458031 matches found
Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics
Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Local. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with...
PT-2026-50110
Unauthenticated PHP Object Injection in Laurits = 1.5.1 versions...
PT-2026-50095
Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...
PT-2026-50127
Name of the Vulnerable Software and Affected Versions Fusion Builder versions prior to 3.15.5 Description A PHP Object Injection issue exists in the software. This occurs when an application deserializes untrusted data, allowing an attacker to manipulate the objects created and potentially execut...
PT-2026-50115
Unauthenticated PHP Object Injection in Léonie = 1.2.1 versions...
PT-2026-50102
Unauthenticated PHP Object Injection in Fidalgo = 1.2.2 versions...
PT-2026-50114
Unauthenticated PHP Object Injection in TechLink = 1.3 versions...
PT-2026-49701
Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 152.0 Description Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument. This behavior allows a malicious site to inject arbitrary cookies int...
PT-2026-50112
Unauthenticated PHP Object Injection in Ashtanga = 1.2 versions...
PT-2026-50085
Contributor PHP Object Injection in Avada = 3.15.3 versions...
PT-2026-49822
In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...
PT-2026-50161
Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description An issue exists where forward auth copy headers deletes client-supplied identity headers before copying trusted values from an authentication gateway. However, when requests are processed via php...
PT-2026-50117
Unauthenticated PHP Object Injection in Behold = 1.5 versions...
PT-2026-49739
Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.4.6 Description The spreadAttributes function in the server-side rendering pipeline iterates over object keys and passes them to the addAttribute function, which interpolates the key into the HTML output without...
PT-2026-50168
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with workflow edit access can inject arbitrary JavaScript into the page generated by the Chat Trigger by providing a...
PT-2026-49759
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where workspace .env files can influence the Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can manipulate...
PT-2026-49775
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where the STATE DIRECTORY variable in a workspace .env file can influence bundled runtime dependency roots. This allows attackers to manipulate STATE...
PT-2026-50118
Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...
PT-2026-50084
Name of the Vulnerable Software and Affected Versions TL-WR940N version v6 Description An authenticated OS command injection exists in the BigPond Cable BPA WAN configuration module due to improper sanitization of user input. An attacker with administrative access can exploit this flaw to execute...
PT-2026-50088
Name of the Vulnerable Software and Affected Versions Nifty versions 1.4.1 and earlier Description Unauthenticated PHP Object Injection allows an attacker to inject malicious objects into the application. PHP Object Injection occurs when user-supplied input is passed to the unserialize function...