PT-2026-48311

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Description Applications may be subject to denial of service through resource exhaustion. This...

CVE-2025-52293

GPAC MP4Box v2.4 contains a DoS vulnerability in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) when processing crafted HEVC SPS data. This results in a segmentation fault and possible denial of service under network conditions with no user interaction. The CVSS vector indic...

CVE-2025-55651

A NULL pointer dereference in the gfisomgetuserdatacount function isomedia/isomread.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-47530

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java Web Container affected versions not specified Description An unauthenticated attacker can craft a malicious HTTP logon request that manipulates file inclusion parameters. This enables path traversal, which...

Linux Distros Unpatched Vulnerability : CVE-2026-11686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer...

EulerOS 2.0 SP11 : mesa (EulerOS-SA-2026-2217)

According to the versions of the mesa packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an...

Linux Distros Unpatched Vulnerability : CVE-2026-11685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted...

PT-2026-47535

SAP MDG Review Match Groups Application does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while...

PT-2026-47534

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform affected versions not specified Description An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML documents to the verifier. This...

PT-2026-47687

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.2.9.3492 build 20260507 QuTS hero versions prior to h5.2.9.3499 build 20260514 QuTS hero versions prior to h5.3.4.3500 build 20260520 QuTS hero versions prior to h6.0.0.3500 build 20260520 Description A cross-site...

PT-2026-47772

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive...

Hermes Web UI 安全漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.269 contained security vulnerabilities. These vulnerabilities were caused by a configuration file isolation bypass issue, which could allow authenticated users to acces...

PT-2026-47875

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...

CVE-2026-36719

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...

Adobe USD-Fileformat-plugins Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within t...

PT-2026-48320

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

PT-2026-48021

Name of the Vulnerable Software and Affected Versions Visual Studio Code versions prior to 1.123.1 Description Exposure of sensitive information to an unauthorized actor allows an attacker to disclose information over a network. Recommendations Update to version 1.123.1 or later...

PT-2026-47537

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

PT-2026-48329

Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14;...

Malwarebytes EDR 输入验证错误漏洞

Malwarebytes EDR is a terminal detection and response platform provided by the American company Malwarebytes. Version 1.0.11 of Malwarebytes EDR contains a vulnerability related to input validation. This vulnerability arises from truncating data exceeding 4GB during computing hash calculations,...