PT-2026-45375

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description The Log server authorizes JWT tokens against Dag IDs by applying the str.lstrip function to the requested path segment when verifying the sub claim. Because str.lstrip removes any character fr...

Advisory ROSA-SA-2026-3291

software: kernel-5.10 5.10.244 WASP: ROSA-CHROME unaffected versions = kernel-5.10-5.10.244-4 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the...

CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

Siemens Solid Edge

SUMMARY Solid Edge SE2026 before Update 5 is affected by two file parsing vulnerabilities that could be triggered when the application reads specially crafted files in PAR format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a new version...

BIT-GDAL-2026-8088 OSGeo gdal GDapi.c GDfieldinfo out-of-bounds

A weakness has been identified in OSGeo gdal up to 3.13.0. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public a...

PT-2026-38202

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An inappropriate implementation in Cast allows a remote attacker who has compromised the renderer process to bypass navigation restrictions using a crafted HTML page. Recommendations...

PT-2026-38208

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An inappropriate implementation in Media allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, via a crafted HTML...

Fedora 43 : roundcubemail (2026-8ba1a085a9)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-8ba1a085a9 advisory. Version 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the...

PT-2026-40436

Name of the Vulnerable Software and Affected Versions cPanel versions prior to 11.134.0.26 Description Incorrect privilege management and insufficient path filtering in the cpdavd component allow an unauthenticated attacker to read arbitrary files on the server as root. This is achieved through a...

PT-2026-28369

Name of the Vulnerable Software and Affected Versions: Grafana versions 11.6.0 through 11.6.14, 12.0.0 through 12.1.10, 12.2.0 through 12.2.8, 12.3.0 through 12.3.6, and 12.4.0 through 12.4.2. Description: A chained attack involving SQL Expressions and a Grafana Enterprise plugin can lead to remo...

EUVD-2026-8792

MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity...

CVE-2026-24004

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet...

PT-2026-22111

Name of the Vulnerable Software and Affected Versions Audiobookshelf versions prior to 0.12.0-beta Description Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS issue exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application. Th...

PT-2026-20301

Name of the Vulnerable Software and Affected Versions Dell SmartFabric OS10 Software versions prior to 10.5.6.12 Description Dell SmartFabric OS10 Software is affected by an issue related to improper neutralization of special elements used in a command, potentially leading to command execution. A...

PT-2026-20270

Name of the Vulnerable Software and Affected Versions EKA Software Real Estate Script versions through 17022026 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, also known as Cross-Site Scripting XSS. This allows for the execution of maliciou...

PT-2026-20252

Name of the Vulnerable Software and Affected Versions IBM Security QRadar EDR versions 3.12 through 3.12.23 IBM Security ReaQta versions 3.12 through 3.12.23 Description IBM Security QRadar EDR and IBM Security ReaQta utilize cryptographic algorithms that are considered insufficiently strong,...

Advisory ROSA-SA-2026-3194

Software: libtommath 1.1.0 OS: ROSA Virtualization 2.1 unaffected versions = libtommath-1.1.0-4.rv3 affected versions libtommath-1.1.0-4.rv3 CVE-ID: CVE-2023-36328 BDU-ID: 2023-06241 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the libtom function of the libtommath library is related to...

Siemens Polarion

SUMMARY Polarion before V2506 contains a vulnerability that could allow authenticated remote attackers to conduct cross-site scripting attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general...

PT-2026-6889

Name of the Vulnerable Software and Affected Versions Simple Bible Verse via Shortcode plugin for WordPress versions prior to 1.2 Description The Simple Bible Verse via Shortcode plugin for WordPress is susceptible to Stored Cross-Site Scripting through the verse shortcode. Insufficient input...