PT-2026-07: Local Privilege Escalation Vulnerability in the Linux Kernel (Copy Fail)

This security advisory provides information regarding a Linux kernel vulnerability, CVE-2026-31431 , informally known as Copy Fail. This vulnerability allows for local privilege escalation to the superuser root level and affects the Linux kernel module: algifaead. Vulnerability status : PT NGFW i...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

CVE-2026-25135

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...

PT-2026-21832

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...

PT-2025-4402 · Tarak Patel · Wp Query Creator

Name of the Vulnerable Software and Affected Versions: Tarak Patel WP Query Creator versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject maliciou...

PT-2025-4881 · Unknown · Shockingly Big Ie6 Warning

Name of the Vulnerable Software and Affected Versions: Shockingly Big IE6 Warning versions n/a through 1.6.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2024-9716 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to insufficient protection of the web page structure in Adobe Experience Manager, which can be exploited by a remote attacker to execute arbitrary code...

PT-2024-9904 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...

PT-2024-9632 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to insufficient protection of the web page structure in Adobe Experience Manager, allowing a remote attacker to execute arbitrary code. This is a stored...

PT-2024-10761 · Cypress +1 · Cypress Wireless Combo Chips +1

Name of the Vulnerable Software and Affected Versions: Cypress and Broadcom Wireless Combo chips versions prior to the January 2021 firmware update Description: The issue allows memory read access via a "Spectra" attack when a January 2021 firmware update is not present. This affects specific...

PT-2024-39418 · Unknown · Blood Bank System

Name of the Vulnerable Software and Affected Versions: Blood Bank System version 1.0 Description: A problematic issue was found in the Blood Bank System, affecting unknown parts of the bbms.php file. The manipulation of the fullname, age, bloodgroup, city, phno, and gender arguments as part of a...

PT-2024-5956 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...

PT-2024-5960 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...

PT-2024-13349 · Teledyne Flir · Teledyne Flir M300

Name of the Vulnerable Software and Affected Versions: Teledyne FLIR M300 versions 2.00 through 2.00-19 Description: An issue was discovered in the web server of the affected software, allowing unauthenticated remote code execution. This can be exploited by sending a POST request to the vulnerabl...

PT-2024-19478 · Trendnet · Trendnet Tew-815Dap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-815DAP version 1.0.2.0 Description: The issue allows for Command Injection via the do setNTP function. An authenticated attacker with administrator privileges can exploit this over the network by sending a malicious POST request...

PT-2024-25448 · Unknown · Satrya Smart Recent Posts Widget

Name of the Vulnerable Software and Affected Versions: Satrya Smart Recent Posts Widget versions 1.0.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can...

PT-2024-10905 · Gleez Cms · Gleez Cms

Name of the Vulnerable Software and Affected Versions: Gleez Cms version 1.2.0 Description: The issue allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php. This is a Server Side Request Forgery SSRF vulnerability. Recommendations...

PT-2024-23148 · WordPress · Wpwax Post Grid

Name of the Vulnerable Software and Affected Versions: wpWax Post Grid, Slider & Carousel Ultimate versions 1.6.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means...

PT-2024-2237 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could allow an attacker to inject malicious scripts into vulnerable form fields. This could lead to...