PT-2026-40778

Name of the Vulnerable Software and Affected Versions Zen 2-based products affected versions not specified Description A flaw in the CPU operation op/µop cache allows for the execution of incorrect instructions at a higher privilege level, which can lead to an elevation of privilege affecting the...

GHSA-HCWR-PQ9G-RQ3M apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)

apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and available via ChecksumString, and the downloaded package control hash is computed, but the two values are never...

PT-2026-36806

Name of the Vulnerable Software and Affected Versions Ansible Automation Platform Gateway versions 2.6 and later Description A flaw in the AAP gateway involves the user auto-link strategy, which automatically links an external Identity Provider IDP identity to an existing user account based on...

PT-2026-36800

Name of the Vulnerable Software and Affected Versions Norton Secure VPN affected versions not specified Description A privilege escalation issue occurs during the installation of the software via the Microsoft Store. A low-privilege user can replace files during the installation process,...

CVE-2026-5970

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

PT-2026-28696

Name of the Vulnerable Software and Affected Versions SourceCodester Note Taking App version 1.0 Description A cross-site request forgery condition exists in SourceCodester Note Taking App. The issue impacts an unknown function and allows for remote exploitation. The exploit has been publicly...

PT-2026-28440

Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description A code injection issue exists in BUFFALO Wi-Fi router products. Successful exploitation of this issue could allow for the execution of arbitrary code on affected devices...

CVE-2026-27147

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

CVE-2026-27146

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...

PT-2026-7297

Name of the Vulnerable Software and Affected Versions IntelR Quick Assist Technology for some IntelR Platforms affected versions not specified Description An improper authorization issue exists within the kernel of IntelR Quick Assist Technology for some IntelR Platforms within Ring 0. This may...

PT-2026-7420

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description Inserting specific large documents into a replica set may cause secondary nodes to fail to retrieve the oplog from the primary node. This can halt replication within the replica set,...

PT-2026-6986

Name of the Vulnerable Software and Affected Versions Tenda AC8 version 16.03.33.05 Description A buffer overflow issue exists in the Embedded Httpd Service component of Tenda AC8. The flaw is located in the file '/goform/fast setting wifi set' and is triggered by manipulating the timeZone...

PT-2026-6703

Name of the Vulnerable Software and Affected Versions versions prior to 2026-24929 Description An out-of-bounds read issue exists in the graphics module. Successful exploitation could impact system availability. Recommendations At the moment, there is no information about a newer version that...

PT-2026-6701

Name of the Vulnerable Software and Affected Versions versions prior to 2026 affected versions not specified Description A heap-based buffer overflow vulnerability exists in the image module. Successful exploitation of this issue may affect availability. Recommendations At the moment, there is no...

PT-2026-6706

Name of the Vulnerable Software and Affected Versions versions prior to 2026-24916 Description An identity authentication bypass issue exists in the window module. Successful exploitation could compromise service confidentiality. Recommendations At the moment, there is no information about a newe...

PT-2026-6702

Name of the Vulnerable Software and Affected Versions Huawei HarmonyOS affected versions not specified Description An out-of-bounds write issue exists in the camera module. Successful exploitation of this issue may affect system availability. Recommendations At the moment, there is no information...

PT-2026-6607

Name of the Vulnerable Software and Affected Versions Tanium Appliance affected versions not specified Description An improper input validation issue exists in Tanium Appliance. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

CVE-2026-25040

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

PT-2026-2032

Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A flaw exists in the strcpy function within the /goform/formConfigFastDirectionW file. Manipulation of the ssid argument can lead to a buffer overflow, potentially allowing for remote exploitation...

PT-2026-2147

Name of the Vulnerable Software and Affected Versions Tenda 300Mbps Wireless Router F3 Tenda N300 Easy Setup Router Description The routers transmit login credentials in plaintext during the initial login or after a factory reset through the web-based administrative interface. An attacker on the...