PT-2026-47057

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

PT-2026-47032

Name of the Vulnerable Software and Affected Versions WP Captcha PRO versions prior to 5.39 Description An arbitrary file upload issue exists in the licensing module of the plugin. The flaw stems from a capability check in the save ajax function and unrestricted file extraction in sync cloud...

PT-2026-47040

Name of the Vulnerable Software and Affected Versions HAX CMS versions 11.0.6 through 24.x Description The file upload functionality in HAXCMS PHP validates file extensions using a regex pattern but fails to verify the actual file content or MIME type Multipurpose Internet Mail Extensions, a...

PT-2026-47065

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowed classes restriction in the IdsToCollection::get ids from string function, which processes...

PT-2026-47043

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server Vault Service affected versions not specified Description A path traversal issue exists in the 'UploadController' due to improper validation of a user-controlled path component during image upload requests. An...

ROS-20260605-73-0085

The vulnerability of Firefox browsers, Firefox ESR, and Thunderbird email clients, Thunderbird ESR, is related to writing beyond the buffer limit. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260605-73-0106

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to reading data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260605-73-0018

The vulnerability in ImageMagick is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260605-73-0019

The vulnerability in ImageMagick7 is related to buffer overflow in the stack. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

PT-2026-46901

A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...

PT-2026-47050

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions 9.5.0 through 11.0.2 Description An attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This allows for the potential reading or...

ROS-20260605-73-0093

The vulnerability in Firefox is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2026-47030

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via proc open. An...

PT-2026-47062

🚨 Multiple Critical Vulnerabilities Disclosed in DbGate Several severe vulnerabilities in DbGate can allow attackers to achieve remote code execution: • CVE-2026-47668 - Unauthenticated RCE via JSON Script Runner dbgate-serve • CVE-2026-47669 - Zip Slip arbitrary file write leading to RCE •...

PT-2026-47044

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server affected versions not specified Description Two path traversal issues in the Network Installation Service NIS allow an unauthenticated network attacker to read package archive files and write arbitrary files to any...

ROS-20260605-73-0086

Vulnerability of the Graphics component: The text-based browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird are vulnerable to a numerical overflow vulnerability. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

ROS-20260605-73-0074

The vulnerability in Firefox is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260605-73-0032

The vulnerability in Tomcat10 is related to insufficient registration checks. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260605-73-0091

The vulnerability in Firefox is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260605-73-0105

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to reading data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...