PT-2026-37096

Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.3 PhpSpreadsheet versions 2.0.0 through 2.1.14 PhpSpreadsheet versions 2.2.0 through 2.4.3 PhpSpreadsheet versions 3.3.0 through 3.10.3 PhpSpreadsheet versions 4.0.0 through 5.5.0 Description When the...

GHSA-8JRH-7JG8-FVMV Vaadin: Specially crafted ZIP archives can escape the intended extraction directory

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...

Wear OS Security Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-02-05 or later from the February 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage al...

PT-2026-8351

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 147.0.4 Firefox ESR versions prior to 140.7.1 Firefox ESR versions prior to 115.32.1 Thunderbird versions prior to 140.7.2 Thunderbird versions prior to 147.0.2 Description A heap buffer overflow exists in the libvpx...

PT-2025-46649

Name of the Vulnerable Software and Affected Versions TYPO3 Extension "Modules" versions prior to 4.3.11 TYPO3 Extension "Modules" versions 5.0.0 through 5.7.3 TYPO3 Extension "Modules" versions 6.0.0 through 6.4.1 TYPO3 Extension "Modules" versions 7.0.0 through 7.5.4 Description An improper...

PT-2025-44561

Name of the Vulnerable Software and Affected Versions UniFi Talk Touch versions 1.21.16 and earlier UniFi Talk Touch Max versions 2.21.22 and earlier UniFi Talk G3 Phones versions 3.21.26 and earlier Description An issue was identified in certain UniFi Talk devices where internal debugging...

EUVD-2025-21064

Malicious code in bioql PyPI...

PT-2025-38152

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.527 and earlier Jenkins LTS versions 2.516.2 and earlier Description Jenkins does not perform a permission check for the authenticated user profile dropdown menu. This allows attackers without Overall/Read permission to obta...

CVE-2025-27215

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products: UniFi Connect Display Cast Version 1.10.3 and earlier UniFi Connect Display Cast Pro Version 1.0.89 and...

PT-2025-33670 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.0 through 7.4.3.132 Liferay DXP versions 2025.Q1 through 2025.Q1.6 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q2.0 through 2024.Q2.1...

PT-2025-33480 · Unknown · Phoca Commander

Name of the Vulnerable Software and Affected Versions: Phoca Commander versions 1.0.0 through 4.0.0 Phoca Commander versions 5.0.0 through 5.0.1 Description: An authenticated remote code execution issue exists in Phoca Commander for Joomla. The issue allows code execution via the unzip feature...

PT-2025-32997

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.13-27 ImageMagick versions prior to 7.1.2-1 Description: ImageMagick is free and open-source software used for editing and manipulating digital images. The magnified size calculations in the ReadOneMNGImage...

PT-2025-32082 · WordPress · Zakra

Name of the Vulnerable Software and Affected Versions: Zakra versions prior to 4.1.6 Description: The Zakra theme for WordPress is susceptible to unauthorized data modification due to a missing capability check on the welcome notice import handler function. This allows authenticated attackers wit...

PT-2025-32115 · Unknown · Usmartview

Name of the Vulnerable Software and Affected Versions: Smart View versions prior to Android 16 Description: The use of implicit intents for sensitive communication allows local attackers to access sensitive information. Recommendations: Update Smart View to Android 16 or later...

PT-2025-32005 · Risc Zero · Risc0-Zkvm +2

Name of the Vulnerable Software and Affected Versions: risc0-zkvm versions 2.0.0 through 2.1.0 risc0-circuit-rv32im versions 2.0.0 through 2.0.4 risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 Description: RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARK...

PT-2025-32008 · Unknown +1 · Security-Kit +1

Name of the Vulnerable Software and Affected Versions: Vision UI versions 1.4.0 and below security-kit versions prior to 3.5.0 Description: The getSecureRandomInt function contains a cryptographic weakness due to a silent 32-bit integer overflow in its internal masking logic. This prevents the...

PT-2025-32009 · Unknown +1 · Security-Kit +1

Name of the Vulnerable Software and Affected Versions: Vision UI versions 1.4.0 and below Description: The generateSecureId and getSecureRandomInt functions within the security-kit component versions prior to 3.5.0, packaged in Vision UI 1.4.0 and below are susceptible to Denial of Service DoS...

PT-2025-31996 · Sscms · Sscms

Name of the Vulnerable Software and Affected Versions: SSCMS version 7.3.1 Description: An issue in the /stl/actions/download?filePath component of SSCMS allows attackers to execute a directory traversal. Recommendations: Apply any available updates to address the directory traversal issue in the...

PT-2025-31292 · Apple · Macos Sonoma 14.7.7 +2

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sequoia 15.6 macOS versions prior to Sonoma 14.7.7 Description: An application may be able to access protected user data due to vulnerable code. This issue was addressed by removing the vulnerable code. Recommendations...

PT-2025-31312 · Apple · Tvos +6

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 11.6 iOS versions prior to 18.6 iPadOS versions prior to 18.6 and 17.7.9 tvOS versions prior to 18.6 macOS Sequoia versions prior to 15.6 visionOS versions prior to 2.6 Description: An application may be able to acce...