PT-2026-51001

Name of the Vulnerable Software and Affected Versions Slopsmith versions prior to 0.2.9-alpha.5 Description Slopsmith is a web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC. A path-traversal issue in the archive extractors allows an attacker to write arbitrary files...

PT-2026-50908

Name of the Vulnerable Software and Affected Versions Comodo Dragon Browser versions prior to 52.15.25.664 Description The DragonUpdater service contains a privilege escalation flaw caused by an unquoted service path that runs with SYSTEM privileges. A local attacker can exploit this by placing a...

PT-2026-50906

Name of the Vulnerable Software and Affected Versions Comodo Chromodo Browser version 52.15.25.664 Description The ChromodoUpdater service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker to place a malicious executable within the service path to...

PT-2026-50843

Name of the Vulnerable Software and Affected Versions BetterDocs Pro versions prior to 3.8.1 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. Unauthenticated attackers can exploit this via the doc style...

PT-2026-50874

Name of the Vulnerable Software and Affected Versions JetBrains GoLand versions prior to 2026.1.3 Description Remote code execution is possible through the use of untrusted project configuration. Recommendations Update JetBrains GoLand to version 2026.1.3 or later...

PT-2026-50912

Name of the Vulnerable Software and Affected Versions AnyDesk version 2.5.0 Description An unquoted service path issue exists in the service installation, allowing local users to execute arbitrary code with SYSTEM privileges. This occurs when a service path contains spaces and is not enclosed in...

PT-2026-50969

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack buffer overflow exists in the '/goform/AdvSetMacMtuWan' endpoint. This issue occurs when processing the wanSpeed parameter, which can lead to remote arbitrary code execution. Recommendations At...

PT-2026-50994

Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An unrestricted file upload issue allows authenticated attackers to upload arbitrary PHP files. This is achieved by submitting malicious files through the profile pic parameter via POST request...

PT-2026-50999

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The software uses a case-sensitive blacklist to protect output filenames against the phar:// stream wrapper...

EUVD-2026-38052

In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution...

CVE-2026-51846

In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution...

PT-2026-50846

Name of the Vulnerable Software and Affected Versions Avada Fusion Builder versions prior to 3.15.4 Description The Avada Fusion Builder plugin for WordPress allows unauthenticated attackers to delete arbitrary files on the server due to insufficient file path validation in the maybe delete files...

PT-2026-50984

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to provide crafted video frame pixels that overlap with internal encoder layer...

PT-2026-50981

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description A heap buffer overflow occurs in the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode allows the first-pass stats ring buffer wrap-around guard to...

PT-2026-51102

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An issue exists in components based on BaseFileComponent, including Docling DoclingInlineComponent, Docling Serve DoclingRemoteComponent, Read File FileComponent, NVIDIA Retriever Extraction...

PT-2026-50872

Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.14.2 Description A command injection issue exists in the import endpoint "/v3/import/token clusterId.yaml". This occurs due to unsanitized YAML parameters, which could allow remote attackers to break out of ...

PT-2026-50910

Name of the Vulnerable Software and Affected Versions NetDrive version 2.6.12 Description An unquoted service path issue exists in the Netdrive2 Service Netdrive2 service. This allows local users to execute arbitrary code with SYSTEM privileges by placing malicious executables in the system root...

PT-2026-50907

Name of the Vulnerable Software and Affected Versions Iperius Remote version 1.7.0 Description An unquoted service path issue exists where the service installation path is not enclosed in quotes. This allows local users to execute arbitrary code with SYSTEM privileges. If the software is installe...

PT-2026-50982

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description An arbitrary address write issue exists in the reference AV1 codec implementation. A missing bounds check in the Scalable Video Coding SVC layer ID control function allows an attacker to injec...

PT-2026-51631

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Gogs accepts organization names containing path traversal sequences ../, which allows repositories to be written to arbitrary locations on the filesystem. This occurs because the...