CVE-2026-0542

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox. ServiceNow addressed this vulnerability by deploying...

PT-2025-29613 · Cyberark · Secrets Manager +1

Name of the Vulnerable Software and Affected Versions: Conjur OSS versions 1.19.5 through 1.21.1 Secrets Manager, Self-Hosted versions 13.1 through 13.4.1 Description: Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who can inject secrets ...

PT-2025-26570 · Unknown +1 · Codemirror +1

Name of the Vulnerable Software and Affected Versions: CodeMirror versions up to 5.17.0 Description: A vulnerability was found in the Markdown Mode component, specifically in the file mode/markdown/markdown.js, leading to inefficient regular expression complexity. This issue can be exploited...

PT-2025-25180 · WordPress · Wp-Downloadmanager

Name of the Vulnerable Software and Affected Versions: WP-DownloadManager plugin for WordPress versions up to, and including, 1.68.10 Description: The issue is due to a lack of restriction on the directory an administrator can select for storing downloads, making it possible for authenticated...

PT-2025-23309 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.7.x through 10.7.0 Mattermost versions 10.5.x through 10.5.3 Mattermost versions 9.11.x through 9.11.12 Description: The issue is related to the failure of Mattermost to properly enforce access control restrictions for...

PT-2025-22110 · Symfony · Symfony/Ux-Live-Component +1

Name of the Vulnerable Software and Affected Versions: symfony/ux-twig-component versions prior to 2.25.1 symfony/ux-live-component versions prior to 2.25.1 Description: The issue concerns the rendering of attributes or the use of methods that return a ComponentAttributes instance, which can lead...

PT-2025-20241 · Jruby · Jruby +1

Name of the Vulnerable Software and Affected Versions: JRuby-OpenSSL versions 0.12.1 through 0.15.3 JRuby versions 9.3.4.0 through 9.4.12.0 JRuby version 10.0.0.0 Description: The issue concerns the verification of SSL certificates. When verifying these certificates, the hostname presented in the...

PT-2025-17956 · Unknown · Anps Theme

Name of the Vulnerable Software and Affected Versions: The Anps Theme plugin versions up to, and including, 1.1.1 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not properly validate a value before running do...

PT-2025-16349 · Mozilla +10 · Thunderbird +10

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 137.0.2 Thunderbird versions prior to 128.9.2 Description: The issue allows an attacker to disclose sensitive information from the victim's system by crafting a malformed file name for an attachment in a multipar...

CVE-2025-2402 Hard-coded password for object store of KNIME Business Hub

A hard-coded, non-random password for the object store minio of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It...

PT-2025-13937

Name of the Vulnerable Software and Affected Versions visionOS versions prior to 2.4 iOS versions prior to 18.4 iPadOS versions prior to 18.4 macOS Sequoia versions prior to 15.4 Description An out-of-bounds write issue was addressed with improved input validation. This issue may allow an app to...

Security Bulletin: Vulnerability in Apache Kafka Clients affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in Apache Kafka Clients has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...

PT-2025-10818 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel versions prior to the fixed version Microsoft Office Online Server version 1.0.0 Description: The issue is a stack-based buffer overflow in Microsoft Office Excel, allowing an unauthorized attacker to execute arbitrary...

PT-2025-9821

Name of the Vulnerable Software and Affected Versions Kibana versions 8.15.0 through 8.17.2 Description Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions = 8.15.0 and 8.17.1, this is exploitable by...

CVE-2024-55923

CVE-2024-55923 describes a CSRF flaw in the TYPO3 backend deep-link functionality within the Indexed Search Module . The vulnerability can enable an attacker to delete items in the module when a logged-in backend user is tricked into visiting a malicious URL, under misconfigurations where the bac...

PT-2024-38862 · Eclipse +4 · Jetty +4

Name of the Vulnerable Software and Affected Versions: Jetty versions 9.3.12 through 9.4.55 Jetty versions 10.0.0 through 10.0.23 Jetty versions 11.0.0 through 11.0.23 Jetty versions 12.0.0 through 12.0.8 Description: There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote...

PT-2024-26120 · Form.Io +2 · Form.Io +2

Name of the Vulnerable Software and Affected Versions: Valtimo versions prior to 10.8.4 Valtimo versions prior to 11.1.6 Valtimo versions prior to 11.2.2 Description: Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token JWT of t...

PT-2024-2966 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 20.4R3-S8 Junos OS versions 21.2 prior to 21.2R3-S6 Junos OS versions 21.3 prior to 21.3R3-S5 Junos OS versions 21.4 prior to 21.4R3-S4 Junos OS versions 22.1 prior to 22.1R3-S3 Junos OS versions 22.2 prior to...

PT-2024-24081 · Shopware · Shopware 6

Name of the Vulnerable Software and Affected Versions: Shopware 6 versions 6.3.5.0 through 6.6.1.0 and prior to 6.5.8.8 can be simplified to: Shopware 6 versions 6.3.5.0 through 6.6.0 and versions 6.5.0 through 6.5.8.7 Description: Shopware 6 is an open commerce platform based on Symfony Framewor...

Adobe Releases Security Updates for ColdFusion

On Nov. 14, 2023, Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software. Exploitation of some of these vulnerabilities may allow a malicious cyber actor to take control of an affected system. CISA urges organizations to review Adobe ColdFusion security...