A critical pre-authentication RCE vulnerability (CVE-2026-8037, CVSS 9.8) in Progress Kemp LoadMaster allows root commands via the API; a patch is available.
The critical deserialization vulnerability CVE-2026-12569 in PTC Windchill PDMLink is being actively exploited; attackers are installing web shells and targeting sensitive design and engineering data in defense, aerospace, and automotive sectors.
PostgreSQL contains multiple critical vulnerabilities allowing remote code execution and data manipulation; BSI classifies the threat level as elevated.
Multiple vulnerabilities in NGINX products compromise availability, integrity, and system security; extensive data manipulation and code execution are possible.
A rounding error in FFmpeg’s MagicYUV decoder allows arbitrary code execution through stack overflow when merely scanning video files, but affects a vulnerability patched in version 8.1.2.
CVE-2026-8461 in the FFmpeg MagicYUV decoder enables Denial-of-Service and Remote Code Execution through crafted media files in hundreds of applications; patching to version 8.1.2 is required.
A critical vulnerability in the PostgreSQL sidecar service of Splunk Enterprise (CVE-2026-20253, CVSS 9.8) is being actively exploited and requires immediate updates to version 10.2.4, 10.0.7, or 10.4.0.