ROS-20260611-73-0026

The vulnerability in freerdp3 is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260611-73-0029

The vulnerability in freerdp is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Limatek LimRAD NAC 代码问题漏洞

Limatek LimRAD NAC is a network access control system developed by the Turkish company Limatek. Versions of Limatek LimRAD NAC prior to 5.5.7.3.9 contained code vulnerabilities. These vulnerabilities stemmed from an unlimited upload of dangerous types of files, which could lead to remote code...

PT-2026-48740

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description An issue exists where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to...

PT-2026-48690

Name of the Vulnerable Software and Affected Versions @openzeppelin/wizard versions prior to 0.10.9 Description The OpenZeppelin Contracts Wizard generates example test files for Hardhat test/test.ts and Foundry test/.t.sol that interpolate user-supplied strings opts.name and opts.uri into the te...

AMD CPU OP Cache May 2026 Security Update

AMD has informed HP of a potential security vulnerability in some AMD Processors which might allow escalation of privilege or arbitrary code execution. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has...

CyberArk Idira Privileged Session Manager 路径遍历漏洞

CyberArk Idira Privileged Session Manager is a privileged session management platform developed by the American company CyberArk. Versions of CyberArk Idira Privileged Session Manager prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 contained a path traversal vulnerability. This vulnerability stemmed...

PT-2026-48701

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasl io start packet, adding sizeofuint32 t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap...

PT-2026-48660

Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9...

PT-2026-48681

Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...

PT-2026-48787

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability due to insufficient checks. This vulnerability could allow applications to bypass startup restriction protections and execute...

PT-2026-48810

Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.7.3 Description The ext in upload validation rule incorrectly checks the MIME-derived guessed extension instead of the extension provided in the client filename. This allows a file with an executable extension,...

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.25 had code vulnerabilities, stemming from path traversal issues during the loading of memory core artifacts. The state of the workspace affected the resolution of local package...

VS Code Extension Persistence

This Metasploit module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS Code is launched, providing persistent code execution. Supports VS Code, VS Code Insiders, VSCodium, VS Code Server, and Cursor. Tested...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from the fact that extension metadata during market runtime could be redirected to load into unscanned packa...

389 Directory Server 输入验证错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a vulnerability related to input validation. This vulnerability stems from an integer overflow in the SASL I/O layer. In the function...

GitLab Enterprise Edition（EE） 跨站脚本漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. Versions of GitLab EE from 17.1 to 18.10.8, 18.11 to 18.11.5, and 19.0 to 19.0.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input in the analysis...

Keras 路径遍历漏洞

Keras is an open-source deep learning framework developed by Keras. Versions of Keras prior to 3.14.0 contained a path traversal vulnerability. This vulnerability stemmed from a path traversal issue in the archive extraction tool. The functions filtersafetarinfos and filtersafezipinfos used to...

PT-2026-48661

Name of the Vulnerable Software and Affected Versions Check Point Identity Agent Full for Windows OS affected versions not specified Description A local privilege escalation issue exists where an authenticated local user can execute arbitrary code with SYSTEM privileges. This occurs due to improp...