CVE-2026-0506

The CVE-2026-0506 issue affects SAP NetWeaver ABAP/ABAP Platform (Application Server ABAP) and is caused by a Missing Authorization Check in an RFC function that can execute FORM routines. An authenticated attacker could write/modify data accessible via FORMs and invoke system functionality expos...

CVE-2026-0498 Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)

SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...

CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...

CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...

KB5073450: Windows Server version 23H2 Security Update (January 2026)

The remote Windows host is missing security update 5073450. It is, therefore, affected by multiple vulnerabilities - Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. CVE-2026-20857 - An issue was discovered in...

Microsoft Windows Remote Procedure Call Runtime 资源管理错误漏洞

Microsoft Windows Remote Procedure Call Runtime is a powerful technology for creating distributed client/server programs from Microsoft Corporation USA. A resource management error vulnerability exists in Microsoft Windows Remote Procedure Call Runtime. An attacker could exploit the vulnerability...

PT-2026-2682

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description An issue exists that allows for privilege escalation on affected systems. This could allow attackers to gain elevated access. Recommendations At the moment, there is no information about a...

KB5073457: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (January 2026)

The remote Windows host is missing security update 5073457. It is, therefore, affected by multiple vulnerabilities - Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. CVE-2026-20857 - An issue was discovered in...

KB5073722: Windows 10 Version 1607 / Windows Server 2016 Security Update (January 2026)

The remote Windows host is missing security update 5073722. It is, therefore, affected by multiple vulnerabilities - An issue was discovered in Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 aka AGRSM64.sys. There is Local Privilege Escalation to SYSTEM via a Stack Overflow in...

This Week in Spring - January 13th, 2026

Hi, Spring fans, and welcome to another installment of This Week in Spring! It's the 13th of January, 2026, and it's been quite the week indeed! Let's dive right into it! Nobody, and I mean nobody , asked. So I put together a video on how to use Spring WS to build SOAP-based services in 2026. Hey...

PT-2026-2327

Name of the Vulnerable Software and Affected Versions SAP Landscape Transformation affected versions not specified Description The software contains a flaw in a function module exposed via Remote Function Call RFC that allows an attacker with administrative privileges to inject arbitrary ABAP cod...

KLA90840 Multiple vulnerabilities were found in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information, cause denial of service, spoof user interface. Below is a complete list of...

PT-2026-2623

CVE-2025-8090 A null pointer dereference vulnerability in the MsgRegisterEvent system call of the QNX Neutrino Kernel in QNX SDP 7.1 and 7.0, and QNX OS for Safety 2.2, 2.1 and 2.0… https://t.co/avEstN8B4y...

KB5073723: Windows 10 version 1809 / Windows Server 2019 Security Update (January 2026)

The remote Windows host is missing security update 5073723. It is, therefore, affected by multiple vulnerabilities - Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. CVE-2026-20857 - An issue was discovered in...

PT-2026-2340

Name of the Vulnerable Software and Affected Versions Application Server ABAP and ABAP Platform affected versions not specified Description A missing authorization check exists in Application Server ABAP and ABAP Platform. An authenticated attacker can misuse an RFC function to execute form...

PT-2026-2491

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions 5.0.0 through 6.10.1 Description OpenC3 COSMOS provides functionality to send commands to and receive data from embedded systems. Versions 5.0.0 through 6.10.1 contain a remote code execution issue reachable through the...

SAP Landscape Transformation 代码注入漏洞

SAP Landscape Transformation is a tool for system data migration and integration from SAP, Germany. SAP Landscape Transformation suffers from a code injection vulnerability that originates from an attacker being able to inject arbitrary ABAP code or OS commands via RFC-exposed function modules,...

PT-2026-2334

Name of the Vulnerable Software and Affected Versions SAP S/4HANA Private Cloud and On-Premise affected versions not specified Description The software contains a flaw in a function module exposed via Remote Function Call RFC. An attacker with administrative privileges can exploit this to inject...

ROS-20260112-7336

A vulnerability in the svctcplistendataready function in the net/sunrpc/svcsock.c module of the Linux kernel's RPC Remote Procedure Call protocol implementation is related to the reuse of previously freed memory due to competitive access to a resource race condition. Exploitation of the...

MLflow 访问控制错误漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. An Access Control Error vulnerability exists in MLflow 3.4.0 and prior versions, which stems from a la...