KB5089271 - Description of the security update for SQL Server 2016 SP3 GDR: May 12, 2026

KB5089271 - Description of the security update for SQL Server 2016 SP3 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...

CVE-2025-40949

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

CVE-2026-8234

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit h...

CVE-2026-31231

Cognee through v0.4.0 suffers a critical remote code execution via the notebook cell execution API endpoint. The endpoint executes user-provided Python code with unsafe exec() and no sandboxing or validation, allowing an attacker to send a crafted POST containing malicious code to achieve arbitra...

PT-2026-40349

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

Microsoft SharePoint 安全漏洞

Microsoft SharePoint is a corporate business collaboration platform developed by Microsoft Corporation in the United States. This platform is used for integrating business information and enabling sharing of work, collaboration with others, organization of projects and teams, as well as searching...

Ivanti Virtual Traffic Manager 操作系统命令注入漏洞

Ivanti Virtual Traffic Manager is a software-based application delivery controller developed by the American company Ivanti. Versions of Ivanti Virtual Traffic Manager prior to 22.9r4 contained an operating system command injection vulnerability. This vulnerability stems from OS command injection...

SPIP 代码注入漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.14 had a code injection vulnerability, which was caused by remote code execution from private spaces, potentially allowing arbitrary code to be executed...

Flowsint 安全漏洞

Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a security vulnerability. This vulnerability stemmed from the ability of malicious node types to escape existing Cypher queries, potentially allowing remote attackers t...

PT-2026-40235

Improper control of generation of code 'code injection' in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network...

SAP Commerce Cloud 安全漏洞

SAP Commerce Cloud is a cloud-based e-commerce platform developed by SAP, a German company. This platform supports sales management, marketing management, order management, and operational management. There is a security vulnerability in SAP Commerce Cloud, which stems from improper configuration...

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

PT-2026-40263

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics 365 on-premises affected versions not specified Description Improper control of code generation in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network. This is a code injection...

DEBIAN-CVE-2026-42046

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write heap overflow by supplying a crafted file in the "caca" format. Depending on the build...

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

CVE-2026-8214

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been ma...

CVE-2026-35157

Dell ECS 3.8.1.0–3.8.1.7 and Dell ObjectScale

PT-2026-39587

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...

Cockpit 操作系统命令注入漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Cockpit has a vulnerability related to operating system command injection. This vulnerability stems from the lack of cleaning of user-controlled parameters in the system log user interface. This allows remote...

Dell ECS和Dell ObjectScale 安全漏洞

Dell ECS and Dell ObjectScale are both products of the American company Dell. Dell ECS is an extensible, manageable, and elastic enterprise-level object storage solution. Dell ObjectScale is an object storage platform. There were security vulnerabilities in versions 3.8.1.0 to 3.8.1.7 of Dell ECS...