CVE-2026-47131

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. A remote attacker can exploit this vulnerability by combining specific Buffer function calls and Node.js's ERRINVALIDARGTYPE error. This allows the attacker to obtain the host's TypeError constructor, leading to an...

CVE-2026-6933

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the...

CVE-2026-50255

Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges...

EUVD-2026-37035

Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges...

CVE-2026-50255

CVE-2026-50255 affects Optical Disc Archive Software for Windows (5.5.3 and earlier). The issue is an incorrect default permissions setting that could allow an attacker to execute arbitrary code with SYSTEM privileges. CVSS details indicate local access with high impact to confidentiality, integr...

Updated libsndfile packages fix security vulnerabilities

CVE-2025-52194 A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption a...

EUVD-2026-37033

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the...

CVE-2026-6933 Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the...

CVE-2026-6933

The CVE covers the Premmerce Dev Tools WordPress plugin (versions

SUSE CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal - a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. - can cause kitty to execute...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 — React2Shell Critical pre-authentication Remo...

PT-2026-49716

Name of the Vulnerable Software and Affected Versions galaxy ng affected versions not specified Description A command injection issue exists in the legacy role import API v1 within the do git checkout function. The system interpolates unsanitized git ref names, such as branch or tag names, into...

PT-2026-49612

Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges...

PT-2026-49618

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the...

PT-2026-49817

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-49820

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-49812

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description A memory corruption issue in the Modem component can be triggered during a SIP REFER request. This flaw allows for remote code execution without requiring additional execution privileg...

PT-2026-49807

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-49806

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer overflow in multiple functions within VideoRtpPayloadDecoderNode.cpp can lead to an out-of-bounds write. This issue allows for remote code execution...

PT-2026-49804

In mfc core get dec metadata sei nal of mfc core reg api.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...