Microsoft Remote Desktop Client 资源管理错误漏洞

Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. There is a resource management vulnerability in Microsoft Remote Desktop Client. Attackers can exploit this vulnerability to execute code. The following products and versions are affected: Windows 10...

Microsoft Windows NTFS 缓冲区错误漏洞

Microsoft Windows NTFS is a file system provided by the American company Microsoft for managing computer files. This file system features error alerts, disk self-repair functions, and logging capabilities. There is an input validation vulnerability in Microsoft Windows NTFS. Attackers can exploit...

Microsoft azure kubernetes service 路径遍历漏洞

Microsoft Azure Kubernetes Service is a service provided by Microsoft Corporation for deploying, managing, and scaling containerized applications. Microsoft Azure Kubernetes Service has a path traversal vulnerability. Attackers can exploit this vulnerability to execute code remotely...

Ivanti Sentry 操作系统命令注入漏洞

Ivanti Sentry is an online gateway provided by the American company Ivanti. It is used to manage, encrypt, and protect traffic between mobile devices and backend enterprise systems. Versions of Ivanti Sentry prior to R10.5.2, R10.6.2, and R10.7.1 contained an operating system command injection...

PT-2026-48025

Name of the Vulnerable Software and Affected Versions Windows HTTP.sys affected versions not specified Description An integer overflow or wraparound in the HTTP.sys driver allows an unauthorized remote attacker to execute arbitrary code over a network and affect the system. Recommendations At the...

PT-2026-47723

Name of the Vulnerable Software and Affected Versions Blocksy versions prior to 2.1.36 Description Insufficient input sanitization in the blocksy sanitize post meta options function allows authenticated attackers with contributor-level access or higher to store serialized PHP object strings in po...

PT-2026-48042

Name of the Vulnerable Software and Affected Versions Remote Desktop Client affected versions not specified Description A heap-based buffer overflow allows an unauthorized attacker to execute arbitrary code over a network, which can affect the system. A heap-based buffer overflow occurs when an...

PT-2026-47732

Name of the Vulnerable Software and Affected Versions SINEC INS versions prior to V1.0 SP2 Update 6 Description The application fails to properly sanitize user input at the '/api/sftp/uploadFiles' endpoint. This allows an authenticated remote attacker to inject shell command payloads through...

PT-2026-47907

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description An integer underflow wrap or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. Integer underflow occurs when an arithmetic...

📄 Quick Playground for WordPress 1.3.1 Shell Upload

Proof of concept remote shell upload exploit for Quick Playground for WordPress plugin versions 1.3.1 and below. ================================================================================================================================== | Title : Quick Playground for WordPress 1.3.1 —...

ROS-20260609-73-0019

Vulnerability of the Graphics component: The text-based browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird are vulnerable to a numerical overflow vulnerability. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-2207)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a...

CVE-2026-11694

Technical details (affected product, root cause, exploitability) are not publicly available in the provided documents. Monitor for updates.

CVE-2026-11690

Summary: CVE-2026-11690 describes an out-of-bounds read/write in Media component of Google Chrome on macOS, prior to version 149.0.7827.103. A remote attacker who has compromised the renderer process could execute arbitrary code inside the sandbox via a crafted HTML page. The issue is rated High ...

CVE-2026-11688

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-11688

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-11688

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-11688

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-11683

Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-11683

Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...