PT-2026-40231

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network...

PT-2026-40221

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...

PT-2026-40191

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

PT-2026-40223

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network...

PT-2026-40224

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network...

PT-2026-40209

Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack...

PT-2026-40229

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...

PT-2026-40192

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

PT-2026-40216

Name of the Vulnerable Software and Affected Versions Windows Hyper-V affected versions not specified Description A use after free issue in Windows Hyper-V allows an unauthorized attacker to perform a guest-to-host attack to elevate privileges locally to SYSTEM level. Use after free is a memory...

PT-2026-40220

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

PT-2026-40195

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...

PT-2026-40185

Missing release of memory after effective lifetime in Windows Internet Key Exchange IKE Protocol allows an unauthorized attacker to deny service over a network...

PT-2026-40240

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally...

PT-2026-40253

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...

PT-2026-40249

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

PT-2026-40244

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

PT-2026-40235

Improper control of generation of code 'code injection' in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network...

PT-2026-40242

Name of the Vulnerable Software and Affected Versions Microsoft SSO Plugin for Jira & Confluence affected versions not specified Description An incorrect implementation of the authentication algorithm allows an unauthorized attacker to forge login responses and bypass Entra ID. This enables the...

PT-2026-40251

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

PT-2026-40268

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

PT-2026-40247

Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description Improper neutralization of script-related HTML tags in a web page leads to a basic cross-site scripting XSS issue. This lack of data sanitization at the control level allows an...

PT-2026-40237

Name of the Vulnerable Software and Affected Versions Microsoft Windows DNS Client affected versions not specified Description A heap-based buffer overflow exists in the Microsoft Windows DNS Client, specifically within the dnsapi.dll component. This issue occurs during the processing of DNS...

PT-2026-40245

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

PT-2026-40262

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...

PT-2026-40236

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally...

PT-2026-40266

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via...

PT-2026-40239

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot for Android affected versions not specified Description Improper access control in the intelligent virtual assistant allows an authorized attacker to perform spoofing attacks locally. Spoofing is a technique where a perso...

PT-2026-40248

Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description A relative path traversal issue in Visual Studio Code Live Preview allows an unauthorized attacker to disclose local information. Path traversal is a flaw that enables users to...

PT-2026-40261

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to perform tampering over a network...

PT-2026-40246

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

PT-2026-40238

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

PT-2026-40265

Name of the Vulnerable Software and Affected Versions FortiAuthenticator versions 8.0.0 through 8.0.2 FortiAuthenticator versions 6.6.0 through 6.6.8 FortiAuthenticator versions 6.5.0 through 6.5.6 Description An improper access control issue in API endpoints allows an unauthenticated remote...

PT-2026-40264

Name of the Vulnerable Software and Affected Versions ASP.NET Core versions prior to 8.0.27 ASP.NET Core versions prior to 9.0.16 ASP.NET Core versions prior to 10.0.8 Description An unauthorized attacker can cause a denial of service over a network due to a loop with an unreachable exit conditio...

PT-2026-40260

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

PT-2026-40241

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally...

PT-2026-40252

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...

PT-2026-40284

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

PT-2026-40279

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

PT-2026-40285

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

PT-2026-40288

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

PT-2026-40276

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been...

PT-2026-40270

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

PT-2026-40274

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been...

PT-2026-40280

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

PT-2026-40282

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

PT-2026-40269

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

PT-2026-40286

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

PT-2026-40271

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...

PT-2026-40281

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

PT-2026-40287

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...