Exploit for Reliance on Cookies without Validation and Integrity Checking in Paloaltonetworks Pan-Os

CVE-2026-0257 - GlobalProtect portal Authentication Bypass...

PT-2026-41961

Name of the Vulnerable Software and Affected Versions fabric-chaincode-java versions 2.3.1 through 2.5.9 Description When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker...

PT-2026-1861

Name of the Vulnerable Software and Affected Versions Axtion ODISSAAS ODIS version 1.8.4 Description A DLL hijacking issue exists in Axtion ODISSAAS ODIS version 1.8.4. This allows attackers to execute arbitrary code by utilizing a specially crafted DLL file. The vulnerability involves the...

PT-2026-1776

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A flaw exists in Sangfor Operation and Maintenance Management System that allows for remote operating system command injection. This issue stems from the...

PT-2025-45158

Name of the Vulnerable Software and Affected Versions SelfBest version 2023.3 Description A Stored Cross-Site Scripting XSS issue exists in the chat functionality of the SelfBest platform. Authenticated attackers can inject arbitrary web scripts or HTML through the chat message input field. This...

PT-2025-14745 · WordPress · Getbookingswp

Name of the Vulnerable Software and Affected Versions: GetBookingsWP versions 1.1.27 and earlier Description: The issue is related to a Missing Authorization vulnerability in the GetBookingsWP plugin, which allows exploitation of incorrectly configured access control security levels...

PT-2025-14739 · Pixelgrade · Category Icon

Name of the Vulnerable Software and Affected Versions: Category Icon versions through 1.0.0 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in the pixelgrade Category Icon...

PT-2025-14259

Name of the Vulnerable Software and Affected Versions WebinarPress versions 1.33.27 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations For versions...

PT-2025-7858

Name of the Vulnerable Software and Affected Versions Jürgen Müller Easy Quotes versions 1.2.2 and earlier Description The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command...

PT-2025-7179 · Prezi · Prezi Embedder

Name of the Vulnerable Software and Affected Versions: Prezi Embedder versions prior to 2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicious scripts...

PT-2025-6282 · Adobe · Illustrator

Name of the Vulnerable Software and Affected Versions: Adobe Illustrator versions 29.1, 28.7.3 and earlier Description: The issue is a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio...

PT-2025-1610 · WordPress · Storely

Name of the Vulnerable Software and Affected Versions: Storely theme for WordPress versions up to and including 16.6 Description: The issue allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages. This is due to insufficient input sanitizati...

PT-2025-2800 · Adguard · Adguard Application

Name of the Vulnerable Software and Affected Versions: AdGuard Application versions 7.18.1 and earlier Description: The issue allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component. This enables the execution of arbitrary code, potentially leading to...

PT-2025-4925 · Unknown · Rsvpmaker Volunteer Roles

Name of the Vulnerable Software and Affected Versions: RSVPMaker Volunteer Roles versions 1.5.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject malicious...

PT-2025-5556 · Unknown · Notfound Bridge Core

Name of the Vulnerable Software and Affected Versions: NotFound Bridge Core versions n/a through 3.3 Description: The issue is related to a Missing Authorization vulnerability in NotFound Bridge Core. This vulnerability affects the authorization process, potentially allowing unauthorized access...

PT-2025-5448 · Unknown · Fv Thoughtful Comments

Name of the Vulnerable Software and Affected Versions: FV Thoughtful Comments versions 0.3.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendations: For version...

PT-2025-5530 · Unknown · Herd Effects

Name of the Vulnerable Software and Affected Versions: Herd Effects versions through 6.2.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions through 6.2.1, update t...

PT-2025-5255

Name of the Vulnerable Software and Affected Versions Rara Theme UltraLight versions 1.2 and earlier Description The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This means an attacker can inject malicious...

PT-2025-4683 · Brizy Pro · Brizy Pro

Name of the Vulnerable Software and Affected Versions: Brizy Pro versions prior to 2.6.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This enables an attacker to inject malicious scripts into...

PT-2025-4653 · Infomaniak · Infomaniak Staff Vod

Name of the Vulnerable Software and Affected Versions: Infomaniak Staff VOD Infomaniak versions 1.5.9 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For version...