PT-2026-44849

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description An issue exists in the 'plugin/AuthorizeNet/processPayment.json.php' endpoint that allows any logged-in user to add arbitrary funds to their own wallet when the AuthorizeNet and YPTWallet plugins ar...

PT-2026-45008

Summary filepath.Base on the Linux container does not strip backslashes , because is only a path separator on Windows. A multipart filename like ........WindowsSystem32evil.pdf survives Gotenberg's input sanitisation and lands verbatim as the zip entry name when a multi-output route returns its...

PT-2026-45061

Summary The Platform server exposes resources under /api/v1/workspaces/workspace id/... and protects them with a require workspace memberworkspace id FastAPI dependency. The dependency only checks that the caller is a member of the workspace id in the URL prefix. The route handlers then look up t...

PT-2026-45051

Summary execute code in praisonaiagents/tools/python tools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print. self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command...

PT-2026-45057

Arbitrary code execution via ungated spec.loader.exec module in agents generator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAI ALLOW LOCAL TOOLS env-var gate to the tool override.py sinks...

PT-2026-45037

Summary modules/categories.php checks that the supplied type parameter ANN, EVT, ROL, USF, … corresponds to a module the actor administers. The follow-up "is this specific category editable by me" check at lines 56-61 is dead code because it compares $getType a category-type code against mode nam...

PT-2026-44819

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is...

PT-2026-44815

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 Description The Console WebUI contains an OS Command Injection issue, which occurs when special elements used in an OS command are not properly neutralized. This allows remote...

PT-2026-44994

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

PT-2026-44749

Name of the Vulnerable Software and Affected Versions WooCommerce Infinite Scroll and Ajax Pagination versions prior to 1.9 Description The plugin is subject to PHP Object Injection, a condition where untrusted data is deserialized, allowing an attacker to manipulate the application's logic. The...

PT-2026-44954

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 Description Improper permission checks allow for the exposure of build configuration parameters. Recommendations Update to version 2026.1...

PT-2026-45023

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description NodeVM exposes process-wide observability builtins when they are permitted via require.builtin. Specifically, the diagnostics channel, async hooks, and perf hooks modules are not included in the dangero...

PT-2026-47225

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=517027630 Crash type: Heap-use-after-free READ 4 Crash state: slice segment header::operator= slice segment header::read decoder context::read slice NAL...

PT-2026-45017

Name of the Vulnerable Software and Affected Versions russh versions 0.34.0 through 0.61.0 Description When SSH compression is enabled, the software accepts compressed packets that pass initial transport packet-length checks but expand to a much larger size upon decompression. This occurs because...

PT-2026-45052

Summary CVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generate api server code that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that:...

PT-2026-45055

Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALL SERVER TOKEN is not configured. The affected component is the praisonai.api.agent invoke router as mounted by praisonai.api.call. The authentication helper verify token fails open when CALL...

PT-2026-44944

Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Two authorization defects in the team settings allow an authenticated user to compromise the Role-Based Access Control RBAC system. The endpoint "Settings/Team/Index" lacks mount authorization,...

PT-2026-44979

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta1 Description An authenticated attacker can bypass the global isInternalAddress network protection to make arbitrary HTTP GET requests to internal network services. This occurs due to an incomplete fix in t...

PT-2026-44869

HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/mod pengurus/aksi pengurus.php module=pengurus&act=hapus and...

PT-2026-44808

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

PT-2026-44955

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 JetBrains TeamCity version 2025.11.5 Description A reflected Cross-Site Scripting XSS issue exists on the repository download page. Reflected XSS occurs when an application receives data in an HTTP...

PT-2026-44977

Name of the Vulnerable Software and Affected Versions Formie versions prior to 2.2.21 Formie versions prior to 3.1.26 Description Unauthenticated users can modify existing submissions by sending a known or guessed submission ID to the 'formie/submissions/save-submission' endpoint. Recommendations...

