PT-2026-40841

Four CVEs CVE-2026-29103, CVE-2026-29104, CVE-2026-29892, CVE-2026-30441 shared the same root cause. An MCP server's response to the client includes free-form text fields — tool descriptions, resource summaries, prompt argument hints. These fields are surfaced into the…...

PT-2026-40842

Four CVEs CVE-2026-29103, CVE-2026-29104, CVE-2026-29892, CVE-2026-30441 shared the same root cause. An MCP server's response to the client includes free-form text fields — tool descriptions, resource summaries, prompt argument hints. These fields are surfaced into the…...

PT-2026-40876

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.7 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description An issue in customizable analytics dashboards allows an authenticated user to execute arbitrary JavaScript in...

PT-2026-40810

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via str replace without any sanitization, enabling SQL injection through query parameters...

PT-2026-40823

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.104.3 ERPNext versions prior to 16.14.0 Description Certain endpoints are susceptible to SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, allowing an attacker ...

PT-2026-40787

Three CVEs CVE-2026-29774, CVE-2026-30015, CVE-2026-30221 exploited the fact that the protocol did not, in version 1.2, canonicalize tool names. Multiple servers in the same session could expose tools named, respectively: readfile the legitimate filesystem server…...

PT-2026-40637

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3 F5 BIG-IP versions prior to 17.5.1 Description When Bidirectional Forwarding Detection BFD, a network protocol used to quickly detect faults in the bidirectional path between two forwarding engines, is...

PT-2026-40635

Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.1.3.2 BIG-IP versions prior to 17.5.1.6 BIG-IP versions prior to 21.0.0.2 BIG-IQ versions prior to 17.1.3.2 BIG-IQ versions prior to 17.5.1.6 BIG-IQ versions prior to 21.0.0.2 Description A flaw in BIG-IP and BIG-IQ...

PT-2026-40697

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.8 protobufjs versions prior to 8.2.0 Description protobufjs compiles protobuf definitions into JavaScript functions. The software can recurse without a depth limit when expanding nested JSON descriptors through...

PT-2026-40788

Three CVEs CVE-2026-29774, CVE-2026-30015, CVE-2026-30221 exploited the fact that the protocol did not, in version 1.2, canonicalize tool names. Multiple servers in the same session could expose tools named, respectively: readfile the legitimate filesystem server…...

PT-2026-40722

Name of the Vulnerable Software and Affected Versions Goobi viewer versions 4.8.0 through 26.04.0 Description The REST endpoint "POST /api/v1/index/stream" accepts arbitrary Solr streaming expressions from unauthenticated network clients and forwards them to the backend Solr server without...

PT-2026-40613

Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...

PT-2026-40759

Name of the Vulnerable Software and Affected Versions Zoom Workplace for iOS versions prior to 7.0.0 Description A protection mechanism failure allows an authenticated user with physical access to the device to conduct a disclosure of information. Recommendations Update to version 7.0.0 or later...

PT-2026-40701

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP SmartAudio::loop, AP SmartAudio, AP SmartAudio.cpp components...

PT-2026-40824

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 16.9.0 Description Certain endpoints are susceptible to SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, allowing an attacker to extract sensitive information via...

PT-2026-40623

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...

PT-2026-40704

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.32 Description AutoGPT records the execution process to the console, which is captured by Docker as container logs when deployed in container mode. In affected versions, there is no limit on the log size. A high...

PT-2026-40699

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

PT-2026-40683

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sps30 i2c read meas function within the iio: chemical: sps30 i2c component. The sizeofnum expression incorrectly evaluates to the size of size t 8 bytes on 64-bit...

PT-2026-40685

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ASoC codecs rt1011 where the rt1011 recv spk mode put function incorrectly attempts to retrieve the DAPM Dynamic Audio Power Management context. Using kcontrol in...

PT-2026-40805

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description An unauthenticated Reflected Cross-Site Scripting XSS issue exists in the search feature. A logic flaw in the classes/catalogue.class.php file allows user input to be reflected without sanitization...

PT-2026-40771

Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations...

PT-2026-40678

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When operating in Appliance mode, an authenticated attacker with the 'Administrator' role can bypass system restrictions...

PT-2026-40588

Name of the Vulnerable Software and Affected Versions Mapfish Print versions prior to 3.28.28 Mapfish Print versions prior to 3.30.30 Mapfish Print versions prior to 3.31.21 Mapfish Print versions prior to 3.33.14 Mapfish Print versions prior to 4.0.3 Description A critical flaw in dynamic table...

PT-2026-44988

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.44.0 Description When the server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. Because the validity check is field value is performed before decoding,...

