PT-2026-48123

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature through a physical attack. This issue is related to access control errors, whi...

PT-2026-40389

Name of the Vulnerable Software and Affected Versions Archon OS affected versions not specified Description A flaw in the local API handling allows unauthenticated attackers to perform a web-to-client attack. By inducing a user to visit a malicious website, an attacker can bypass Cross-Origin...

Proteus: A Self-Evolving Red Team for Agent Skill Ecosystems

Agent skills extend LLM agents with reusable instructions, tool interfaces, and executable code, and users increasingly install third-party skills from marketplaces, repositories, and community channels. Because a skill exposes both executable behavior and context-setting documentation, its...

PT-2026-40132

Name of the Vulnerable Software and Affected Versions Microsoft Visual Studio/.NET versions prior to 10.0.8 Description A tampering issue occurs when .NET Core improperly handles specially crafted files. An attacker can exploit this by sending a specially crafted file to a vulnerable system,...

PT-2026-40091

Buffer overflow for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

ROS-20260512-73-0006

A vulnerability in Incus container management system and virtual machine manager is related to incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

ROS-20260512-73-0028

A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to gain full control over the application...

AMD Device Metrics Exporter (ROCm ecosystem) Vulnerability

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2026-0481| Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially...

PT-2026-40144

Name of the Vulnerable Software and Affected Versions Windows TCP/IP affected versions not specified Description A heap-based buffer overflow in the tcpip.sys driver allows an authorized low-privilege attacker to perform a local privilege escalation to the kernel level. A heap-based buffer overfl...

Joern 4.0.537

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

PT-2026-40387

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...

Intel® NPU Driver Advisory

Summary: Potential security vulnerabilities for some Intel® NPU Drivers may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2026-20754 Description: Improper conditions check in...

PT-2026-40257

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description Improper access control allows an unauthorized attacker to perform spoofing locally...

PT-2026-40133

Name of the Vulnerable Software and Affected Versions .NET affected versions not specified Description A heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. A heap-based buffer overflow occurs when an application writes more data to a heap-allocated...

CVE-2026-43901

Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's...

CVE-2026-43874

WWBN AVideo is an open source video platform. In versions up to and including 29.0, the server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink from CVE-2026-40911 only strips the payload when it sits under $json'msg', but the relay function msgToResourceId selects the outbound...

CVE-2026-43897 Link Preview JS: vunerable to IPv6 and internal loopback attacks

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

CVE-2026-44695

Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a...

CVE-2026-34961

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...