PT-2026-47759

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Linux kernel when the build skb function fails within the tun xdp one function. In this scenario, the system sets the return value to -ENOMEM and exits withou...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.springframework.data:spring-data-rest-webmvc is a maven plugin for Spring Data REST - WebMVC. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes due to missing write-access enforcement in the...

Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. Details Raw...

PT-2026-48321

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Spring Data Commons versions 3.3.0 through 3.3.16 Spring Data Commons versions 3.2.0 through...

CVE-2025-52293

A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying crafted HEVC SPS data...

PT-2026-47772

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive...

PT-2026-48340

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.6.5 Net::IMAP versions prior to 0.5.15 Description Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Certain commands accept a raw data argument that is sent verbatim after...

PT-2026-48341

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.5.15 Net::IMAP versions prior to 0.6.5 Description Several commands in the Net::IMAP Ruby client accept raw string arguments that are only validated to prevent CRLF injection and are then sent verbatim. An incorre...

PT-2026-48320

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

PT-2026-47862

Name of the Vulnerable Software and Affected Versions Nuance PowerScribe affected versions not specified Description Deserialization of untrusted data allows an unauthorized attacker to execute code over a network. Deserialization is the process of converting a data stream back into an object,...

Apptha Slider Gallery SQL注入漏洞

Apptha Slider Gallery is a website image carousel and gallery display plugin provided by Apptha Corporation. Version 1.0 of Apptha Slider Gallery has a SQL injection vulnerability. This vulnerability stems from insufficient cleaning of the albid parameter, which may allow unauthenticated attacker...

WordPress plugin Simply Poll SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

SAP NetWeaver ABAP Platform 安全漏洞

SAP NetWeaver ABAP Platform is an integrated technology platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver ABAP Platform, which stems from the lack of necessary authorization checks for authenticated users. This vulnerability could allow attackers to...

SAP ODP Data Replication APIs 安全漏洞

SAP ODP Data Replication APIs are a set of enterprise data replication interfaces provided by the German company SAP. There is a security vulnerability in SAP ODP Data Replication APIs, which stems from the lack of identification of callers for allowed internal SAP applications. If these APIs are...

Apache Answer 信息泄露漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier had an information leakage vulnerability. This vulnerability stemmed from the lack of access restrictions on direct API endpoints, which allowed authenticated users to...

Synthetic TIFF Corpus Generator for Parser Validation and Boundary Condition Testing

This Python script generates a small corpus of synthetic TIFF-like files designed for validating parser behavior across different image dimension scenarios...

PT-2026-48159

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A NULL pointer dereference occurs in the gf isom get user data count function within the isomedia/isom read.c file. This issue allows attackers to cause a Denial of Service DoS, which is a condition where a...

CVE-2025-55651

A NULL pointer dereference in the gfisomgetuserdatacount function isomedia/isomread.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

QEMU calc_image_hostmem Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu driver. Th...