451878 matches found
PT-2026-51516
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.12 Description The software fails to validate cookie names within the setCookie, serialize, and serializeSigned functions. When an application uses a user-controlled cookie name, invalid characters such as control...
CVE-2025-55639
GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gfisomaddtrackkind function at isomedia/isomwrite.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
PT-2026-51628
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description Gogs contains an authorization bypass in its Git Smart HTTP handler for repository RPCs. The system determines the authorization policy based on the client-supplied service query parameter rathe...
PT-2026-51531
NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create agent to create arbitrary agent groups, container...
PT-2026-51564
dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6 makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTION PD EXCLUDE option body...
PT-2026-51594
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.13.0 through 2.13.x Description A potential Denial-of-Service exists when a service reads deeply nested JSON thousands of levels as a JsonNode using the readTree function of ObjectMapper and subsequently writes that...
PT-2026-51616
Impact The GET /api/v1/object/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web session cookie. No API token or elevated permissions are required. This...
PT-2026-51622
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A repository admin collaborator can escalate their privileges to owner-level access due to an off-by-one error in the ChangeCollaborationAccessMode function. This occurs because the validation...
PT-2026-51533
OpenHarness ohmo gateway /resume and /summary slash commands default remote invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...
PT-2026-51608
Name of the Vulnerable Software and Affected Versions FlatPress versions prior to commit 10be83c Description A stored cross-site scripting issue exists in comment and contact forms. The name, URL, and email fields are rendered without proper output encoding in Smarty templates. This allows...
PT-2026-51617
Name of the Vulnerable Software and Affected Versions opentelemetry-ebpf-profiler versions prior to 0.0.202622 Description An unprivileged process can cause a denial of service on the ebpf-profiler agent by triggering the processPIDEvents goroutine to block indefinitely. This occurs when the...
PT-2026-51524
Name of the Vulnerable Software and Affected Versions pwnlift versions prior to d7a9544 Description In a privileged deployment, the upload handler in 'Components/Pages/Home.razor' contains a symlink following issue. This occurs when the application follows symbolic links files that point to anoth...
PT-2026-51509
Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 4.4.7 Nuxt versions prior to 3.21.7 Description When running the development server on Linux, the vite-node IPC Inter-Process Communication server binds to an abstract-namespace Unix socket without permission restriction...
PT-2026-51565
dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...
PT-2026-51499
Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decode each/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...
PT-2026-51581
Name of the Vulnerable Software and Affected Versions ash-project ash versions 3.0.0 through 3.29.2 Description An issue exists where users can set the value of a private action argument intended to be controlled exclusively by trusted server-side code. Action arguments declared with public?: fal...
PT-2026-51576
Name of the Vulnerable Software and Affected Versions immich versions 4ffa26c9 through 4eb1003 Description A reflected cross-site scripting XSS issue exists on the '/auth/login' page. The continue query parameter is processed by SvelteKit's redirect function without proper scheme or origin...
PT-2026-51596
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.10.0 through 2.18.7 jackson-databind versions 2.19.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description The BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray function allowlists any...
Oracle Linux 9 : mariadb:11.8 (ELSA-2026-19182)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19182 advisory. galera 26.4.25-1.0.1 - Drop nmap-ncat requirement. Orabug: 34116228 - Requirement to delete lp1184034 test case without using patches. 26.4.25-1 - Rebased to...
ROS-20260623-73-0048
The vulnerability of the pgAdmin 4 database management tool is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to gain access to LDAP account information remotely...