389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

Important: Red Hat Security Advisory: 389-ds-base security update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2026-50212

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use-after-free issue exists in the Media component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...

PT-2026-50193

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Web Authentication component. This allows a remote attacker to execute arbitrary code by inducing the user to open a specially crafted HTML page. U...

PT-2026-50198

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description An inappropriate implementation in the WebView component allows a remote attacker to perform privilege escalation by using a crafted HTML page. Recommendations Update Google...

PT-2026-50192

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description A use after free issue in the Passwords component allows a remote attacker to execute arbitrary code when a user accesses a specially crafted HTML page. Use after free is a...

PT-2026-50213

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.155 Description An inappropriate implementation in Views allows a remote attacker who has compromised the renderer process to inject arbitrary scripts or HTML via a crafted HTML page. This...

PT-2026-50189

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in Digital Credentials allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use after free is a condition where a program...

PT-2026-50205

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Tab Strip component. This occurs when a program continues to use a pointer after it has been freed, which can lead to heap corruption a memory...

PT-2026-50202

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description A use after free issue in the Downloads component allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free occurs when an...

PT-2026-50218

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.155 Description A race condition in the Updater allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use of a...

PT-2026-50549

Name of the Vulnerable Software and Affected Versions AWS Bedrock AgentCore Python SDK versions 1.1.3 through 1.6.0 Description Improper neutralization of argument delimiters in the install packages method of the Code Interpreter client allows a remote authenticated user to execute arbitrary...

PT-2026-50362

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Packaged Air Conditione...

CVE-2026-36418

JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing attackers to execute...

PT-2026-50438

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description An issue exists in the ngx http proxy v2 module and ngx http grpc module modules. When the proxy http version is set to 2 or the grpc pass...

Bosch Security Systems IP Cameras Remote Code Execution (CVE-2018-19036)

An issue was discovered in several Bosch IP cameras running firmware 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. This plugin only works with Tenable.ot. Please visit...

PT-2026-50431

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 4.8 Description An unauthenticated attacker with remote access can exploit the inclusion of functionality from an untrusted control sphere, which may lead to information disclosure. Recommendations Upda...

Oracle PeopleSoft Unauthenticated Java Deserialization SSRF / RCE (CVE-2026-35273)

Binary data oraclepeoplesoftssrfcve202635273.nbin...

PT-2026-50607

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description Drupal core contains a gadget chain, which is a sequence of existing code fragments that can be leveraged during the deserialization of untrusted data. While this issue is not directly...

PT-2026-50223

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...