Security update 2026-05-14

...

PT-2026-40438

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account. Recommendations At the moment, the...

PT-2026-32266

Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information...

Build Numbers and Versions of Veeam Plug-In for HPE Morpheus VM Essentials

This KB article lists all versions of the Veeam Plug-in for HPE Morpheus VM Essentials and their respective worker build numbers. Version | Plug-In / Worker Build | Release Date ---|---|--- Veeam Plug-in for HPE Morpheus VM Essentials 1 Releases Veeam Plug-in for HPE Morpheus VM Essentials 1.1...

PT-2026-7540

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

.NET 10.0 Update - February 10, 2026

.NET 10.0 Update - February 10, 2026 .NET 10.0 has been refreshed with the latest update as of February 10, 2026. This update contains security fixes. See the release notes for details about updated packages..NET 10.0 servicing updates are upgrades. The latest servicing update for 10.0 will remov...

KB5073177 - Description of the security update for SQL Server 2025 GDR: January 13, 2026

KB5073177 - Description of the security update for SQL Server 2025 GDR: January 13, 2026 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...

GHSA-PC9J-5V36-2MWW AWS SDK for Swift adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

EUVD-2025-203281

Exim before 4.99.1 allows remote heap corruption that will be further described on 2025-12-18...

CVE-2025-57712 Qsync Central

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...

CVE-2025-4952

creationtimestamp| type| source ---|---|--- 2025-10-31 14:26:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4iontmsdz2w...

EUVD-2025-6173

Malicious code in bioql PyPI...

EUVD-2023-48068

Malicious code in bioql PyPI...

Azure File Sync Agent v20.1 Release – August 2025 (KB5056953)

Security Update for Azure File Sync agent version 20.1.0.0. For more details, see the associated Microsoft Knowledge Base article...

CVE-2025-7831

creationtimestamp| type| source ---|---|--- 2025-07-19 18:36:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ludm4w2bnk2j...

Ubuntu: Security Advisory (USN-7591-6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-6660

creationtimestamp| type| source ---|---|--- 2025-06-25 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-443/...

CVE-2025-52882 Claude Code IDE extensions allow websocket connections from arbitrary origins

Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks e.g., Cursor, Windsurf, and VSCodium and JetBrains IDEs e.g., IntelliJ, Pycharm, and Android Studio are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages...

CVE-2022-50158

In the Linux kernel, the following vulnerability has been resolved: mtd: partitions: Fix refcount leak in parseredbootof ofgetchildbyname returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

CVE-2025-49331

creationtimestamp| type| source ---|---|--- 2025-06-17 15:31:06+00:00| seen| https://bsky.app/profile/potato.software/post/3lrsstpo6as23 2025-06-17 16:18:10+00:00| seen| Telegram/-G7yge5OOPwalQgUT4aKwTAwYlFDeFB7c6hZGGGT8IukU 2025-06-20 13:43:12+00:00| published-proof-of-concept|...