PT-2026-52474

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0663 Description A Vimscript code injection issue exists in the s:NetrwLocalRmFile function within the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. The probl...

PT-2026-52494

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.5 Description LibreChat is an enhanced ChatGPT clone supporting multiple AI providers. The MCP OAuth implementation fails to validate that the resource parameter from OAuth Protected Resource metadata RFC 9728...

PT-2026-52504

Name of the Vulnerable Software and Affected Versions socat versions 1.8.0.0 through 1.8.1.1 Description A heap-based buffer overflow exists in the SOCKS5 DOMAINNAME reply parser during proxy connection setup. The issue stems from a sign-extension flaw where the domain name length byte is read as...

PT-2026-52422

Name of the Vulnerable Software and Affected Versions MDTF versions prior to 1.3.9 Description An unauthenticated Local File Inclusion LFI issue exists, which allows an attacker to read files from the local file system without requiring authentication. Recommendations Update to a version newer th...

PT-2026-52451

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description In the Nokogiri XML and HTML library for Ruby, the root= method of Nokogiri::XML::Document only validates that the new root is a Nokogiri::XML::Node. This allows a DTD Document Type Definition node...

PT-2026-52434

Name of the Vulnerable Software and Affected Versions EventPrime versions prior to 4.3.4.2 Description PHP Object Injection occurs when an application deserializes untrusted data, allowing an attacker to manipulate the object structure and potentially execute arbitrary code or perform unauthorize...

PT-2026-52410

Name of the Vulnerable Software and Affected Versions Visual Link Preview versions 2.3.1 and earlier Description Subscriber sensitive data exposure occurs in the software, potentially allowing unauthorized access to private information. Recommendations Disable or isolate the software immediately...

PT-2026-52612

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.2.5 Description An unauthenticated arbitrary file upload issue exists when storageType is set to local. This allows attackers to use path traversal—a technique used to access files and directories outside the intend...

PT-2026-52626

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An issue exists in the performance and fault management framework where improper handling of deserialized data leads to SQL Injection. In the 'managers.php' file, the application processes the selecte...

PT-2026-52617

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode within reduce methods. This allows attackers to embed undetected code in pickle files...

PT-2026-52624

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An open redirect issue exists due to the use of a substring check instead of a host check within the str contains$referer, CACTI PATH URL logic. When the login opts variable is set to '1', the auth...

PT-2026-52435

Name of the Vulnerable Software and Affected Versions JS Help Desk versions prior to 3.1.2 Description Low-privileged subscribers can remotely delete critical files due to a path traversal issue. Path traversal is a flaw that allows an attacker to access or manipulate files outside the intended...

PT-2026-52588

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description The PKCS7 decode path fails to respect the caller-supplied output buffer size outputSz. This allows decoded content to be written beyond the boundaries of the provided buffer, leading to a buffer...

Anthropic Claude Code 0.2.54 < 2.1.163 Data Exfiltration (CVE-2026-54316)

The version of Anthropic Claude Code installed on the remote host is 0.2.54 prior to 2.1.163. It is, therefore, affected by a data exfiltration vulnerability. - Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain including...

GitLab 17.11 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-5952)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an...

Dell Wyse Management Suite < 2605 Multiple Vulnerabilities (DSA-2026-247)

The version of Dell Wyse Management Suite installed on the remote host is prior to 2605. It is, therefore, affected by multiple vulnerabilities, including: - Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command...

LangChain < 1.3.9 Path Traversal (CVE-2026-55443)

The version of LangChain installed on the remote host is prior to 1.3.9. It is, therefore, affected by a path traversal vulnerability: - Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root director...

PT-2026-52397

Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Mac versions prior to 2.3 Description An Improper Certificate Validation issue exists where a low privileged attacker with local access could potentially bypass protection mechanisms. Improper Certifica...

PT-2026-52479

Name of the Vulnerable Software and Affected Versions Vim versions 9.2.0320 through 9.2.0678 Description A flaw exists where a crafted undo or swap file can store a virtual-text property with an offset and length that point outside the line's property data. When the software restores or displays...

Oracle WebCenter Portal (June 2026 CSPU)

The 12.2.1.4.0 and 14.1.2.0.0 versions of WebCenter Portal installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Security Framework. Supporte...