PT-2026-48340

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.6.5 Net::IMAP versions prior to 0.5.15 Description Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Certain commands accept a raw data argument that is sent verbatim after...

SAP ODP Data Replication APIs 安全漏洞

SAP ODP Data Replication APIs are a set of enterprise data replication interfaces provided by the German company SAP. There is a security vulnerability in SAP ODP Data Replication APIs, which stems from the lack of identification of callers for allowed internal SAP applications. If these APIs are...

PT-2026-47966

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Deserialization of untrusted data allows an authorized attacker to elevate privileges over a network, which can subsequently affect the system. Deserialization is the...

PT-2026-48153

The RemoteControl API methods invite participants and remind participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

PT-2026-48318

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 2.7.0 through 2.7.19 Spring Data Commons versions 3.3.0 through 3.3.16 Spring Data Commons versions 3.4.0 through 3.4.14 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 4.0.0 through...

PT-2026-48313

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

CVE-2025-52293

A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying crafted HEVC SPS data...

CVE-2025-52293

A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying crafted HEVC SPS data...

Apptha Slider Gallery SQL注入漏洞

Apptha Slider Gallery is a website image carousel and gallery display plugin provided by Apptha Corporation. Version 1.0 of Apptha Slider Gallery has a SQL injection vulnerability. This vulnerability stems from insufficient cleaning of the albid parameter, which may allow unauthenticated attacker...

SAP MDG Review Match Groups Application 安全漏洞

The SAP MDG Review Match Groups Application is a data duplication detection tool developed by SAP, a German company. This application has security vulnerabilities; these vulnerabilities stem from the lack of necessary authorization checks, which may lead to privilege escalation...

SAP NetWeaver Application Server ABAP 数据伪造问题漏洞

SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. There is a vulnerability in SAP NetWeaver Application Server ABAP, which allows authenticated attackers to obtain valid signed message...

QEMU calc_image_hostmem Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu driver. Th...

CVE-2026-36791

The CVE-2026-36791 entry affects Shenzhen Tenda Technology Co., Ltd. Tenda O3v3 v1.0.0.5, where a stack overflow in the save_list_data parameter of the formSetCfm function could allow a crafted HTTP request to cause a Denial of Service. Affected component: the save_list_data handling within formS...

PT-2026-48231

A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges...

PT-2026-48316

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Spring Data Commons versions 3.3.0 through 3.3.16 Spring Data Commons versions 3.2.0 through...

PT-2026-47641

🚨 CVE-2026-26236 A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and late...

PT-2026-48184

Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save list data parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

FreeBSD Security Advisory - FreeBSD-SA-26:26.ktls

FreeBSD Security Advisory - The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through...

PT-2026-47854

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

PT-2026-48341

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.5.15 Net::IMAP versions prior to 0.6.5 Description Several commands in the Net::IMAP Ruby client accept raw string arguments that are only validated to prevent CRLF injection and are then sent verbatim. An incorre...