📄 Microsoft Windows Defender MsMpEng.exe Race Condition / Privilege Escalation

A race condition exists between Windows Defender's MpCleanCallbackFunction cleanup routine and Volume Shadow Copy creation. This vulnerability allows an attacker to escalate privileges to NT AUTHORITY\SYSTEM. This Metasploit module demonstrates the issue...

CVE-2026-38714

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

CVE-2026-38717

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

CVE-2026-38716

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

Vendor-signed UEFI applications found vulnerable to Secure Boot bypass

Overview Multiple vendor-signed UEFI applications are vulnerable to Secure Boot bypass via a "Bring Your Own Vulnerable Driver" BYOVD-style attack. If a target system trusts the affected vendor’s certificate, an attacker can exploit these applications to execute arbitrary code during the early...

Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args

The Docker API server accepted a request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command --utility-cmd-prefix, --renderer-cmd-prefix, --gpu-launcher, --browser-subprocess-path...

📄 Wing FTP Server 8.1.2 Remote Code Execution via Session Poisoning

This proof of concept remote code execution exploit abuses a flaw in how Wing FTP Server handles admin session serialization, specifically the mydirectory basefolder field. Version 8.1.2 is affected...

CVE-2026-38715

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

PT-2026-50700

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

PT-2026-50806

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description An arbitrary shell command execution issue exists where UI modules hardcode approval mode to auto, which overrides the administrator configuration set in the PRAISON APPROVAL MODE environment...

PT-2026-50727

Development Runner Telephony WebSocket /ws Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID Summary The pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without any authentication. An unauthenticated remote attacker who...

PT-2026-50691

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the...

Siemens RUGGEDCOM RST2428P Infinite Loop (CVE-2026-23220)

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by nextsmb2rcvhdroff reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In processrequest, if checksignreq returns an error, setsmb2rspstatuswork...

ROS-20260618-73-0005

The vulnerability of the MSL Magick Scripting Language command in the console-based image editing tool ImageMagick is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability can allow an attacker to cause a service failure...

ROS-20260618-73-0006

The vulnerability of the MSL Magick Scripting Language command in the console-based image editing tool ImageMagick is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability can allow an attacker to cause a service failure...

Internet Systems Consortium BIND DNSSEC DNSKEY Extended Flags denial of service vulnerability

Summary A denial of service vulnerability exists in the DNSSEC DNSKEY Extended Flags functionality of BIND versions: 9.21.21. A specially crafted mirror domain can lead to a denial of service. An attacker can serve a malicious zone to trigger this vulnerability. Confirmed Vulnerable Versions The...

Siemens RUGGEDCOM RST2428P Stack-based Buffer Overflow (CVE-2025-6170)

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare...

Siemens RUGGEDCOM RST2428P Missing Synchronization (CVE-2026-23229)

In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl speed -evp aes-128-c...

Siemens RUGGEDCOM RST2428P Stack-based Buffer Overflow (CVE-2025-69720)

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyzestring in progs/infocmp.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

PT-2026-50812

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update connection/// -- were the only routes in the module missing the @pga login required decorator. Both reach a pickle.loads sink on session'gridData''command...