PT-2026-45759

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 14.1.x through 14.3.x Progress Sitefinity versions prior to 14.4.8152 Progress Sitefinity versions prior to 15.0.8234 Progress Sitefinity versions prior to 15.1.8335 Progress Sitefinity versions prior to 15.2.8441...

PT-2026-45761

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 15.2.x through 15.2.8440 Progress Sitefinity versions 15.3.x through 15.3.8530 Progress Sitefinity versions 15.4.x through 15.4.8629 Description An authorization bypass exists in web services where a user-controlle...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

PT-2026-45848

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

PT-2026-45788

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The SQL query editor's autocomplete functionality fails to sanitize database object names before rendering them using innerHTML. This allows an authenticated Developer with access to a shared PostgreS...

PT-2026-46530

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Payments component allows a remote attacker to perform UI spoofing via a crafted HTML page, provided they can convince a user to perform specific ...

PT-2026-46751

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the WebUI allows a remote attacker to perform domain spoofing by using a crafted domain name. Recommendations Update to version 149.0.7827.53 or later...

PT-2026-45803

NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...

PT-2026-45709

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

PT-2026-45867

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 7.260227.0 Description An issue exists in the rendering of email-message observable body data where the content of the body field is not appropriately sanitized. This allows for Cross-Site Scripting XSS, a technique...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

PT-2026-45695

CVE-2026-46718: Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution https://t.co/JDLPkVroc8...

PT-2026-45901

Name of the Vulnerable Software and Affected Versions morgan versions 1.2.0 through 1.10.1 Description The logging middleware fails to neutralize control characters when the :remote-user token extracts the Basic auth username from the Authorization request header. An unauthenticated attacker can...

PT-2026-46632

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the WebUI allows a remote attacker who has compromised the renderer process to leak cross-origin data through the use of a crafted HTML pag...

PT-2026-46475

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A heap buffer overflow occurs in the Media component. This issue allows a remote attacker to execute arbitrary code within a sandbox if a user is convinced to perform specific UI gestur...

PT-2026-45849

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

Containerd 1.7.27 < 1.7.32 / 2.0.4 < 2.0.9 / 2.1.x < 2.2.4 / 2.3.x < 2.3.1 runAsNonRoot Bypass

The version of Containerd on the remote host is 1.7.27 prior to 1.7.32, 2.0.4 prior to 2.0.9, 2.1.x prior to 2.2.4, or 2.3.x prior to 2.3.1. It is, therefore, affected by a security bypass vulnerability. A bug was found in containerd where containers launched with a numeric User directive that...

PT-2026-46520

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in V8 allows a remote attacker to execute arbitrary code inside a sandbox. This is achieved by convincing a user to perform specific UI gestures while interacting...

PT-2026-46518

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in V8 allows a remote attacker to potentially exploit heap corruption, which occurs when memory is allocated in the heap area is corrupted, via a crafted...