CVE-2026-8592

The CVE-2026-8592 entry describes an OS Command Injection in the process_string action of the Rapid7 InsightConnect AWK Plugin on Linux, caused by unsafe shell command construction in the processing pipeline. The vulnerability could allow remote attackers to execute arbitrary OS commands via the ...

EUVD-2026-39160

OS Command Injection vulnerability in the processstring action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to unsafe shell command construction in the processing pipeline...

CVE-2026-8664

CVE-2026-8664 affects the Rapid7 InsightConnect Finger Plugin on Linux. The vulnerability is an OS Command Injection caused by insufficient input validation during shell command construction, allowing an authenticated attacker to execute arbitrary OS commands via the user or host parameters. The ...

Chef Automate < 4.13.295 — SQL Injection

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token. id: CVE-2025-8868 info...

CVE-2026-12463

The CVE-2026-12463 entry corresponds to an UXSS vulnerability in Google Chrome on Linux, caused by an inappropriate implementation in Views that allowed a compromised renderer to inject arbitrary scripts/HTML via a crafted HTML page. Affected product is Chrome on Linux, with the issue present pri...

CVE-2025-14098 Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file

Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux...

CVE-2025-7010 Avast antivirus stack overflow when scanning a malformed PDF file

Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, an...

PT-2026-49014

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25021310 AVG Antivirus versions prior to VPS 25021310 Norton Antivirus versions prior to VPS 25021310 Avast One versions prior to VPS 25021310 Avast Business Antivirus versions prior to VPS 25021310...

PT-2026-49010

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25040308 AVG Antivirus versions prior to VPS 25040308 Norton Antivirus versions prior to VPS 25040308 Avast One versions prior to VPS 25040308 Avast Business Antivirus versions prior to VPS 25040308...

Security Bulletin: An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2026-3621).

Summary An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2026-3621. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address this vulnerability. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION:...

Photon OS 4.0: Linux PHSA-2026-4.0-0977

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0977. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2026-0270 Cortex XSOAR: Path Traversal Vulnerability

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle MITM attack, to write arbitrary files to the...

SUSE CVE-2026-11659

Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Palo Alto Networks Prisma Access Agent 安全漏洞

Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. There is a security vulnerability in the Palo Alto Networks Prisma Access Agent for Linux, which stems from an issue related to privilege escalation. This vulnerability may allow...

Microsoft .NET 后置链接漏洞

Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and network transparency. There is a post-release vulnerability in Microsoft .NET. Attackers can exploit...

CVE-2023-29146

CVE-2023-29146 affects Malwarebytes EDR 1.0.11 on Linux. The vulnerability lies in the utility functions that compute a cryptographic hash of data bytes: hashing truncates data if it exceeds 4 GB, causing an unsigned 32-bit wrap-around. This can enable attackers to craft a colliding hash value fo...

CVE-2026-1352

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

DEBIAN-CVE-2026-11282

Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2026-10899

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10891

Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...