PT-2026-40618

Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add user endpoint with POST requests...

PT-2026-40675

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic ca...

PT-2026-40686

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in netif napi del locked on disconnect Remove redundant netif napi del call from disconnect path. A WARN may be triggered in netif napi del locked during USB device disconnect: WARNING: CPU: 0 PID: 11 ...

PT-2026-40629

Name of the Vulnerable Software and Affected Versions Firmament-Autopilot FMT-Firmware commit de5aec Description A buffer overflow exists in the task mavobc entry function located at /comm/task comm.c. A buffer overflow occurs when a program writes more data to a block of memory, or buffer, than ...

PT-2026-40763

Name of the Vulnerable Software and Affected Versions cowboy versions 2.0.0 through 2.14.x Description An issue in multipart header parsing allows an unauthenticated attacker to cause a denial of service via unbounded buffer accumulation. The function read part in src/cowboy req.erl accumulates...

PT-2026-40750

An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information...

PT-2026-40752

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app affected versions not specified Description Multiple local privilege escalation issues in the GlobalProtect app allow a local user to elevate their privileges to NT AUTHORITYSYSTEM on Windows and root on...

PT-2026-40760

Name of the Vulnerable Software and Affected Versions Zoom Workplace VDI Plugin Windows Universal Installer versions prior to 6.6.11 Description An issue exists where external control of a file name or path may allow an authenticated user with local access to achieve escalation of privilege...

PT-2026-40764

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

PT-2026-40748

Name of the Vulnerable Software and Affected Versions Prisma Browser on macOS affected versions not specified Description A code injection issue exists where the software fails to properly restrict access to its AppleScript interface. This allows a locally authenticated non-admin user to use an...

PT-2026-40749

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Broker VM affected versions not specified Description An authenticated administrator can inject arbitrary content into specific Broker VM fields. Recommendations At the moment, there is no information about a newer version...

PT-2026-40762

Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...

PT-2026-40761

Name of the Vulnerable Software and Affected Versions Zoom Rooms for Windows versions prior to 7.0.0 Description An untrusted search path in the installer allows an authenticated user with local access to achieve escalation of privilege. Recommendations Update to version 7.0.0 or later...

PT-2026-40753

Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description A stored cross-site scripting XSS issue in the web interface allows an authenticated administrator to store a JavaScript payload. This affects PA-Series and VM-Series firewalls, as well as...

PT-2026-40751

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app affected versions not specified Description A buffer overflow occurs during the processing of requests and responses exchanged between the Portal and Gateway. This allows a man-in-the-middle attacker to...

PT-2026-40756

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

PT-2026-40710

An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands t...

PT-2026-40731

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.3 Description A sandbox breakout allows attackers to execute arbitrary commands on the host system. This occurs because a host exception can be caught using the yield expression within an async generator. When the...

PT-2026-40711

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description A buffer overflow in the IKEv2 processing allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall or cause a deni...

PT-2026-40729

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description SiYuan's publish-mode Reader can modify configuration and SQL index data through eight ungated APIs. These endpoints are registered with model.CheckAuth but lack model.CheckAdminRole and...

PT-2026-40730

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 0.0.0-20260421031503-96dfe0bea474 Description A stored cross-site scripting XSS issue exists in the Bazaar marketplace. The application fails to sanitize the name and version fields in package metadata files such as...

PT-2026-40747

Name of the Vulnerable Software and Affected Versions Prisma Browser affected versions not specified Description A race condition allows a locally authenticated non-admin user to bypass specific access and data control policies. A race condition is a situation where the system's substantive...

PT-2026-40712

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service DoS condition all PAN-OS platforms except Cloud NGFW and Prisma Access or potentially execute arbitra...

PT-2026-40718

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description UI object-bulk-rename endpoints, such as "/dcim/interfaces/rename/", are susceptible to an application-wide denial of service. This occurs when maliciously crafted...

PT-2026-40716

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.46 Traefik versions prior to 3.6.17 Traefik versions prior to 3.7.1 Description Traefik's Kubernetes Gateway API provider contains an authorization bypass that allows a tenant with HTTPRoute creation permissions ...

