1183 matches found
PT-2026-47283
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An improper access control flaw exists where a limited administrator can bypass Fine-Grained Admin Permissions FGAP, which are detailed permissions that restrict administrative actions to...
PT-2026-40778
Name of the Vulnerable Software and Affected Versions AMD Zen 2-based products affected versions not specified Description Improper isolation of shared resources within the CPU operation op/µop cache on Zen 2-based products can cause incorrect instructions to be executed at a higher privilege...
GHSA-HCWR-PQ9G-RQ3M apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)
apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and available via ChecksumString, and the downloaded package control hash is computed, but the two values are never...
PT-2026-36800
Name of the Vulnerable Software and Affected Versions Norton Secure VPN affected versions not specified Description A privilege escalation issue occurs during the installation of the software via the Microsoft Store. A low-privilege user can replace files during the installation process,...
PT-2026-36806
Name of the Vulnerable Software and Affected Versions Ansible Automation Platform Gateway versions 2.6 and later Description A flaw in the AAP gateway involves the user auto-link strategy, which automatically links an external Identity Provider IDP identity to an existing user account based on...
CVE-2026-5970
A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...
PT-2026-28440
Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description A code injection issue exists in BUFFALO Wi-Fi router products. Successful exploitation of this issue could allow for the execution of arbitrary code on affected devices...
PT-2026-28696
Name of the Vulnerable Software and Affected Versions SourceCodester Note Taking App version 1.0 Description A cross-site request forgery condition exists in SourceCodester Note Taking App. The issue impacts an unknown function and allows for remote exploitation. The exploit has been publicly...
CVE-2026-27147
GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...
CVE-2026-27146
GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...
PT-2026-7420
Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description Inserting specific large documents into a replica set may cause secondary nodes to fail to retrieve the oplog from the primary node. This can halt replication within the replica set,...
PT-2026-7297
Name of the Vulnerable Software and Affected Versions IntelR Quick Assist Technology for some IntelR Platforms affected versions not specified Description An improper authorization issue exists within the kernel of IntelR Quick Assist Technology for some IntelR Platforms within Ring 0. This may...
PT-2026-6986
Name of the Vulnerable Software and Affected Versions Tenda AC8 version 16.03.33.05 Description A buffer overflow issue exists in the Embedded Httpd Service component of Tenda AC8. The flaw is located in the file '/goform/fast setting wifi set' and is triggered by manipulating the timeZone...
PT-2026-6706
Name of the Vulnerable Software and Affected Versions versions prior to 2026-24916 Description An identity authentication bypass issue exists in the window module. Successful exploitation could compromise service confidentiality. Recommendations At the moment, there is no information about a newe...
PT-2026-6702
Name of the Vulnerable Software and Affected Versions Huawei HarmonyOS affected versions not specified Description An out-of-bounds write issue exists in the camera module. Successful exploitation of this issue may affect system availability. Recommendations At the moment, there is no information...
PT-2026-6701
Name of the Vulnerable Software and Affected Versions versions prior to 2026 affected versions not specified Description A heap-based buffer overflow vulnerability exists in the image module. Successful exploitation of this issue may affect availability. Recommendations At the moment, there is no...
PT-2026-6703
Name of the Vulnerable Software and Affected Versions versions prior to 2026-24929 Description An out-of-bounds read issue exists in the graphics module. Successful exploitation could impact system availability. Recommendations At the moment, there is no information about a newer version that...
PT-2026-6607
Name of the Vulnerable Software and Affected Versions Tanium Appliance affected versions not specified Description An improper input validation issue exists in Tanium Appliance. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...
CVE-2026-25040
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...
PT-2026-2032
Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A flaw exists in the strcpy function within the /goform/formConfigFastDirectionW file. Manipulation of the ssid argument can lead to a buffer overflow, potentially allowing for remote exploitation...