PT-2026-45768

Name of the Vulnerable Software and Affected Versions Amazon Kiro IDE versions prior to 0.11 Description Insufficient access control restrictions in the file write tool allow remote unauthenticated actors to execute arbitrary commands. This is achieved by using crafted instructions to write to...

PT-2026-45871

Name of the Vulnerable Software and Affected Versions openSeaChest version 26.03.0 Description An out of bounds write occurs during the Trim/Unmap operation in openSeaChest. This issue allows for writing 16 bytes of extra memory outside of the allocated space when describing a range of Logical...

PT-2026-45794

Name of the Vulnerable Software and Affected Versions Spacelabs Healthcare Sentinel versions 10.5.x and higher Spacelabs Healthcare Sentinel versions prior to 11.6.0 Description An unauthenticated remote code execution issue exists via a deprecated .NET Remoting HTTP channel exposed on port 8989...

PT-2026-46436

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds write occurs in ANGLE, which is a compatibility layer that allows OpenGL ES to run on various graphics APIs. This issue allows a remote attacker to potentially exploit...

PT-2026-46700

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds write occurs in V8, the JavaScript and WebAssembly engine. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code with...

SUSE SLES12 Security Update : kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:2137-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2137-1 advisory. This update for the SUSE Linux Enterprise Kernel 4.12.14-122.258 fixes various security issues The following security issues were fixed: -...

PT-2026-45877

Name of the Vulnerable Software and Affected Versions openSeaChest version 25.05.3 Description An out-of-bounds write exists in the --showSupportedFormats command. This occurs when a maliciously crafted NVMe device provides a bogus value in the namespace FLBAS byte, allowing one extra byte to be...

From Untrusted Input to Trusted Memory: A Systematic Study of Memory Poisoning Attacks in LLM Agents

Memory is a core component of AI agents, enabling them to accumulate knowledge across interactions and improve performance. However, persistent memory introduces the risk of memory poisoning, where a single adversarial memory write can exert long-term influence over agent behavior. We present a...

PT-2026-46566

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds write occurs in Codecs, which could allow a remote attacker to potentially perform a sandbox escape by using a crafted video file. A sandbox escape is a technique used ...

PT-2026-45750

Name of the Vulnerable Software and Affected Versions Gleam versions 1.16.0 through 1.17.0 Description A path traversal issue exists in the handling of custom documentation pages. The documentation.pages entries within the gleam.toml file are incorporated into filesystem paths without sufficient...

PT-2026-45745

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...

SUSE SLES15 Security Update : kernel RT (Live Patch 10 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2131-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2131-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.34 fixes various security issues The following security issues were fixed: -...

CVE-2026-45691

A flaw was found in Nextcloud Server. An attacker could reuse a pre-two-factor authentication 2FA session cookie as a Bearer token. This allows them to authenticate against DAV endpoints, granting unauthorized read and write access and bypassing the mandatory two-factor authentication. Mitigation...

CVE-2026-25259 Out-of-bounds Write in DSP Service

Memory corruption while processing multiple IOCTL command for escape operations...

CVE-2026-24088 Missing Authentication for Critical Function in Boot

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

CVE-2026-24088

Technical details are not publicly available in the provided documents for CVE-2026-24088. Monitor for updates.

CVE-2026-24088 Missing Authentication for Critical Function in Boot

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

CVE-2025-59614 Out-of-bounds Write in Windows Compute

Memory Corruption when sending random number generator command with insufficient output buffer size...

CVE-2025-59611 Out-of-bounds Write in Core Services

Memory corruption in diagnostic services due to absence of input validation...

CVE-2025-59606

The CVE-2025-59606 entry describes a memory corruption flaw triggered by writing to invalid memory locations caused by heap exhaustion during secure data initialization. The CVSS 3.1 vector indicates a local, low-privilege, no-user-interaction exposure with high impact to confidentiality, integri...