CVE-2026-42171

NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...

CVE-2026-40179

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...

PT-2024-4598 · Powersys · Powersys

Name of the Vulnerable Software and Affected Versions: PowerSys versions prior to V3.11 Description: A vulnerability has been identified in the affected application, where it insufficiently protects responses to authentication requests. This could allow a local attacker to bypass authentication,...

PT-2023-30004 · Pcrs · Pcrs

Name of the Vulnerable Software and Affected Versions: PCRS versions prior to 3.11 d0de1e Description: The issue allows for remote code execution RCE by escaping Python sandboxing on the "Questions" page and the "Code editor" page. Recommendations: For versions prior to 3.11 d0de1e, update to...

PT-2015-4914 · Nbd +2 · Nbd-Server +2

Name of the Vulnerable Software and Affected Versions: nbd-server versions prior to 3.11 Description: The issue is related to the improper handling of signals in nbd-server.c, which can be exploited by remote attackers to cause a denial of service deadlock via unspecified vectors. Recommendations...