PT-2026-48238

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

Progress Software Kemp LoadMaster apiuser Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the apiuser parameter provided to the accessv2 endpoin...

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

FreeBSD -- Multiple vulnerabilities in unbound

Problem Description: Multiple vulnerabilities have been reported in Unbound. Instead of listing detailed writeups for each issue, please see the upstream advisories referenced below. CVE-2026-32792: Packet of death with DNSCrypt CVE-2026-33278: Possible remote code execution during DNSSEC...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Microsoft Office SharePoint 授权问题漏洞

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There are authorization-related vulnerabilities in Microsoft Office SharePoint. Attackers can exploit these vulnerabilities to execute code remotely. The followi...

PT-2026-48121

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

NVIDIA Transformers4Rec Model.load Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NVIDIA Transformers4Rec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2026-48038

Name of the Vulnerable Software and Affected Versions Azure Stack Edge affected versions not specified Description External control of a file name or path allows an unauthorized attacker to execute arbitrary code over a network. Recommendations At the moment, there is no information about a newer...

PT-2026-48011

Name of the Vulnerable Software and Affected Versions Active Directory Domain Services affected versions not specified Description A stack-based buffer overflow allows an authorized attacker to execute arbitrary code over a network, which can affect the system. A stack-based buffer overflow occur...

PT-2026-47804

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to child process.spawn with the shell: true option, allowing shell...

Microsoft Office 安全漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There are security vulnerabilities in Microsoft Office. Attackers can exploit these...

Microsoft Office 安全漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There are security vulnerabilities in Microsoft Office. Attackers can exploit these...

Microsoft Win32k 输入验证错误漏洞

Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows. There is an input validation vulnerability in Microsoft Win32k. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected: Microsoft Excel for Androi...

Microsoft Azure Kubernetes Service 路径遍历漏洞

Microsoft Azure Kubernetes Service is a service provided by Microsoft Corporation for deploying, managing, and scaling containerized applications. Microsoft Azure Kubernetes Service has a path traversal vulnerability. Attackers can exploit this vulnerability to execute code remotely...

NETGEAR 多款产品输入验证错误漏洞

NETGEAR is a router product from the American company NETGEAR. It is a hardware device used to connect two or more networks, acting as a gateway between them. Several NETGEAR products have a vulnerability related to input validation. This vulnerability allows attackers to intercept and tamper wit...

Microsoft Windows NTFS 输入验证错误漏洞

Microsoft Windows NTFS is a file system provided by the American company Microsoft for managing computer files. This file system features error alerts, disk self-repair functions, and logging capabilities. There is an input validation vulnerability in Microsoft Windows NTFS. Attackers can exploit...

📄 Quick Playground for WordPress 1.3.1 Shell Upload

Proof of concept remote shell upload exploit for Quick Playground for WordPress plugin versions 1.3.1 and below. ================================================================================================================================== | Title : Quick Playground for WordPress 1.3.1 —...

Microsoft Windows 数字错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. The Microsoft Windows Performance Monitor has a numerical error vulnerability. Attackers can exploit this vulnerability to execute code. The following products and versions are affected: Windows 1...

Microsoft Windows 输入验证错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability in input validation of Microsoft Windows. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected: Windows 11...