PT-2026-42732

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description Sandbox escape flaws in NodeVM allow unauthenticated remote code execution on the host server. The issue occurs because the dangerous builtin denylist in lib/builtin.js misses process and...

brainfart (>=0.1.0 <=0.3.0), calibrate-agent (>=0.0.1 <=0.0.26) +47 more potentially affected by CVE-2026-44716 via pipecat-ai (>=0.0.90 <=1.1.0)

pipecat-ai PYPI version =0.0.90, =0.1.0, =0.0.1, =0.0.8, =0.1.0, =0.0.18, =0.0.2, =0.0.0, =1.0.0b3, =0.1.2, =0.0.1, =0.0.1, =0.0.4 and more Source cves: CVE-2026-44716 Source advisory: SNYK:PYTHON-PIPECATAI-16700145...

CVE-2026-3160

creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...

CVE-2026-0251

creationtimestamp| type| source ---|---|--- 2026-05-13 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/palo-alto-products-multiple-vulnerabilities20260514 2026-05-13 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1869 2026-05-14 06:51:24+00:00| seen|...

nautobot-ai-ops (>=1.0.0 <=1.0.4), nautobot-bgp-models (>=0.7.0 <=1.0.0) +31 more potentially affected by CVE-2026-44798 via nautobot (>=1.0.3 <=2.4.22)

nautobot PYPI version =1.0.3, =1.0.0, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =2.0.2 and more Source cves: CVE-2026-44798 Source advisory: OSV:GHSA-P3HX-PWF3-J8WR...

CVE-2026-5787

creationtimestamp| type| source ---|---|--- 2026-05-07 07:54:45+00:00| seen| https://ccb.belgium.be/advisories/warning-authenticated-remote-code-execution-vulnerability-ivanti-epmm-exploited-patch 2026-05-07 08:14:00+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus-2026-12...

CVE-2026-7090 code-projects Chat System send_message.php cross site scripting

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +5104 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=6.0.0 <=6.5.1)

org.springframework.security:spring-security-core MAVEN version =6.0.0, =cloud-0.1, =0.5.2, =0.5.0, =0.0.1, =55.v51410e712e0c, =7.0.0, =2.0.0, =1.5.1.RELEASE, =1.0.0, =1.0.0, =1.2.1 and more Source cves: CVE-2026-22746 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKSECURITY-16121176...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-25917 via apache-airflow-core (>=3.0.0 <=3.1.8rc2)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-25917 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16119148...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +16 more potentially affected by CVE-2026-44109 via openclaw (>=0.0.1 <=2026.4.12)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.8 and more Source cves: CVE-2026-44109 Source advisory: OSV:GHSA-XH72-V6V9-MWHC...

Photon OS 5.0: Sudo PHSA-2026-5.0-0815

An update of the sudo package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0815. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

bg.codexio.ai:openai-api-examples (>=0.8.0.BETA <=0.9.0.BETA-JDK17), ch.cern:cerndb-sw-zkpolicy (=1.0.1-21) +305 more potentially affected by CVE-2026-34480 via org.apache.logging.log4j:log4j-core (>=3.0.0-alpha1 <=3.0.0-beta3)

org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-alpha1, =0.8.0.BETA, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 and more Source cves: CVE-2026-34480 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967769...

CVE-2026-40159

creationtimestamp| type| source ---|---|--- 2026-04-10 08:17:13+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-40159 2026-04-10 19:06:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj5zez7qo42w 2026-04-10 19:28:15+00:00|...

CVE-2026-5841

creationtimestamp| type| source ---|---|--- 2026-04-08 20:16:06+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-5841 2026-04-09 07:17:08+00:00| published-proof-of-concept| Telegram/PMg85ruQxGJV3fewnx4iF85fyDu3eKOw9onWzzjaoGbfReM...

CVE-2026-4336

creationtimestamp| type| source ---|---|--- 2026-04-08 20:16:04+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4336 2026-04-19 07:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mjtgsq4crp2l...

ai.chronon:online_2.13 (>=0.0.25 <=revert-391-thread-0.0.24), ai.chronon:service_2.13 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +4068 more potentially affected by CVE-2026-35554 via org.apache.kafka:kafka-clients (>=2.8.0 <=3.9.1)

org.apache.kafka:kafka-clients MAVEN version =2.8.0, =0.0.25, =0.0.86, =1.0.6, =1.0.6, =cloud-0.1, =0.2.7, =0.2.7, =3.0.1, =2.8.4-alpha1, =1.0.0, =1.0.0-beta, =0.0.1-alpha1, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-35554 Source advisory: SNYK:JAVA-ORGAPACHEKAFKA-16032179...

PT-2026-30802

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric GENESIS64 versions prior to 10.97.3 Mitsubishi Electric ICONICS Suite versions prior to 10.97.3 Mitsubishi Electric MobileHMI versions prior to 10.97.3 Mitsubishi Electric Hyper Historian versions prior to 10.97.3 Mitsubish...

@budibase/backend-core (>=3.0.0 <=3.2.26), @budibase/bbui (>=3.0.0 <=3.2.26) +6 more potentially affected by CVE-2026-35216 via @budibase/shared-core (>=3.0.0 <=3.2.7)

@budibase/shared-core NPM version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.2.26 Source cves: CVE-2026-35216 Source advisory: SNYK:JS-BUDIBASESHAREDCORE-15917499...

CVE-2026-32852

creationtimestamp| type| source ---|---|--- 2026-03-23 19:16:27+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-32852...

CVE-2026-32850

creationtimestamp| type| source ---|---|--- 2026-03-23 19:16:26+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-32850...