PT-2026-40149

Name of the Vulnerable Software and Affected Versions Windows Message Queuing affected versions not specified Description A heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker located on an adjacent network to execute arbitrary code. A heap-based buffer overflow...

CVE-2026-31241

The CVE-2026-31241 entry concerns the mem0 1.0.0 server, where the DELETE /memories endpoint fails to enforce authentication/authorization. This allows unauthenticated attackers to delete memory records by supplying arbitrary identifiers (e.g., user_id, run_id, agent_id) via query parameters, pot...

PT-2026-40188

Name of the Vulnerable Software and Affected Versions Microsoft Office Click-To-Run affected versions not specified Description Insufficient granularity of access control in the Click-to-Run C2R technology of Microsoft Office and Microsoft 365 Apps for Enterprise allows an authorized attacker to...

PT-2026-40228

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...

PT-2026-40230

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...

GHSA-M85W-WHWH-QVFX GPT-Pilot contains a command injection vulnerability in the Executor.run() method

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

GPT-Pilot contains a command injection vulnerability in the Executor.run() method

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

EUVD-2026-29054

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

CVE-2026-31246

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

SUSE CVE-2026-43308

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG on unexpected delayed ref type in runonedelayedref There is no need to BUG, we can just return an error and log an error message...

CVE-2026-42880

A flaw was found in Argo CD, a GitOps continuous delivery tool for Kubernetes. A missing authorization and data-masking gap in the ServerSideDiff endpoint allows an attacker with read-only access to extract sensitive Kubernetes Secret data. This information disclosure occurs by leveraging the...

BIT-ARGO-CD-2026-42880 ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext...

GPT PILOT 安全漏洞

GPT PILOT is an open-source AI-driven full-featured application development tool developed by Pythagoras-io. There is a security vulnerability in GPT PILOT, which stems from the Executor.run method accepting free-text input without proper validation. This vulnerability could allow attackers to...

CVE-2026-31246

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

PT-2026-39616

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

CVE-2026-43308

A flaw was found in the Linux kernel's Btrfs filesystem. An unexpected delayed reference type in the runonedelayedref function could lead to a system crash. This vulnerability could allow a local attacker to cause a denial of service DoS by triggering the unexpected reference type...

CVE-2026-43308

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG on unexpected delayed ref type in runonedelayedref There is no need to BUG, we can just return an error and log an error message...

UBUNTU-CVE-2026-43308

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG on unexpected delayed ref type in runonedelayedref There is no need to BUG, we can just return an error and log an error message...

CVE-2026-44334

PraisionAI contains an unauthenticated RCE path in templates/tool_override.py that was not gated after CVE-2026-40287 was fixed. From 4.5.139 up to 4.6.32, tools.py auto-imports were guarded in tool_resolver.py and api/call.py by PRAISONAI_ALLOW_LOCAL_TOOLS, but an additional import sink in prais...

CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG on unexpected delayed ref type in runonedelayedref There is no need to BUG, we can just return an error and log an error message...