DesDev DedeCMS 安全漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation in China. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.118 of DesDev DedeCMS contains a securit...

CVE-2026-38615

DedeCMS V5.7.118 is vulnerable to Command Execution in filemanagecontrol.php...

Microsoft Windows Secure Boot 访问控制错误漏洞

Microsoft Windows Secure Boot is a security boot feature provided by the American company Microsoft. There is an access control error vulnerability in Microsoft Windows Secure Boot. Attackers can exploit this vulnerability to bypass certain features. The following products and versions are...

Microsoft PC Manager 访问控制错误漏洞

Microsoft PC Manager is a computer management software developed by Microsoft Corporation. It offers features such as one-click acceleration, system space management, pop-up management, and comprehensive health checks. However, Microsoft PC Manager has an access control vulnerability. Attackers c...

PT-2026-47670

Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

PT-2026-47867

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.118 Description Command execution is possible within the 'file manage control.php' file. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Fortinet FortiPortal 访问控制错误漏洞

Fortinet FortiPortal is a sophisticated and feature-rich managed security analysis and management tool from Fortinet Corporation, part of the FortiGate, FortiWiFi, and FortiAP product lines. It can be used as a virtual machine by MSPs. Vulnerabilities exist in versions 7.4.0 to 7.4.7, 7.2.0 to...

PT-2026-47872

Name of the Vulnerable Software and Affected Versions Microsoft Kinect affected versions not specified Description Improper access control allows an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no information about a newer version that contains a fix...

PT-2026-47810

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via...

dcat-admin 访问控制错误漏洞

dcat-admin is a backend system building tool based on Laravel, developed by Jiang Qinghua. Versions of Dcat-Admin 2.2.3-beta and earlier contain an access control vulnerability. This vulnerability stems from the editorMDUpload function in /admin/dcat-api/editor-md/upload, which allows unlimited...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. Both Huawei EMUI and...

PT-2026-48118

🚨 CVE-2026-49161 Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally. 🎖@cveNotify...

PT-2026-47644

Name of the Vulnerable Software and Affected Versions Spring HATEOAS versions 1.5.0 through 1.5.6 Spring HATEOAS versions 2.3.0 through 2.3.4 Spring HATEOAS versions 2.4.0 through 2.4.1 Spring HATEOAS versions 2.5.0 through 2.5.2 Spring HATEOAS versions 3.0.0 through 3.0.3 Description The interna...

PT-2026-47695

Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

PT-2026-47694

Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-47693

Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-48127

Name of the Vulnerable Software and Affected Versions AMD Secure Processor affected versions not specified Description Improper access control for the register interface in the input-output memory management unit IOMMU allows a privileged attacker, such as a malicious hypervisor, to cause...

PT-2026-48224

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

Toward Secure LLM Agents: Threat Surfaces, Attacks, Defenses, and Evaluation

Large language model LLM agents are rapidly moving from conversational interfaces to software components that plan, invoke tools, maintain memory, and act on external environments. This transition changes the nature of security risk. In agentic settings, failures are no longer limited to unsafe...

PT-2026-48038

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...