Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via insufficient neutralization of special characters in the query construction. An attacker can execute arbitrary queries against Elasticsearch, OpenSearch, or GemFire...

PT-2026-48985

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description Four authorization and information disclosure issues exist within the chat...

AMD Processors May 2026 Security Update

AMD has informed HP of potential vulnerabilities in some AMD Processors which might allow escalation of privileges, denial of service, and loss of confidentiality, integrity, or availability. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate...

PT-2026-49043

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description An issue exists in the retry endpoint checks where hostname validation allows matching hostname prefixes instead of requiring exact hostnames. This allows attackers to craft a hostname prefix tha...

PT-2026-48950

Name of the Vulnerable Software and Affected Versions form-data versions prior to 2.5.6 form-data versions prior to 3.0.5 form-data versions prior to 4.0.6 Description The field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header withou...

PT-2026-48954

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

PT-2026-48976

Name of the Vulnerable Software and Affected Versions Hash Elements versions prior to 1.5.5 Description An issue in HashThemes Hash Elements allows the retrieval of embedded sensitive system information to an unauthorized control sphere. Recommendations Update to version 1.5.5 or later...

PT-2026-48919

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

Governing Claude Enterprise in Environments Where Inline Controls Can't Go

TrendAI™ integrates the Claude Compliance API into TrendAI Vision One™ through two collectors that bring AI-aware visibility and detection to Claude Enterprise usage: one keeps all data inside the environment, while the other feeds TrendAI Vision One™ for deeper correlation and compliance...

PT-2026-48961

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.8.0 through 9.9.1-alpha.4 Description Applications that enable Multi-Factor Authentication MFA and restrict the get permission on the User class via Class-Level Permissions CLP may expose sensitive user data. The issue...

PT-2026-48841

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories, resulting in data destruction or service disruption...

PT-2026-48822

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A path traversal issue exists in certain devices running UniFi OS. A malicious actor with network access can exploit this to obtain data from the affected devices or instances. Path traversa...

PT-2026-49070

🔴 ShinyHunters exploits Oracle PeopleSoft 0-day CVSS 9.8 targeting 100+ organizations Ransomware group ShinyHunters exploited CVE-2025-35273, a critical server-side request forgery vulnerability in Oracle PeopleSoft, for more than two weeks before Oracle disclosed it. The group targeted roughly 3...

PT-2026-48999

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An issue in the non-REST event editing path allows an authenticated user with event edit permissions to manipulate submitted form data. By tampering with the event edit request, a user can set t...

EulerOS Virtualization 2.13.0 : binutils (EulerOS-SA-2026-2396)

According to the versions of the binutils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of- bounds read in the bfd...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Mistral vulnerability (USN-8422-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8422-1 advisory. Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints...

Linux Distros Unpatched Vulnerability : CVE-2026-12025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer proces...

EulerOS Virtualization 2.13.0 : mesa (EulerOS-SA-2026-2407)

According to the versions of the mesa packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated dat...

Security Updates for Microsoft Word Products C2R (June 2026)

The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-45456, CVE-2026-45458 - Untrusted...

EulerOS Virtualization 2.13.1 : mesa (EulerOS-SA-2026-2378)

According to the versions of the mesa packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated dat...