systeminformation 操作系统命令注入漏洞

SystemInformation is a NPM software library developed by Sebastian Hildebrandt, which allows access to operating system information. Versions of SystemInformation from 4.17.0 to 5.31.5 contain a vulnerability related to operating system command injection. This vulnerability arises on Linux when t...

RHEL 9 : glibc (RHSA-2026:20597)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20597 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name...

Linux Distros Unpatched Vulnerability : CVE-2026-41074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. A...

Linux Distros Unpatched Vulnerability : CVE-2026-45835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb. CVE-2026-458...

CVE-2026-46100

fs: afs: revert mmapprepare change...

Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1744)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1744 advisory. crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...

PT-2026-43455

Summary The IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core do not enforce the required SystemPrivilege.ControlAccess check. As a result, any authenticated user even those with low or no privileges can enumerate all user accounts in the system, including their...

CVE-2026-45852

RDMA/rxe: Fix double free in rxesrqfrominit...

CVE-2026-45971

bpf: Limit bpf program signature size...

CVE-2026-45985

ext4: dont set EXT4GETBLOCKSCONVERT when splitting before submitting I/O...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ext4 file system failing to discard expired interval caches when splitting intervals. This...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the gfs2 module failing to remove quota data objects from the LRU list in the qdput function. Thi...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of boundary checks in the LoongArch system call scheduling table, potentially leading to...

Linux Distros Unpatched Vulnerability : CVE-2026-48695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in...

RHEL 9 : cockpit (RHSA-2026:21394)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21394 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

PT-2026-43435

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel list.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...

Linux Distros Unpatched Vulnerability : CVE-2026-46727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improperly skipping the manager when there is only one idle state, potentially leading to system...

CVE-2026-45865

mctp i2c: initialise event handler read bytes...

PT-2026-43613

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...