PT-2026-40200

Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

PT-2026-40126

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from pretrained method uses torch.load to load the pytorch model.bin weight file without enabling the security-restrictive...

PT-2026-40121

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

PT-2026-40123

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

PT-2026-40109

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.6.0 through 7.6.3 FortiOS versions 7.4.0 through 7.4.8 FortiOS versions 7.2.0 through 7.2.11 Description An out-of-bounds write issue allows an attacker to execute unauthorized code or commands by sending specially crafted...

PT-2026-40118

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...

PT-2026-40112

Name of the Vulnerable Software and Affected Versions Windows Rich Text Edit affected versions not specified Description A double free issue in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. A double free occurs when a program attempts to free the same memory...

PT-2026-40111

Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 7.6.0 through 7.6.4 FortiAnalyzer versions 7.4.0 through 7.4.8 FortiAnalyzer version 7.2 FortiAnalyzer version 7.0 FortiAnalyzer version 6.4 FortiManager versions 7.6.0 through 7.6.4 FortiManager versions 7.4.0 through...

PT-2026-40128

Name of the Vulnerable Software and Affected Versions mem0 version 1.0.0 Description The server lacks authentication and authorization controls for the 'DELETE /memories' API endpoint. This allows unauthenticated remote attackers to delete memory records by specifying arbitrary identifiers such a...

PT-2026-40117

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustness evaluation fgsm pytorch.py. The script uses the unsafe eval function to parse string values provided via the --clip values and --input shape command-lin...

PT-2026-40206

Name of the Vulnerable Software and Affected Versions Power Automate affected versions not specified Description Insufficient protection of service data in Power Automate for Desktop allows an authorized attacker to disclose sensitive information over a network. Recommendations At the moment, the...

PT-2026-40113

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execut...

PT-2026-40131

Name of the Vulnerable Software and Affected Versions Windows Rich Text Edit Control affected versions not specified Description A double free issue in the Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally. A double free occurs when a program attempts to...

PT-2026-40127

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memory id are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

PT-2026-40120

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post install...

PT-2026-40115

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 5.0.0 through 5.0.1 FortiSandbox versions 4.4.0 through 4.4.8 FortiSandbox Cloud versions 5.0.2 through 5.0.5 FortiSandbox PaaS version 23.4 FortiSandbox PaaS version 23.3 FortiSandbox PaaS version 23.1 FortiSandbox PaaS...

PT-2026-40130

Name of the Vulnerable Software and Affected Versions Windows Native WiFi Miniport Driver versions prior to Server 2025 Description A race condition exists in the Windows Native WiFi Miniport Driver due to improper synchronization when using a shared resource. This allows an unauthorized remote...

PT-2026-40110

Name of the Vulnerable Software and Affected Versions FortiAP versions 7.6.0 through 7.6.2 FortiAP versions 7.4.0 through 7.4.5 FortiAP version 7.2 FortiAP version 7.0 FortiAP version 6.4 FortiAP-W2 versions 7.4.0 through 7.4.4 FortiAP-W2 version 7.2 FortiAP-W2 version 7.0 Description An OS comma...

PT-2026-40108

Name of the Vulnerable Software and Affected Versions FortiMail versions 7.6.0 through 7.6.3 FortiMail versions 7.4.0 through 7.4.5 FortiMail versions 7.2.0 through 7.2.8 Description Improper neutralization of special elements used in an SQL command allows an authenticated privileged attacker to...

PT-2026-40114

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

PT-2026-40124

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using pandas.read...

PT-2026-40116

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

PT-2026-40129

The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a DROP TABLE SQL statement. Th...

PT-2026-40122

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augment images worker method without any safety...

PT-2026-40119

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --model dir argument, the code uses torch.load withou...

PT-2026-40125

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weights only=True...

PT-2026-40169

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-40162

Heap-based buffer overflow in Windows Application Identity AppID Subsystem allows an authorized attacker to elevate privileges locally...

PT-2026-40146

Name of the Vulnerable Software and Affected Versions Windows Win32K - GRFX affected versions not specified Description A race condition occurs in Windows Win32K - GRFX due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges locally t...

PT-2026-40166

Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network...

PT-2026-40135

Name of the Vulnerable Software and Affected Versions Azure Monitor Agent versions prior to May 2026 Description External control of a file name or path allows an authorized attacker to elevate privileges locally. Recommendations Update to the May 2026 patch...

PT-2026-40172

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-40183

Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network...

PT-2026-40151

Name of the Vulnerable Software and Affected Versions Windows Win32K - GRFX affected versions not specified Description A race condition occurs in Windows Win32K - GRFX due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges locally. ...

PT-2026-40181

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally...

PT-2026-40153

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A use after free issue in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Use after free is a memory corruption flaw that occurs when an application continu...

PT-2026-40179

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...

PT-2026-40141

Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...

PT-2026-40142

Name of the Vulnerable Software and Affected Versions Windows Event Logging Service affected versions not specified Description Improper access control in the Windows Event Logging Service allows an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no...

PT-2026-40176

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

PT-2026-40170

Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-40158

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally...

PT-2026-40163

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

PT-2026-40178

Name of the Vulnerable Software and Affected Versions Windows Win32K affected versions not specified Description A type confusion issue in the ICOMP component of Windows Win32K allows an authorized attacker to elevate privileges locally. Type confusion occurs when a program accesses a resource...

PT-2026-40184

Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network...

PT-2026-40140

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network...

PT-2026-40180

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally...

PT-2026-40167

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows TCP/IP allows an authorized attacker to elevate privileges locally...

PT-2026-40165

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...

PT-2026-40175

After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...