PT-2026-40388

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in arbitrary code execution in AMD Secure Processor ASP and loss of the SEV-SNP guest's confidentiality and integrity...

PT-2026-40384

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

PT-2026-40386

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

PT-2026-40446

Name of the Vulnerable Software and Affected Versions efw4.X versions prior to 4.08.010 Description The readonly flag in the '' JSP tag is intended to prevent file modifications. When protected=true, the elfinder checkRisk function ensures the client sends readonly=true to match the session value...

PT-2026-40467

Name of the Vulnerable Software and Affected Versions Flowsint versions prior to 1.2.3 Description A remote attacker can create a map node with a malicious label containing arbitrary HTML. When the map tab and a map node marker are selected, the application renders the HTML, which can trigger...

Apple macOS CoreSymbolication Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreSymbolication framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists...

IPI-Proxy: An Intercepting Proxy for Red-Teaming Web-Browsing AI Agents against Indirect Prompt Injection

Web-browsing AI agents are increasingly deployed in enterprise settings under strict whitelists of approved domains, yet adversaries can still influence them by embedding hidden instructions in the HTML pages those domains serve. Existing red-teaming resources fall short of this scenario:...

PT-2026-40389

Name of the Vulnerable Software and Affected Versions Archon OS affected versions not specified Description A flaw in the local API handling allows unauthenticated attackers to perform a web-to-client attack. By inducing a user to visit a malicious website, an attacker can bypass Cross-Origin...

PT-2026-40144

Name of the Vulnerable Software and Affected Versions Windows TCP/IP affected versions not specified Description A heap-based buffer overflow in the tcpip.sys driver allows an authorized low-privilege attacker to perform a local privilege escalation to the kernel level. A heap-based buffer overfl...

Joern 4.0.537

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

PT-2026-40132

Name of the Vulnerable Software and Affected Versions Microsoft Visual Studio/.NET versions prior to 10.0.8 Description A tampering issue occurs when .NET Core improperly handles specially crafted files. An attacker can exploit this by sending a specially crafted file to a vulnerable system,...

PT-2026-40202

Name of the Vulnerable Software and Affected Versions Microsoft Office Word affected versions not specified Description An untrusted pointer dereference allows an unauthorized attacker to execute arbitrary code locally and remotely, affecting the system. A pointer dereference occurs when a progra...

PT-2026-40257

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description Improper access control allows an unauthorized attacker to perform spoofing locally...

Proteus: A Self-Evolving Red Team for Agent Skill Ecosystems

Agent skills extend LLM agents with reusable instructions, tool interfaces, and executable code, and users increasingly install third-party skills from marketplaces, repositories, and community channels. Because a skill exposes both executable behavior and context-setting documentation, its...

PT-2026-40249

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

PT-2026-40134

Name of the Vulnerable Software and Affected Versions Microsoft Teams affected versions not specified Description Files or directories accessible to external parties allow an unauthorized attacker to perform spoofing locally. This issue represents a failure in the trust boundary where identity ca...

PT-2026-40091

Buffer overflow for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

PT-2026-40240

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally...

PT-2026-40137

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

PT-2026-40133

Name of the Vulnerable Software and Affected Versions .NET affected versions not specified Description A heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. A heap-based buffer overflow occurs when an application writes more data to a heap-allocated...