PT-2026-40193

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

PT-2026-40231

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network...

PT-2026-40221

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...

PT-2026-40191

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

PT-2026-40223

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network...

PT-2026-40224

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network...

PT-2026-40209

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack...

PT-2026-40229

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...

PT-2026-40192

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

PT-2026-40216

Name of the Vulnerable Software and Affected Versions Windows Hyper-V affected versions not specified Description A use after free issue in Windows Hyper-V allows an unauthorized attacker to perform a guest-to-host attack to elevate privileges locally to SYSTEM level. Use after free is a memory...

PT-2026-40220

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

PT-2026-40234

Name of the Vulnerable Software and Affected Versions Windows Server versions prior to May 12, 2026 Description A stack-based buffer overflow exists in the Windows Netlogon service, specifically within the MS-NRPC handler. This flaw allows an unauthenticated remote attacker to execute arbitrary...

PT-2026-40195

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...

PT-2026-40185

Missing release of memory after effective lifetime in Windows Internet Key Exchange IKE Protocol allows an unauthorized attacker to deny service over a network...

PT-2026-40255

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

PT-2026-40240

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally...

PT-2026-40253

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...

PT-2026-40249

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

PT-2026-40250

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...

PT-2026-40244

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

PT-2026-40257

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description Improper access control allows an unauthorized attacker to perform spoofing locally...

PT-2026-40235

Improper control of generation of code 'code injection' in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network...

PT-2026-40267

A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to improper access control via...

PT-2026-40242

Name of the Vulnerable Software and Affected Versions Microsoft SSO Plugin for Jira & Confluence affected versions not specified Description An incorrect implementation of the authentication algorithm allows an unauthorized attacker to forge login responses and bypass Entra ID. This enables the...

PT-2026-40251

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

PT-2026-40268

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

PT-2026-40247

Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description Improper neutralization of script-related HTML tags in a web page leads to a basic cross-site scripting XSS issue. This lack of data sanitization at the control level allows an...

PT-2026-40237

Name of the Vulnerable Software and Affected Versions Microsoft Windows DNS Client affected versions not specified Description A heap-based buffer overflow exists in the Microsoft Windows DNS Client, specifically within the dnsapi.dll component. This issue occurs during the processing of DNS...

PT-2026-40245

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

PT-2026-40262

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...

PT-2026-40263

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics 365 on-premises affected versions not specified Description Improper control of code generation in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network. This is a code injection...

PT-2026-40236

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally...

PT-2026-40266

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via...

PT-2026-40239

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot for Android affected versions not specified Description Improper access control in the intelligent virtual assistant allows an authorized attacker to perform spoofing attacks locally. Spoofing is a technique where a perso...

PT-2026-40248

Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description A relative path traversal issue in Visual Studio Code Live Preview allows an unauthorized attacker to disclose local information. Path traversal is a flaw that enables users to...

PT-2026-40261

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to perform tampering over a network...

PT-2026-40246

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

PT-2026-40238

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

PT-2026-40256

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description A heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. A heap-based buffer overflow occurs when an application writes more data to ...

PT-2026-40265

Name of the Vulnerable Software and Affected Versions FortiAuthenticator versions 8.0.0 through 8.0.2 FortiAuthenticator versions 6.6.0 through 6.6.8 FortiAuthenticator versions 6.5.0 through 6.5.6 Description An improper access control issue in API endpoints allows an unauthenticated remote...

PT-2026-40264

Name of the Vulnerable Software and Affected Versions ASP.NET Core versions prior to 8.0.27 ASP.NET Core versions prior to 9.0.16 ASP.NET Core versions prior to 10.0.8 Description An unauthorized attacker can cause a denial of service over a network due to a loop with an unreachable exit conditio...

PT-2026-40260

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

PT-2026-40241

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally...

PT-2026-40258

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics 365 on-premises affected versions not specified Description Execution with unnecessary privileges allows an authorized attacker to execute code over a network. Recommendations At the moment, there is no information about a...

PT-2026-40252

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...

PT-2026-40284

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

PT-2026-40278

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb convert encoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

PT-2026-40279

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

PT-2026-40285

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

PT-2026-40288

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...