CVE-2026-34260

Summary of CVE-2026-34260 Affected software: SAP S/4HANA with SAP Enterprise Search for ABAP . Vulnerability: A SQL injection flaw where user-controlled input is directly concatenated into SQL queries and passed to the database without proper validation or sanitization. Impact: If exploited by an...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in the NGAP Message Handler component. An attacker can cause memory corruption by sending specially crafted NGAP messages remotely with low privileges. Remediation Upgrade github.com/omec-project/amf/metrics to version 2.2...

CVE-2026-8346

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

PT-2026-40134

Name of the Vulnerable Software and Affected Versions Microsoft Teams affected versions not specified Description Files or directories accessible to external parties allow an unauthorized attacker to perform spoofing locally. This issue represents a failure in the trust boundary where identity ca...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability, which stemmed from the reuse of UI components after they were released. This vulnerability could allow remote attackers to achieve sandbox escap...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by improper implementations in the Downloads component. This vulnerability could allow attackers to execute UI deception after users insta...

AXIS OS 安全漏洞

AXIS OS is an operating system for edge devices developed by Axis, a Swedish company. There is a security vulnerability in AXIS OS, which stems from insufficient input validation in configuration files. This vulnerability could lead to path traversal attacks and may result in privilege escalation...

CODESYS Modbus TCP Server 安全漏洞

CODESYS Modbus TCP Server is an automation control component developed by the German company CODESYS, which provides capabilities for Modbus TCP communication and data exchange between industrial devices. There is a security vulnerability in the CODESYS Modbus TCP Server, caused by a race conditi...

Intel Slim Bootloader 输入验证错误漏洞

Intel Slim Bootloader is a lightweight security bootloader designed by Intel Corporation for the Intel platform. There is an input validation vulnerability in Intel Slim Bootloader, which stems from an integer overflow issue in the UEFI firmware. This vulnerability may lead to privilege escalatio...

PT-2026-40008

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

PT-2026-40075

Use after free for some Linux kernel driver for the IntelR Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

PT-2026-40212

Integer underflow wrap or wraparound in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

PT-2026-40219

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network...

PT-2026-40202

Name of the Vulnerable Software and Affected Versions Microsoft Office Word affected versions not specified Description An untrusted pointer dereference allows an unauthorized attacker to execute arbitrary code locally and remotely, affecting the system. A pointer dereference occurs when a progra...

PT-2026-40209

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack...

PT-2026-40240

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally...

PT-2026-40249

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

PT-2026-40242

Name of the Vulnerable Software and Affected Versions Microsoft SSO Plugin for Jira & Confluence affected versions not specified Description An incorrect implementation of the authentication algorithm allows an unauthorized attacker to forge login responses and bypass Entra ID. This enables the...

PT-2026-40237

Name of the Vulnerable Software and Affected Versions Microsoft Windows DNS Client affected versions not specified Description A heap-based buffer overflow exists in the Microsoft Windows DNS Client, specifically within the dnsapi.dll component. This issue occurs during the processing of DNS...

PT-2026-40239

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot for Android affected versions not specified Description Improper access control in the intelligent virtual assistant allows an authorized attacker to perform spoofing attacks locally. Spoofing is a technique where a perso...