PT-2026-48823

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description An improper input validation issue exists in certain devices running UniFi OS. A malicious actor with network access and low privileges can exploit this to escalate privileges within the...

PT-2026-48969

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.2 Description A local privilege escalation exists in the file transmission protocol. A child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

PT-2026-48938

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11.6.2 Mattermost versions prior to 11.5.5 Mattermost versions prior to 10.11.17 Description Authenticated users with delegated user-management permissions can escalate privileges by altering built-in role...

PT-2026-48816

Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17...

PT-2026-48832

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed for...

PT-2026-48970

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An incorrect authorization issue allows an organization administrator to target site administrator accounts within the same organization using the administrative email functionality. The system...

Xen: x86 Mismatched Mapcache Metadata (XSA-494)

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache. This can result in privilege escalation, Denial of Servi...

Ubuntu 26.04 LTS : Ubuntu Kylin Software Center vulnerability (USN-8424-1)

The remote Ubuntu 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8424-1 advisory. It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue t...

QEMU 8.1.x < 10.0.10 / 10.2.x < 10.2.3 / 11.0.x < 11.0.1 Privilege Escalation

The version of QEMU installed on the remote Windows host is affected by a privilege escalation vulnerability: - An integer overflow exists in the calcimagehostmem function within the virtio-gpu driver due to the lack of proper validation of user-supplied data before allocating a buffer. A local...

EulerOS Virtualization 2.13.0 : libcap (EulerOS-SA-2026-2402)

According to the versions of the libcap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the...

Security Update for Microsoft .NET Core SDK (June 2026)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by the following vulnerabilities as referenced in the vendor advisory. - Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Not...

Security Update for Microsoft .NET Core (June 2026)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 - Improp...

Debian dla-4626 : libinput-bin - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4626 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4626-1 [email protected]...

Debian dla-4629 : apache2 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4629 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4629-1 [email protected]...

PT-2026-48820

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

PT-2026-49027

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.3 Description A privilege escalation issue exists in the allowFrom feature, which binds to mutable Slack display names. Attackers with access to a Slack account can modify display name metadata to match policy...

Security Updates for Microsoft Dynamics 365 (on-premises) (June 2026)

The Microsoft Dynamics 365 on-premises is missing a security update. It is, therefore, affected by a vulnerability: - Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to elevate privileges over a network. CVE-2026-4037...

EulerOS Virtualization 2.13.1 : libcap (EulerOS-SA-2026-2373)

According to the versions of the libcap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the...

Security Updates for Microsoft Office Products C2R (June 2026)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-44819, CVE-2026-44824, CVE-2026-45461, CVE-2026-45463,...

Xen: x86 HVM I/O Port List Traversal (XSA-491)

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...