PT-2026-52030

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable 01 until 0.2026.05.06.15.42.stable 01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the...

PT-2026-52035

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable 01 until 0.2026.05.06.15.42.stable 01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows...

PT-2026-51957

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix write hang in passthrough mode The invalidate remove function has incomplete logic for handling write hit bios after cache invalidation. It sets up the remapping for the overwrite bio but then drops it immediately...

PT-2026-51760

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

PT-2026-52127

Name of the Vulnerable Software and Affected Versions MP4Box version 2.5-DEV-rev1593-gfe88c3545-master Description A heap use-after-free occurs when the gf filter pid inst swap delete task function in the filter core/filter pid.c component improperly accesses objects after they have been freed...

PT-2026-52132

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid inst swap delete task function located in /filter core/filter pid.c. This flaw allows an attacker to trigger a Denial of Service DoS b...

PT-2026-52140

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference occurs in the gf filter in parent chain function located in /filter core/filter pid.c. This issue allows an attacker to trigger a Denial of Service DoS by...

PT-2026-52139

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid get packet function located in /filter core/filter pid.c. This occurs when the software processes a specially crafted media file, whic...

PT-2026-52133

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A buffer overflow occurs in the gf media import function located in /media tools/av parsers.c. This issue allows remote attackers to cause a Denial of Service DoS by providing a special...

PT-2026-52141

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph name regexp in the Reports feature. This issue has been fixed in version 1.2.31...

PT-2026-52182

Name of the Vulnerable Software and Affected Versions OliveTin affected versions not specified Description The filterToDefinedArgumentsOnly function in the executor fails to properly restrict arguments, allowing any argument starting with the ot prefix to bypass input filtering. While the system ...

PT-2026-51836

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH BED LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a singl...

PT-2026-51952

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic enable In case if we get errors in cdns mhdp link up or cdns mhdp reg read in atomic enable, we will go to cdns mhdp modeset retry fn and will hit...

PT-2026-51907

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlan get size not reserving space for IFLA MACVLAN BC CUTOFF macvlan get size does not account for IFLA MACVLAN BC CUTOFF, but macvlan fill info conditionally includes it when port-bc cutoff != 1. This causes nla...

PT-2026-51926

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL deref in map kptr match type for scalar regs Commit ab6c637ad027 "bpf: Fix a bpf kptr xchg issue with local kptr" refactored map kptr match type to branch on btf is kernel before checking base type. A scalar registe...

PT-2026-51881

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid double drm exec fini in userq validate When new addition is true, amdgpu userq vm validate calls drm exec fini&exec before iterating over the collected HMM ranges and calling amdgpu ttm tt get user pages. If...

PT-2026-51787

Name of the Vulnerable Software and Affected Versions Mailerup versions prior to 1.0.0 Description An open redirect issue exists in the safe redirect function of the click-tracking endpoint '/c//'. Remote unauthenticated attackers can redirect users to arbitrary external sites to perform phishing...

PT-2026-51725

In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the out free req label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...

PT-2026-51648

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

CVE-2025-60467

A use-after-free in the gffilterpidinstswapdeletetask function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...