NVD disclosure day

Published threat advisories for June 18, 2026

CVE advisoryCRITICAL

CVE-2026-12569

PTC Windchill and FlexPLM Remote Code Execution Vulnerability.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A critical remote code execution vulnerability exists in PTC Windchill PDMlink and PTC FlexPLM due to improper deserialization of untrusted data. This could allow an attacker to execute arbitrary code on affected systems, potentially impacting sensitive product design and engineering data. Confirm the relevance and exp

NVD published:

CVE advisoryCRITICAL

CVE-2026-48768

Typebot Arbitrary Content Upload and Stored XSS via Unauthenticated File Input

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

An unauthenticated vulnerability in TypeBot allows anonymous visitors to upload malicious files. This could lead to arbitrary content hosting and cross-site scripting attacks on the storage origin. Please confirm if TypeBot is used within your organization.

NVD published: