CVE-2026-56113

A flaw was found in dhcpcd. An unauthenticated attacker on the same network link can exploit this vulnerability by sending a specially crafted DHCPv6 RENEW reply. This can lead to a Denial of Service DoS, causing the dhcpcd daemon to crash due to a heap use-after-free vulnerability...

CVE-2026-7574

Anthropic Claude Desktop Cowork VM image handling confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0 validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local...

PT-2026-51668

Name of the Vulnerable Software and Affected Versions Post Duplicator versions prior to 3.0.15 Description Users with Contributor-level access and above can perform a PHP Object Injection. This occurs because the plugin fails to safely handle custom meta-data during post duplication, storing...

CVE-2026-49269

Apple M1 GPUs expose a cross-process register state leakage: a sandboxed Metal attacker can read stale values from another sandboxed process’s compute shader dispatches, potentially recovering a 128-bit secret that was loaded into GPU registers. In proof-of-concept, a victim app writes a fresh se...

PT-2026-52038

Name of the Vulnerable Software and Affected Versions Tapo C200 v3 Description A denial-of-service DoS issue exists in the network packet handling logic due to improper processing of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource...

PT-2026-52043

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A race condition in DevTools allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achieved by using a crafted HTML...

CSRF vulnerability and missing permission check in contrast-continuous-application-security

contrast-continuous-application-security 3.11 and earlier does not perform a permission check in an HTTP endpoint that tests the connection to a Contrast TeamServer. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, AP...

CSRF vulnerability and missing permission check in zdevops

zdevops 1.1.3.50.ve350c9b450b1 and earlier does not perform a permission check in an HTTP endpoint implementing a connection test. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

PT-2026-52131

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.99 Description The 'POST /api/v1/admin/send-test-email' endpoint allows the use of attacker-controlled smtpHost and smtpPort values to establish a raw JavaMail TCP connection. This process bypasses the...

PT-2026-52040

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description An inappropriate implementation in the Autofill feature allows a remote attacker who has already compromised the renderer process to leak cross-origin data. This is achieved by using a...

PT-2026-51814

Name of the Vulnerable Software and Affected Versions Jenkins Assembla Plugin versions prior to 1.5 Description A missing permission check allows users with Overall/Read permission to force the system to connect to an arbitrary URL using a specified username and password. Recommendations Update...

PT-2026-51657

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default and listens for UDP messages on port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes...

PT-2026-51654

Name of the Vulnerable Software and Affected Versions GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default on UDP port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes a UDP message and performs an unsafe...

ROS-20260624-73-0030

The vulnerability in Netty is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

ROS-20260624-73-0022

The vulnerability in Netty is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

ROS-20260624-73-0023

The vulnerability in Netty is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

ROS-20260624-73-0019

The vulnerability in jpegxl is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Linux Distros Unpatched Vulnerability : CVE-2026-12969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with...

ROS-20260624-73-0026

The vulnerability in Netty is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests a type of HTTP request smuggling attack...

ROS-20260624-73-0032

The vulnerability in Netty is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...