PT-2026-40713

Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description An authentication bypass exists in the Cloud Authentication Service CAS component of PAN-OS due to incorrect cryptographic signature verification. This allows an unauthenticated attacker with...

PT-2026-40650

Name of the Vulnerable Software and Affected Versions BIG-IP Virtual Edition VE affected versions not specified BIG-IP hardware platforms affected versions not specified Description Undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate when an SSL profile is configured...

PT-2026-40774

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.44 Release T Description A path traversal issue exists in the session import endpoint. Authenticated attackers can read arbitrary files by importing a crafted session containing an unrestricted workspace...

PT-2026-40614

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2026.1.21 and 2026.2.5 Microsoft Message Queuing versions prior to Windows Server 2025 Description Devolutions Server contains improper access control in PAM account discovery, which allows an authenticated user to...

PT-2026-40813

Name of the Vulnerable Software and Affected Versions CubeCart versions 6.6.x through 6.7.1 Description CubeCart builds the CC STORE URL constant directly from the Host request header during bootstrap without using an allowlist. This constant is embedded into transactional email links, specifical...

PT-2026-40688

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg reply genlmsg reply hands the reply skb to netlink, and netlink unicast consumes it on all return paths, whether the skb is queued successfully or freed on an error path. net shaper...

PT-2026-40666

Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.1.3.2 BIG-IP versions prior to 17.5.1.6 BIG-IP versions prior to 21.0.0.2 BIG-IQ versions prior to 17.1.3.2 BIG-IQ versions prior to 17.5.1.6 BIG-IQ versions prior to 21.0.0.2 Description Incorrect permission...

PT-2026-40723

Name of the Vulnerable Software and Affected Versions LangSmith SDK Python versions prior to 0.8.0 LangSmith SDK JS/TS versions prior to 0.6.0 Description The prompt pull methods pull prompt and pull prompt commit in Python, and pullPrompt and pullPromptCommit in JS/TS, fetch and deserialize prom...

PT-2026-40589

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.12 Authlib versions prior to 1.7.1 Description An unauthenticated open redirect exists in the authorization endpoint of the OpenIDImplicitGrant and OpenIDHybridGrant components. A remote attacker can cause the...

PT-2026-40583

Name of the Vulnerable Software and Affected Versions Avada Builder versions prior to 3.15.3 Description An arbitrary file read issue exists in the Avada Builder plugin for WordPress. Authenticated attackers with Subscriber-level access or higher can read arbitrary files on the server, potentiall...

PT-2026-40804

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

PT-2026-40690

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM SVM implementation where CR8 write interception remains enabled after AVIC Advanced Virtual Interrupt Controller is activated. This occurs because the...

PT-2026-40655

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A heap-use-after-free error exists in the ngx http ssl module module. This occurs when the ssl verify client directive is set to "on" or...

PT-2026-40681

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source versions 0.6.27 through 1.30.0 Description A heap buffer overflow exists in the ngx http rewrite module module of NGINX. The issue occurs when a rewrite directive is followed by a...

PT-2026-40679

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A heap buffer over-read exists in the ngx http charset module module. This occurs when the charset, source charset, charset map, and proxy...

PT-2026-40682

Name of the Vulnerable Software and Affected Versions NGINX affected versions not specified Description An issue in the ngx http scgi module and ngx http uwsgi module modules can lead to excessive memory allocation or an over-read of data. When scgi pass or uwsgi pass is configured, an...

PT-2026-40798

Name of the Vulnerable Software and Affected Versions Garmin WDU version 1.4.6 Garmin WDU version 5.0 Description The locally served web site allows authentication to be bypassed because the site only performs authentication within the client's browser. The WebSockets used for communication with...

PT-2026-40576

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...

PT-2026-40616

WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP...

PT-2026-40816

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to May 13, 2026 Description A local privilege escalation issue exists in the Linux kernel networking stack, specifically within the XFRM ESP-in-TCP subsystem. The problem stems from a logical error in several...

PT-2026-40794

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A race condition exists where a user may still be able to mint tokens for a service account for a few seconds after their access has been revoked. Recommendation...

PT-2026-40793

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A flaw in SQL Expressions enables an authenticated attacker to read arbitrary files from the server's filesystem. This issue only affects instances where the sqlExpressions feature toggle is...

PT-2026-40607

Name of the Vulnerable Software and Affected Versions bandit versions 1.4.0 through 1.11.0 Description An unauthenticated remote attacker can cause a denial of service via memory exhaustion. The read data/2 function in Elixir.Bandit.HTTP1.Socket ignores the :length option when processing HTTP/1...

PT-2026-40597

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...

PT-2026-40786

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A request to the plugin resources endpoint can cause unbounded memory allocation because the entire request body is read into memory. An authenticated user can exploit this to trigger an...