PT-2026-41149

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DbtMCP.call tool in src/dbt mcp/mcp/server.py logs the complete raw arguments dictionary at INFO level on every tool invocation line 67 and again at ERROR level if the cal...

CVE-2026-29206

Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled...

CVE-2026-29206

Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled...

CVE-2026-29206

CVE-2026-29206 affects cPanel & WHM; the sqloptimizer utility script has insufficient SQL query sanitization, enabling SQL injection on behalf of the root user when Slow Query logging is enabled. Affected versions are listed by PTSecurity/PT advisories, and a patch/update is scheduled/distributed...

CVE-2026-29206

Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled...

CVE-2026-29206

Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled...

CVE-2026-28943

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to determine kernel memory layout...

CVE-2026-41495

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

CVE-2026-33834

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally...

Security update for log4j

This update for log4j fixes the following issues: CVE-2026-34477: TLS connections vulnerable to interception due to incomplete hostname verification configuration checks bsc1262050. CVE-2026-34479: silent log event loss due to improper XML escaping in Log4j1XmlLayout bsc1262091. CVE-2026-34480:...

CVE-2026-28923

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox...

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables "persistent and privacy-preserving forensics logging to allow for...

SUSE CVE-2026-43377

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey log the session, signing, encryption, and decryption key bytes. Remo...

PT-2026-40565

Name of the Vulnerable Software and Affected Versions coreActivity: Activity Logging for WordPress versions prior to 3.1 Description The plugin is susceptible to PHP Object Injection, a condition where untrusted data is passed to a deserialization function, potentially allowing the execution of...

Linux Distros Unpatched Vulnerability : CVE-2026-43377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey...

EUVD-2026-29581

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally...

CVE-2026-33834

Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally...

CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability

...

CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability

...

CVE-2026-33834

Technical details are not publicly available in the provided documents. No affected products/versions or remediation specifics are included here. Monitor for updates from official CVE/NVD entries to obtain concrete exploit info, mitigations, and fixes.