CVE-2026-41075

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

CVE-2026-41075

RT (Request Tracker) is affected by an SQL injection in the JSON search path via the entry_aggregator parameter. Affected versions: 5.0.0–5.0.9 and 6.0.0–6.0.2. Root cause: input incorporated into queries without proper validation, enabling authenticated users to read or modify RT database data. ...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the NewServer function in the HTTP server, specifically within the http.DefaultServeMux Fallback Handler. An attacker can access sensitive information by sending crafted HTTP requests that trigger the unintend...

terraform-provider-proxmox has insecure sudo recommendation in the documentation

Note: It is uncertain whether this constitutes a vulnerability or should be filed as an issue instead. Summary In the SSH configuration documentation, the sudoer line that was suggested can be escalated to edit any files in the system. Details The following line were suggested for addition in the...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the getIssuerCertificate function. An attacker can gain unauthorized access to Secrets in other namespaces by bypassing RBAC restrictions. This is only exploitable if the attacker has permission to create...

CVE-2025-54882

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials...

PT-2025-32501 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote operating system command injection. The vulnerability is located in the...

PT-2025-12451 · Unknown · Lzcms-Laozhangbokexitong

Name of the Vulnerable Software and Affected Versions: LzCMS-LaoZhangBoKeXiTong versions up to 1.1.4 Description: A critical issue affects some unknown functionality of the file /admin/upload/upimage.html, specifically the HTTP POST Request Handler component. The manipulation of the File argument...

PT-2025-11184 · Tenda · Tenda Rx3

Name of the Vulnerable Software and Affected Versions: Tenda RX3 US RX3V1.0br V16.03.13.11 multi TDE01 Description: The issue is related to a buffer overflow that can be triggered via the schedStartTime and schedEndTime parameters at the "/goform/saveParentControlInfo" API endpoint. This allows...

PT-2025-7804 · Benner · Benner Modernanet

Name of the Vulnerable Software and Affected Versions: Benner ModernaNet versions 1.1.0 and earlier Description: A critical issue has been found in Benner ModernaNet, affecting an unknown part of the file...

PT-2025-7566 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 V1.0 V15.03.06.23 Description: The issue is related to a buffer overflow in form fast setting wifi set via the ssid parameter. This can potentially be exploited, although specific details about the number of affected devices or...

PT-2025-7508 · Baiyi · Baiyi Cloud Asset Management System

Name of the Vulnerable Software and Affected Versions: Baiyi Cloud Asset Management System versions up to 20250204 Description: A critical issue has been found in the Baiyi Cloud Asset Management System, affecting some unknown processing of the file /wuser/admin.house.collect.php. The manipulatio...

PT-2025-4173 · Unknown · Libsthmbc.So

Name of the Vulnerable Software and Affected Versions: libsthmbc.so versions prior to SMR Jan-2025 Release 1 Description: The issue is related to an out-of-bounds read in the decoding of malformed bitstreams of video thumbnails in libsthmbc.so. This allows local attackers to read arbitrary memory...

PT-2025-4116 · Zenvia · Zenvia Movidesk

Name of the Vulnerable Software and Affected Versions: Zenvia Movidesk versions up to 25.01.22 Description: A vulnerability was found in Zenvia Movidesk, affecting an unknown functionality of the file /Account/Login. The manipulation of the ReturnUrl argument leads to open redirect. The attack ca...

PT-2025-5266 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.380 Description: Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. The issue arises when the tags page allows users to search for tags. If the search does...

PT-2025-3466 · Linksys · Linksys E8450

Name of the Vulnerable Software and Affected Versions: Linksys E8450 version 1.2.00.360516 Description: A command injection issue was discovered, which can be exploited via the userEmail variable. This allows for potential unauthorized access and control. Recommendations: For Linksys E8450 versio...

PT-2025-4751 · Teedy · Teedy

Name of the Vulnerable Software and Affected Versions: Teedy versions 1.11 and earlier Description: The issue allows for CSRF, enabling account takeover via POST "/api/user/admin". This can be exploited to gain unauthorized access to user accounts. Recommendations: For versions 1.11 and earlier, ...

PT-2025-2803 · Unknown · Neat Board Nfc

Name of the Vulnerable Software and Affected Versions: Neat Board NFC version 1.20240620.0015 Description: A Buffer Overflow issue exists, allowing physically proximate attackers to escalate privileges via a crafted payload to the password field. This enables local privilege escalation...

PT-2025-3778 · Unknown · Code-Projects Online Shoe Store

Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical vulnerability has been found in the code-projects Online Shoe Store. It affects an unknown function of the file /details2.php. The manipulation of the id argument leads to SQ...

PT-2025-2466 · Fs Code · Fs Poster

Name of the Vulnerable Software and Affected Versions: FS Poster versions n/a through 6.5.8 Description: A Cross-Site Request Forgery CSRF issue is present in FS-code FS Poster, allowing Cross Site Request Forgery attacks. Recommendations: For versions n/a through 6.5.8, as a temporary workaround...