PT-2026-44005

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

Jenkins Email Extension Plugin 安全漏洞

The Jenkins Email Extension Plugin is an open-source extension for Jenkins that handles email notifications and build messages. The Jenkins Email Extension Plugin versions 1933.v45cec755423f and earlier contain security vulnerabilities. These vulnerabilities stem from allowing base64-encoded imag...

PT-2026-44014

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Libraries Plugin versions prior to 797.v90ea a 9b e45a 0 Description The plugin does not prohibit symbolic links in shared libraries. This allows attackers who can control the content of a library used by a Pipeline jo...

PT-2026-44159

Summary CustomReports uses inconsistent authorization between the report listing endpoint and the report detail endpoint. - The listing flow filters reports based on report-sharing rules - The detail flow only checks generic reports or reports config permissions As a result, a low-privileged...

CVE-2026-46078

erofs: fix the out-of-bounds nameoff handling for trailing dirents...

PT-2026-43588

A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

Synology Active Backup for Business SQL注入漏洞

Synology Active Backup for Business is an enterprise data backup and recovery management platform provided by the Chinese company Synology. Synology Active Backup for Business has a SQL injection vulnerability, which allows unauthorized remote attackers to read arbitrary files...

PT-2026-43828

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Memory leaks occur in the gfs2 fill super error handling path when transitioning a filesystem to read-write mode fails. The first leak involves kthread objects, such as thread struct and...

PT-2026-43824

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue in the Linux kernel can lead to a deadloop within the rcu read unlock function due to softirq. This occurs because recursion-protection code was removed from the rcu read unlock...

PT-2026-43753

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where the prototype for the bpf xdp store bytes function is incorrect. The verifier incorrectly expects the third argument to be of type ARG PTR TO...

Samba 访问控制错误漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a control access vulnerability that stems from the lack of SMB-layer access checks when handling NTFS-style symbolic links. This vulnerability allows authenticated users to create or...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from issues with the pt5161lreadblockdata function in pt5161l, including buffer overflows and improper...

PT-2026-44616

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds read in Dawn allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. An out of bounds read occurs when a program reads data past the...

Linux Distros Unpatched Vulnerability : CVE-2026-46096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm2-sessions: Fix missing tpmbufdestroy in tpm2readpublic tpm2readpublic calls tpmbufinit but fails to call tpmbufdestroy on two exit paths, leaking a page...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of READONCE to read the struct ublskrvctrlcmd, potentially leading to race conditions...

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that GET...

PT-2026-43991

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

CVE-2026-46051

md/raid5: fix soft lockup in retryalignedread...

Realtek rtl819x - Local Privilege

Exploit Title: Realtek rtl819x - Local Privilege Escalation Date: 2026-05-03 Exploit Author: Daniil Gordeev Vendor Homepage: http://www.realtek.com Software Link: https://github.com/iptime-gpl/userappsn104qi representative GPL release Version: Realtek rtl819x Jungle SDK, all known versions throug...