CVE ID :CVE-2026-40624 Published : June 18, 2026, 11:54 p.m. | 1 hour, 14 minutes ago Description :Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker…
CVE-2026-12048 – pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser
CVE ID :CVE-2026-12048 Published : June 18, 2026, 11:37 p.m. | 1 hour, 31 minutes ago Description :Stored cross-site scripting in pgAdmin 4’s error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse…
CVE-2026-12046 – pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution
CVE ID :CVE-2026-12046 Published : June 18, 2026, 11:37 p.m. | 1 hour, 31 minutes ago Description :Two state-mutating endpoints in pgAdmin 4’s SQL Editor blueprint — DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update_connection/// — were…
CVE-2026-12045 – pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution
CVE ID :CVE-2026-12045 Published : June 18, 2026, 11:37 p.m. | 1 hour, 31 minutes ago Description :Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content…
CVE-2026-12044 – pgAdmin 4: SQL injection in COMMENT ON … IS ” rendering across dialog templates
CVE ID :CVE-2026-12044 Published : June 18, 2026, 11:37 p.m. | 1 hour, 32 minutes ago Description :SQL injection in pgAdmin 4 across every dialog template that renders “COMMENT ON … IS ”“ for…
CVE-2026-12569 – Remote Code Execution (RCE) vulnerability in Windchill PDMlink
CVE ID :CVE-2026-12569 Published : June 18, 2026, 12:11 a.m. | 57 minutes ago Description :A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The…
CVE-2026-53676 – ThingsBoard Prototype Pollution
CVE ID :CVE-2026-53676 Published : June 17, 2026, 10:53 p.m. | 2 hours, 15 minutes ago Description :ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context…
CVE-2026-12530 – Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()
CVE ID :CVE-2026-12530 Published : June 17, 2026, 9:05 p.m. | 4 hours, 4 minutes ago Description :Improper neutralization of argument delimiters in the install_packages() method in AWS Bedrock AgentCore Python SDK versions >=…
CVE-2026-11407 – Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed
CVE ID :CVE-2026-11407 Published : June 17, 2026, 8:07 p.m. | 5 hours, 1 minute ago Description :Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary…
CVE-2026-50107 – NGINX Gateway Fabric vulnerability
CVE ID :CVE-2026-50107 Published : June 17, 2026, 8:04 p.m. | 5 hours, 4 minutes ago Description :When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric,…