PT-2026-48481

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.0.13 Description A cross-site request forgery CSRF issue exists where a cross-site GET request can trigger stored cron commands on a victim's agents. The dashboard exposes a manual-trigger action via t...

PT-2026-45486

Name of the Vulnerable Software and Affected Versions praisonai-platform versions prior to 0.1.4 Description A privilege escalation flaw exists in the PraisonAI Platform that allows any workspace member to grant owner-level privileges to arbitrary users. The issue stems from the POST...

Nextcloud: Can download files on Android app without permission

A vulnerability was discovered in the Android app where users could download files shared with them, even if the owner had disabled the download option. The vulnerability affected various file types, including PDF, document, image, and presentation files. The vulnerability allowed users to access...

CVE-2021-36097

Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions...

CVE-2018-13663

The mintToken function of a smart contract implementation for BSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

CVE-2018-13759

The mintToken function of a smart contract implementation for BIGCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...