PT-2026-32756

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A double free issue in the Windows Secure Kernel allows an authorized attacker to elevate privileges locally, enabling a low-privilege user to gain administrative access to the...

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

PT-2026-32883

Name of the Vulnerable Software and Affected Versions Microsoft Windows 10 Version 1607 versions 10.0.14393.0 through 10.0.14393.9059 Description A double free issue exists in the Windows IKE Extension. This flaw allows an unauthorized remote attacker to trigger memory corruption in the IKE servi...

PT-2026-32840

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description Improper privilege management in the Telemetry Service allows an authorized attacker to cause a local denial of service, which affects the system. Recommendations At the moment, the...

PT-2026-32691

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...

PT-2026-32778

CVE-2026-27916 Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally. https://t.co/58w4XiQTfi...

PT-2026-32831

🪟 COM EoP CVE-2026-32162 again? When Microsoft’s “trust boundaries” are just vibes, every COM hop is a potential jailbreak. Triage fast: local users turning into admins is the usual horror sequel. https://t.co/nNowXseXJj ElevationOfPrivilege MicrosoftMsrc WindowsCom https://t.co/7B8CqiBKho...

PT-2026-32847

Name of the Vulnerable Software and Affected Versions Windows Kernel affected versions not specified Description A stack-based buffer overflow in the Windows Kernel allows an authorized attacker to elevate privileges locally. A stack-based buffer overflow occurs when a program writes more data to...

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. There is a security vulnerability in jq, which stems from the CLI input parsing mechanism allowing bypasses through the embedding of the NUL byte, potentially leading to parser-side attacks...

PT-2026-32855

Name of the Vulnerable Software and Affected Versions .NET affected versions not specified Visual Studio affected versions not specified Description A stack-based buffer overflow allows an unauthorized attacker to cause a denial of service over a network. A stack-based buffer overflow occurs when...

PT-2026-32748

Name of the Vulnerable Software and Affected Versions System.Security.Cryptography.Xml versions 10.0.0 through 10.0.5 System.Security.Cryptography.Xml versions 9.0.0 through 9.0.14 System.Security.Cryptography.Xml versions 8.0.0 through 8.0.2 Description Uncontrolled resource consumption in the...

PT-2026-32871

Name of the Vulnerable Software and Affected Versions Windows HTTP.sys affected versions not specified Description An out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to cause a denial of service over a network. Recommendations At the moment, there is no information about a...

Ubuntu: Security Advisory (USN-8167-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2026-33116

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

CVE-2026-33948

CVE-2026-33948 affects jq, a command-line JSON processor. Before commit 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b, input parsing uses strlen() on data read from files or stdin, causing truncation at the first NUL byte and validating only the prefix as JSON. This enables an attacker to craft input ...

CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

EUVD-2026-22158

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...