PT-2026-40317

Out-of-bounds write for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This...

Reconstruction of Personally Identifiable Information from Supervised Finetuned Models

Supervised Finetuning SFT has become one of the primary methods for adapting a large language model LLM with extensive pre-trained knowledge to domain-specific, instruction-following tasks. SFT datasets, composed of instruction-response pairs, often include user-provided information that may...

PT-2026-40092

Unchecked return value for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ma...

PT-2026-40094

Out-of-bounds write for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result...

PT-2026-40089

Null pointer dereference for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

Snappier 安全漏洞

Snappier is a pure C version of the Google Snappy compression algorithm developed by Brant Burnett. Versions prior to Snappier 1.3.1 contained a security vulnerability; this vulnerability stemmed from the inability to escape an infinite loop that occurred when SnappierStream decompressed Snappy...

PT-2026-40088

Improper conditions check in some firmware for some IntelR NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via...

PT-2026-40091

Buffer overflow for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

PT-2026-40095

Divide by zero for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

PT-2026-40096

Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially...

MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.492.b09-2.el9.ML.1 (AXSA:2026-610:09)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-610:09 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

MiracleLinux 9 : java-21-openjdk-21.0.11.0.10-2.el9.ML.1 (AXSA:2026-605:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-605:06 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

RHEL 9 : openssh (RHSA-2026:16059)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16059 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.1.1)

The version of AHV installed on the remote host is prior to AHV-11.0.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.1.1 advisory. - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics...

PT-2026-40079

Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

Intel® NPU Driver Advisory

Summary: Potential security vulnerabilities for some Intel® NPU Drivers may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2026-20754 Description: Improper conditions check in...

May 12, 2026-KB5088862 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022

May 12, 2026-KB5088862 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022 Release Date: May 12, 2026 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows Server 2022. Security...

Siemens SIMATIC

SUMMARY SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general...

Siemens KACO Blueplanet Inverters

SUMMARY KACO blueplanet Inverters contain multiple vulnerabilities that could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access. KACO new energy GmbH has released new versions for several affected products and recommends to...

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.3 Vulnerability Details CVEID:CVE-2025-11187 DESCRIPTION: Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer...