026-49822

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

PT-2026-49771

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description An issue in internal and webchat command authentication allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. This enables attackers to send commands on affected...

PT-2026-49783

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An allowlist bypass exists in shell inline-command parsing. A command request using shell inline-command forms can route through a parser case that misses the expected allowlist decision, allowi...

PT-2026-49770

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An argument pattern validation bypass exists in the exec allowlist on Linux and macOS systems. When tools.exec.security is set to allowlist, the system skips argPattern checks and treats a...

PT-2026-49767

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description A control scope enforcement bypass exists in the focus command. This allows authenticated callers to execute the command without proper authorization checks, enabling them to change the focus...

PT-2026-50002

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions V15 through V16 Description A flaw in the Core component of the Oracle Enterprise Command Center Framework allows a low privileged attacker with network access via HTTP to compromise the...

PT-2026-50084

Name of the Vulnerable Software and Affected Versions TL-WR940N version v6 Description An authenticated OS command injection exists in the BigPond Cable BPA WAN configuration module due to improper sanitization of user input. An attacker with administrative access can exploit this flaw to execute...

PT-2026-50083

Name of the Vulnerable Software and Affected Versions TL-WR940N version 6 Description An authenticated OS command injection exists in the IPv6 PPPoE configuration handler due to improper sanitization of user input. An attacker with administrative access can exploit this to execute arbitrary syste...

PT-2026-49778

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description The macOS Swift exec feature contains an allowlist bypass. The issue occurs because the system fails to account for combined POSIX inline-command flags, which are shorthand ways of grouping...

CVE-2026-12161

CVE-2026-12161 affects Devolutions Remote Desktop Manager 2026.2.7. The flaw is in the SSH Elevate Shell feature, where improper input validation allows an authenticated user (with permission to create/modify a shared SSH entry) to run arbitrary commands on a remote SSH host using stored elevatio...

CVE-2026-48723

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...

Important: Red Hat Security Advisory: Kiali 2.4.18 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.18 for Red Hat OpenShift Service Mesh 3.0 is now available. An update is now available for Red Hat OpenShift Service Mesh 3.0. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Moderate. A Commo...

EUVD-2026-37017

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...

CVE-2026-48723

BrowserStack Cypress CLI prior to 1.36.4 is vulnerable to OS command injection via the cypress_config_file parameter in readCypressConfigUtil.js (loadJsFile()), which builds a shell command by interpolating cypress_config_filepath into a template literal and runs it with child_process.execSync()....