PT-2026-49474

Name of the Vulnerable Software and Affected Versions Easy Invoice versions prior to 2.1.20 Description An unauthenticated Remote Code Execution RCE flaw allows an attacker to execute arbitrary code on the system without requiring login credentials. Recommendations Update to a version newer than...

PT-2026-49297

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

CVE-2026-36933

The CVE-2026-36933 issue affects Boyleep K11 y108 firmware v2.3.0.11291. A physically proximate attacker can execute arbitrary code via the factory test feature. The impact is described as high for confidentiality, integrity, and availability; the root cause is tied to the factory test feature, w...

CVE-2026-39006

CVE-2026-39006 concerns SNMP4J-Agent 3.8.3 where a remote attacker can execute arbitrary code via the snmp4jCfgStoragePath component. Documented impact is critical (CVSS v3.1: 9.8) with network discovery and no user interaction required; exploitation status is not provided in the supplied sources...

PT-2026-49533

Name of the Vulnerable Software and Affected Versions grpc versions 0.4.0 through 0.9.x Description Deserialization of untrusted data and allocation of resources without limits or throttling allow unauthenticated attackers to crash the BEAM node or achieve remote code execution on the server. The...

ROS-20260615-73-0041

The vulnerability of the yuvensurebuffer function in the RDP client FreeRDP is related to incorrect calculations of the size of the buffer allocated. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted NAL packets...

CVE-2026-50880

An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...

PT-2026-49218

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp...

PT-2026-49220

WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest admin.php with malicious action values to include files from the admin directory a...

PT-2026-49299

Name of the Vulnerable Software and Affected Versions SNMP4J-Agent version 3.8.3 Description A remote attacker can execute arbitrary code through the snmp4jCfgStoragePath component. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

CVE-2026-50869

CVE-2026-50869 relates to Bludit v3.19.0, where the api/plugin.php component is vulnerable to a directory traversal via a crafted request. The CVE entry documents a high-severity issue (CVSS 3.1: 9.8, CRITICAL) with network attack vector, no privileges required, and no user interaction. The affec...

ROS-20260615-73-0006

The vulnerability in freerdp3 is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260615-73-0005

The vulnerability in freerdp is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260615-73-0001

The vulnerability in freerdp is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2026-38329

Bludit CMS is affected pre-3.18.4. The API Plugin's POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails authorization checks and lacks file extension validation, enabling an attacker with a valid API token to upload a PHP script and execute arbitrary code on the server (Remote Code ...

PT-2026-49336

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A heap buffer overflow exists in the librfb RFB/VNC client component of GStreamer. The issue occurs because the rectangle bounds check validates the total area instead of individual...

CVE-2025-56814

A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

PT-2026-49281

Name of the Vulnerable Software and Affected Versions OpenCPN version 5.12.0 Description A code injection issue exists in the wxExecute function, which allows attackers to execute arbitrary code by embedding shell metacharacters. Shell metacharacters are special characters interpreted by the...

CVE-2026-38329

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

PT-2026-49314

Name of the Vulnerable Software and Affected Versions flatnotes version 5.5.4 Description An arbitrary file upload issue exists in the attachment handling component. This allows attackers to execute arbitrary code by uploading a specially crafted HTML or SVG file. Recommendations At the moment,...