CVE-2026-24069

CVE-2026-24069 : Kiuwan SAST and Kiuwan Cloud improperly authorize SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Affected: Kiuwan Cloud and Kiuwan SAST on-premise (KOP) prior to version 2.8.2509.4. Root cause: improper enforce...

PT-2026-32731

Name of the Vulnerable Software and Affected Versions Microsoft Windows 10 versions 10.0.14393.0 through 10.0.14393.9059 Description Insufficient UI warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network by misleading users int...

PT-2026-32834

Name of the Vulnerable Software and Affected Versions Windows User Interface Core affected versions not specified Description A use after free issue in Windows User Interface Core allows an authorized attacker to elevate privileges locally. Use after free is a condition where a program continues ...

PT-2026-32773

CVE-2026-27911 Concurrent execution using shared resource with improper synchronization 'race condition' in Windows User Interface Core allows an authorized attacker to elevate pr… https://t.co/1EBHUgkLHF...

Microsoft Windows 竞争条件问题漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are vulnerabilities related to the Microsoft Windows User Interface Core. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are...

PT-2026-32833

CVE-2026-32164 Concurrent execution using shared resource with improper synchronization 'race condition' in Windows User Interface Core allows an authorized attacker to elevate pr… https://t.co/ysmZfg3MT0...

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a resource management vulnerability in the Microsoft Windows User Interface Core. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions a...

KLA90986 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges, cause denial of service, spoof user interface, execute arbitrary code, read local files. Below is a complete...

PT-2026-32832

CVE-2026-32163 Concurrent execution using shared resource with improper synchronization 'race condition' in Windows User Interface Core allows an authorized attacker to elevate pr… https://t.co/NRHk53N5jl...

Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer

Impact Stored cross-site scripting XSS via crafted metric names in the Prometheus web UI: Old React UI + New Mantine UI: When a user hovers over a chart tooltip on the Graph page, metric names containing HTML/JavaScript are injected into innerHTML without escaping, causing arbitrary script...

CVE-2019-25695

A flaw was found in R. This local buffer overflow vulnerability allows a local attacker to execute arbitrary code. By injecting malicious input into the GUI Preferences language field, an attacker can trigger the overflow, leading to the execution of arbitrary commands...

CVE-2026-35565

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

Arbitrary Code Injection

Overview google-adk is an Agent Development Kit Affected versions of this package are vulnerable to Arbitrary Code Injection via the the builder UI on Python OSS, Cloud Run, and GKEdue to missing authentication in the process. An attacker can execute arbitrary code on the server by uploading YAML...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. An out-of-bounds write vulnerability exists in the...

PT-2026-32579

Name of the Vulnerable Software and Affected Versions Prometheus versions 3.0 through 3.5.1 Prometheus versions 3.6.0 through 3.11.1 Description Stored cross-site scripting exists in multiple components of the Prometheus web UI, specifically within the Mantine UI and the old React UI. The issue...

Apache Storm 安全漏洞

Apache Storm is an open-source distributed real-time computing system developed by the Apache Foundation in the United States using the concurrent programming language Clojure. Versions of Apache Storm prior to 2.8.6 contained a security vulnerability. This vulnerability stemmed from the fact tha...

CVE-2025-69627

CVE-2025-69627 : Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free in the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and freed prematurely, after which the freed pointer is still passed into UI and logging helper functions. The freed m...

OPENSUSE-SU-2026:20575-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 147.0.7727.55 boo1261758: CVE-2026-5858: Heap buffer overflow in WebML CVE-2026-5859: Integer overflow in WebML CVE-2026-5860: Use after free in WebRTC CVE-2026-5861: Use after free in V8 CVE-2026-5862: Inappropriate implementation in ...

EUVD-2019-20130

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the...

CVE-2019-25695

R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the...