PT-2026-40205

Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description External control of a file name or path allows an authorized attacker to execute arbitrary code over a network, which can affect the system. Recommendations At the moment, there is no...

Microsoft Windows 访问控制错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability related to access control in Microsoft Windows. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windo...

PT-2026-40267

A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to improper access control via...

PT-2026-39942

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

PT-2026-40253

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...

PT-2026-40200

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

Microsoft M365 Copilot 访问控制错误漏洞

Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. There is a security access control vulnerability in Microsoft M365 Copilot. Attackers exploit this vulnerability to carry out phishing attacks...

Apple macOS 访问控制错误漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.2 contain an access control error vulnerability. This vulnerability stems from an access issue that could allow...

Microsoft Windows Admin Center 访问控制错误漏洞

Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. Microsoft Windows Admin Center has a vulnerability related to access control. Attackers can exploit this vulnerability to gain...

CVE-2026-32175

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...

Fortinet FortiTokenAndroid 安全漏洞

Fortinet FortiTokenAndroid is a mobile security authentication application developed by Fortinet, Inc. It provides two-factor authentication and dynamic password generation features. There are security vulnerabilities in all versions of Fortinet FortiTokenAndroid, including 6.2, 6.1, and 5.2. The...

PT-2026-40131

Name of the Vulnerable Software and Affected Versions Windows Rich Text Edit Control affected versions not specified Description A double free issue in the Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally. A double free occurs when a program attempts to...

PT-2026-39985

Affected devices do not properly validate and sanitize Technology Object TO name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...

PT-2026-40142

Name of the Vulnerable Software and Affected Versions Windows Event Logging Service affected versions not specified Description Improper access control in the Windows Event Logging Service allows an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no...

PT-2026-40040

Name of the Vulnerable Software and Affected Versions Ivanti Xtraction versions prior to 2026.2 Description External control of a file name allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory. This can lead to information disclosure and...

Zulip 访问控制错误漏洞

Zulip is a powerful open-source chat application developed by the US company Zulip. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Prior to Zulip 12.0, there was an access control vulnerability. This vulnerability occurred when...

PT-2026-40257

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description Improper access control allows an unauthorized attacker to perform spoofing locally...

PT-2026-40470

Name of the Vulnerable Software and Affected Versions Flowsint versions prior to 1.2.3 Description Broken Access Control allows unauthorized reading of sketch logs from any user. This issue affects an open-source OSINT graph exploration tool used for cybersecurity investigation, transparency, and...

Microsoft Rich Text Edit Control 资源管理错误漏洞

Microsoft Rich Text Edit Control is a rich text editor implemented by Microsoft Corporation. There is a resource management vulnerability in Microsoft Rich Text Edit Control. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are affected:...

Microsoft Windows 访问控制错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability in access control of Microsoft Windows. Attackers can exploit this vulnerability to bypass certain functions. The following products and versions are affected: Windows 10...