13 matches found
PT-2026-49615
CVE ID :CVE-2026-54294 Published : June 15, 2026, 6:33 p.m. | 1 hour, 17 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-48803
Unknown description...
PT-2026-47219
Name of the Vulnerable Software and Affected Versions Twig versions prior to 3.26.0 Description An issue exists where the sandbox visitor fails to wrap mapping keys in ArrayExpression with CheckToStringNode. When a dynamic key expression resolves to a Stringable object, the ArrayExpression::compi...
PT-2026-42178
CVE-2026-47237 – Overly Permissive Istio Permissions Allow Kubeflow Authorization Token Stealing https://t.co/NYDWRfbN4F...
PT-2026-38253
Name of the Vulnerable Software and Affected Versions Nitro versions prior to 2.13.4 Nitro versions prior to 3.0.260429-beta Description An attacker can bypass proxy route rules by sending percent-encoded path traversal sequences ..%2f in the URL. This occurs when Nitro treats these characters as...
PT-2026-33583
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.0 Description Dag Authors can craft an XCom payload that allows the webserver to execute arbitrary code, bypassing the restriction that normally prevents them from executing code in the webserver context...
PT-2026-28797
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...
PT-2026-28793
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...
PT-2026-27352
Name of the Vulnerable Software and Affected Versions activitypub-federation-rust affected versions not specified Description The v4 is invalid function in activitypub-federation-rust does not properly validate IPv4 addresses, specifically failing to check for Ipv4Addr::UNSPECIFIED 0.0.0.0. This...
PT-2026-26264
CVE-2026-99999: this fucking thing...
PT-2026-4854
Name of the Vulnerable Software and Affected Versions ASDA-Soft affected versions not specified Description ASDA-Soft contains a stack-based buffer overflow issue. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-2026-4853
A flaw has been found in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The...
PT-2026-4735
Name of the Vulnerable Software and Affected Versions gix-date affected versions not specified Description The gix date::parse::TimeBuf::as str function can produce strings with invalid, non-UTF8 characters. This breaks internal safety rules within the TimeBuf component, potentially causing...