PT-2026-45059

Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to owner. The issue is caused by privileged workspace-management routes using the shared dependency require workspace member... without...

PT-2026-45015

Summary Gotenberg is vulnerable to a remote denial of service in multipart downloadFrom handling. A multipart request containing multiple downloadFrom entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process with fatal error: concurrent...

PT-2026-44984

Name of the Vulnerable Software and Affected Versions axios versions prior to 0.32.0 axios versions prior to 1.16.0 Description Axios is a promise-based HTTP client for the browser and Node.js. The issue resides in the lib/helpers/shouldBypassProxy.js file and is caused by the failure to normaliz...

PT-2026-45144

These are all security issues fixed in the libzypp-17.38.10-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-44962

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2026.1 Description Code execution is possible through template injection within the Copyright plugin. Template injection occurs when untrusted input is embedded into a template and executed by the...

PT-2026-44905

Name of the Vulnerable Software and Affected Versions GitHub CLI versions prior to 2.93.0 Description GitHub CLI incorrectly includes authorization headers in API requests to TUF repository mirrors when using the gh attestation, gh release verify, and gh release verify-asset commands. The tool...

PT-2026-45029

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 authentik versions prior to 2026.5.1 Description The SAML Source ACS endpoint is susceptible to XML Signature Wrapping, a technique where a valid signature is used to...

PT-2026-44798

Name of the Vulnerable Software and Affected Versions OpenShift Router affected versions not specified Description A flaw in the OpenShift Router allows a user with EndpointSlice write access to proxy requests to a cloud metadata endpoint. This is achieved by creating a Service backed by a Fully...

PT-2026-44752

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soup body input stream read chunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of ...

PT-2026-44368

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /pathr HTTP/1.1r Host:...

PT-2026-44246

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the virtio bt module, the virtbt rx work function calls skb putskb, len using a length value obtained from virtqueue get buf without validating it against the buffer size exposed to t...

PT-2026-44234

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A use-after-free issue exists in the Bluetooth component. The create big complete function unconditionally dereferences the...

PT-2026-44324

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the drm/xe component when the xe gem prime import function is called. Specifically, if the xe dma buf init obj function fails, the attachment created by dma buf...

PT-2026-44345

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A null pointer dereference can occur in the rockchip rkcif component when a stream is enabled. This happens because certain pads lack the MUST CONNECT flag, which is required to verify that...

PT-2026-44528

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can resul...

PT-2026-44513

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Payments versions 12.2.3 through 12.2.15 Description An issue exists in the File Transmission component of the Oracle Payments product. This flaw allows an unauthenticated attacker with network access via HTTP to...

PT-2026-44533

Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0 Description An issue in the Core component allows an unauthenticated attacker with network access via HTTPS to compromise the system. Successful exploitation can lead to unauthorized...

PT-2026-44496

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT FOLLOWLOCATION is set without CURLOPT REDIR PROTOCOLS STR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTT...

PT-2026-44535

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An authenticated user with connector management privileges can perform a Server-Side Request Forgery SSRF, which is a flaw that allows an attacker to induce the server-side application to make...

PT-2026-44549

Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...

PT-2026-44786

These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-44783

These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-44729

Name of the Vulnerable Software and Affected Versions compliance-trestle version 4.0.2 Description The profile import mechanism in the compliance-trestle library fails to perform boundary checks when resolving trestle:// URIs and relative file paths. By joining these paths with trestle root and...

PT-2026-44205

The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...

PT-2026-44741

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A heap use-after-free UAF race condition exists in the 9pfs component, specifically within the v9fs co readdir many function. This issue allows an unprivileged guest to cause a denial of service...

PT-2026-44362

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A runtime power management PM reference count leak exists in the ov5647 I2C driver. Specifically, three control cases—AUTOGAIN, EXPOSURE AUTO, and ANALOGUE GAIN—return directly without...

PT-2026-44373

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2 version 1.0.9...

PT-2026-44594

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in the UI allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML...