Linux Distros Unpatched Vulnerability : CVE-2026-9992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

ROS-20260529-73-0008

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2026-44465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonit...

PT-2026-44831

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

PT-2026-44820

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...

CVE-2026-39292

Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types...

SUSE SLES15 Security Update : redis7 (SUSE-SU-2026:2097-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2097-1 advisory. This update for redis7 fixes the following issues - CVE-2026-23631: Lua use-after-free via the master-replica synchronization...

Linux Distros Unpatched Vulnerability : CVE-2026-9952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-9963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uninitialized Use in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to...

Linux Distros Unpatched Vulnerability : CVE-2026-9878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution

Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage: https://quickplayground.com Software Link: https://downloads.wordpress.org/plugin/quick-playground.1.3.1.zip Version: \ wp...

📄 Wing FTP Server 8.1.3 Remote Code Execution

Wing FTP Server version 8.1.2 contains a remote code execution vulnerability in the session serialization mechanism. An authenticated administrator can inject arbitrary Lua code through the domain admin mydirectory basefolder field, which gets executed server-side via loadfile. Exploit Title: Win...

PT-2026-45050

Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A server without configuring auth token. 2. The same example binds the server to 0.0.0.0. 3. The example registers a calculateexpression tool...

PT-2026-45033

Impact A Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability CWE-426: Untrusted Search Path & CWE-15...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 RX Host contains an operating system command injection vulnerability. This...

PT-2026-44936

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...

ROS-20260529-73-0007

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.7 contain security vulnerabilities. These vulnerabilities stem from the fact that the scheduling router does not enforce organization/role checks, allowing any authenticated user to create, update,...

PT-2026-44939

Name of the Vulnerable Software and Affected Versions Trilium Notes versions prior to 0.102.2 Description A malicious ZIP archive imported with safe import enabled can lead to remote code execution RCE and cross-site scripting XSS. This occurs by combining a payload note type: code, mime:...

VulnCheck KEV: CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...