PT-2026-40726

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The endpoint "/api/tag/getTag" is registered using only the model.CheckAuth middleware, missing the model.CheckAdminRole and model.CheckReadonly checks. This allows any authenticated user, including...

PT-2026-40727

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description Broken access control in the publish-mode allows readers to enumerate metadata from documents that are invisible to the publish service. This occurs because certain search handlers do not filter...

PT-2026-40728

Name of the Vulnerable Software and Affected Versions uniget versions prior to 0.27.1 Description A command injection issue exists in uniget, a universal installer and updater for container tools. The problem occurs because the check field from JSON metadata files is loaded and executed using...

PT-2026-40714

Name of the Vulnerable Software and Affected Versions systeminformation versions 4.17.0 through 5.31.5 Description On Linux, the library is subject to command injection within the networkInterfaces function. This occurs when an active NetworkManager connection profile name contains shell...

PT-2026-40720

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description A user with permissions to add or modify a GitRepository record can use the REST API to directly set the current head field, which is not intended to be...

PT-2026-40717

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description Nautobot is a Network Source of Truth and Network Automation Platform. The REST API fails to enforce user view permissions when creating or updating objects that us...

PT-2026-40709

A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises former 1E DEX Platform On-Premises prior to version 9.2. Improper input validation allows authenticated users with at least questioner privileges to inject commands in specific instructions. Exploitation could...

PT-2026-40708

Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP InertialSensor ADIS1647x.cpp, ArduRover, ADIS1647x Sensor component...

PT-2026-40792

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An Out-of-Memory OOM condition can be triggered by overloading the server through the use of the $ timeGroup macro. This issue requires the use of a SQL...

PT-2026-40779

A denial of service DoS vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disruption by sending a specially crafted IPv6 packet...

PT-2026-40775

Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...

PT-2026-40781

007% · CVE-2026-22841 · v200.0.1 → 0.007 The Zero-Day Supply Chain: How Lyrie Caught 7 Backdoors Before Public Disclosure...

PT-2026-40772

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can...

PT-2026-40776

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

PT-2026-40789

Two CVEs CVE-2026-30889 and CVE-2026-31200 were classic JSON-RPC parser bugs in popular MCP client SDKs. One allowed a server response to set arbitrary properties on the client's session-state object via prototype pollution. The other allowed a server to inject batched…...

PT-2026-40769

Name of the Vulnerable Software and Affected Versions Prisma Access Agent affected versions not specified Description Multiple information disclosure issues allow a local user to access sensitive configuration data and credentials. This affects the agent on platforms other than Linux, ChromeOS,...

PT-2026-40773

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app affected versions not specified Description Improper certificate validation allows an attacker to intercept encrypted communications and potentially compromise the endpoint. A local non-administrative...

PT-2026-40770

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Prisma Access Agent affected versions not specified Description A flaw in the privilege management mechanism allows a locally authenticated non-administrative user to escalate privileges to root on macOS and Linux, or NT...

PT-2026-40767

Name of the Vulnerable Software and Affected Versions Trust Protection Foundation affected versions not specified Description A SQL injection allows an authenticated attacker to execute arbitrary SQL commands against the product database. This could enable the attacker to read sensitive data,...

PT-2026-40768

An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle MitM attacker to impersonate the controller...

PT-2026-40765

An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify...

PT-2026-40777

Content removed...

PT-2026-40795

Name of the Vulnerable Software and Affected Versions Garmin WDU version 1.4.6 Garmin WDU version 5.0 Description The locally served web site allows a symlink attack, which occurs when a system follows a symbolic link a file that points to another file or directory to access locations outside the...

PT-2026-40800

Name of the Vulnerable Software and Affected Versions Quark Drive versions prior to 0.8.5 Description A stored cross-site scripting issue exists in the System Configuration page. The template renders push config key names using the Vue.js v-html directive without proper escaping. Authenticated...

PT-2026-40797

Name of the Vulnerable Software and Affected Versions Garmin WDU version 1.4.6 Garmin WDU version 5.0 Description The locally served web site allows a reflected cross site scripting XSS attack, which is a technique where a malicious script is reflected off a web application to the victim's browse...