184319 matches found
PT-2025-18175 · Bookgy · Bookgy
Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: The issue is related to a SQL injection vulnerability. This could allow an attacker to retrieve, create, update, and delete databases by sending an HTTP request through the IDTIPO, IDPISTA,...
PT-2025-11031 · Bitdefender · Bitdefender Box
Name of the Vulnerable Software and Affected Versions: Bitdefender Box 1 versions 1.3.52.928 and below Description: An improper access control issue exists that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signe...
PT-2025-10720 · Rsa · Archer Platform
Name of the Vulnerable Software and Affected Versions: Archer Platform versions 6 through 6.14.00202.10024 Description: The issue allows an authenticated user with record creation privileges to manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request vi...
PT-2025-3985 · M Files · M-Files Server
Name of the Vulnerable Software and Affected Versions: M-Files Server versions prior to 25.1 Description: The issue allows a highly privileged user to recover external connector passwords due to unsafe password recovery from the configuration. Recommendations: For versions prior to 25.1, update t...
PT-2024-17176 · Unknown · Cph2 Echarge Firmware
Name of the Vulnerable Software and Affected Versions: cph2 echarge firmware versions through 2.0.4 Description: The issue affects devices that communicate with the eCharge cloud infrastructure over an insecure channel, as peer verification is disabled. This allows remote unauthenticated users,...
PT-2025-8696
Name of the Vulnerable Software and Affected Versions URI gem versions prior to 0.11.3 URI gem versions 0.12.0 through 0.12.3 URI gem versions 0.13.0 through 0.13.1 URI gem versions 1.0.0 through 1.0.2 Description The URI handling methods URI.join, URImerge, URI+ in the URI gem for Ruby have an...
PT-2025-38390
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the trace/blktrace module when using the debugfs lookup function. Failing to call dput on the result of debugfs lookup leads to a memory leak over time. The issue...
PT-2023-5257 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 20.0.0 through 20.0.14.14 Nextcloud Server versions 21.0.0 through 21.0.9.12 Nextcloud Server versions 22.0.0 through 22.2.10.13 Nextcloud Server versions 23.0.0 through 23.0.12.7 Nextcloud Server versions 24.0.0...
PT-2023-18874 · WordPress · Cf7 Google Sheets Connector
Name of the Vulnerable Software and Affected Versions: CF7 Google Sheets Connector WordPress plugin versions prior to 5.0.2 cf7-google-sheets-connector-pro WordPress plugin versions prior to 5.0.2 Description: The issue is related to a Reflected Cross-Site Scripting that could be used against hig...
PT-2022-5400 · Exiv2 +1 · Exiv2 +1
Name of the Vulnerable Software and Affected Versions: Exiv2 affected versions not specified Description: The issue is related to a buffer overflow in the QuickTimeVideo::decodeBlock function of the quicktimevideo.cpp file in the Exiv2 library, which can be exploited by a remote attacker to execu...
PT-2021-3110 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.39 through 5.10.16 Description: An issue was discovered in the Linux kernel, as used in Xen, where block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. This issue...
PT-2020-15427 · Jenkins · Jenkins Github Coverage Reporter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Coverage Reporter Plugin versions 1.8 and earlier Jenkins GitHub Coverage Reporter Plugin versions 1.10 and earlier Description: The issue concerns the storage of secrets in plain text in the global configuration file on the...
PT-2020-3071 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.10 Description: The issue is related to a memory leak in the Linux kernel's rpcsec gss krb5 implementation, specifically in the gss mech free function. This leak occurs when unloading a specific kernel module...
PT-2026-53077
Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.7 Description Authenticated users with Subscriber-level access can delete arbitrary files on the server, including sensitive files like wp-config.php, which may lead to a full site takeover. Th...
PT-2026-52470
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...
PT-2026-52078
Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description Mastodon is a free, open-source social network server based on ActivityPub. The normalization of incoming activities signed with...
PT-2026-50814
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.0 through 9.15 Description Stored cross-site scripting exists in the error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server, such as ErrorResponse messages, object names in...
PT-2026-50731
Name of the Vulnerable Software and Affected Versions Gotenberg version 8.33.0 Description A Server-Side Request Forgery SSRF issue exists in the /forms/libreoffice/convert endpoint. By uploading a specially crafted DOCX document, an attacker can force LibreOffice to retrieve external resources...
PT-2026-50794
Name of the Vulnerable Software and Affected Versions conda-smithy versions prior to 3.61.0 Description conda-smithy is a tool that combines a conda recipe with configurations to build using freely hosted CI services into a single repository. A flaw in the conda-forge automated webservices allows...
PT-2026-50626
The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'link' Block Attribute in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-50788
Name of the Vulnerable Software and Affected Versions Node.js versions prior to 26.3.1-1.1 Description Security issues were identified in Node.js that could compromise server infrastructure. Recommendations Update to version 26.3.1-1.1...
PT-2026-50539
Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.4 Description Tinyproxy fails to reject requests containing multiple Content-Length headers with differing values. The software forwards all duplicate headers to the backend but uses only the first value to...
PT-2026-49723
Name of the Vulnerable Software and Affected Versions Pacemaker affected versions not specified Description An integer overflow exists in the remote message decompression process. An unauthenticated remote attacker can exploit this by sending a specially crafted compressed remote message before...
PT-2026-50147
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.12 Description When running in BYONM mode nodeModulesDir: "manual", the module resolver fails to validate that a package's resolved entrypoint remains within its node modules// directory. A malicious package.json...
PT-2026-49850
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the Shared Folders component of Oracle VM VirtualBox. A low-privileged attacker with logon access to the infrastructure where the software executes can compromise the system...
PT-2026-49412
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...
PT-2026-49506
Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...
PT-2026-49093
Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description Insecure deserialization occurs in glances/outdated.py because the load cache function uses pickle.load to read a version-check cache file. This file is stored at predictable, world-accessible paths...
PT-2026-49119
Name of the Vulnerable Software and Affected Versions Tornado versions prior to 6.5.6 Description Gzip decompression routines process data in limited-size chunks but lack an overall limit for the total size of accumulated decompressed chunks. This allows a malicious server to consume unlimited...
PT-2026-49087
Name of the Vulnerable Software and Affected Versions Canvas plugin for WordPress versions prior to 2.5.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary...
PT-2026-49010
Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25040308 AVG Antivirus versions prior to VPS 25040308 Norton Antivirus versions prior to VPS 25040308 Avast One versions prior to VPS 25040308 Avast Business Antivirus versions prior to VPS 25040308...
PT-2026-48992
Name of the Vulnerable Software and Affected Versions Kitty versions 0.47.0 through 0.47.1 Description In the kitten dnd component, a malicious remote drag-and-drop source can overwrite or truncate arbitrary files that the local user has permission to write. This occurs because remote text/uri-li...
PT-2026-48850
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...
PT-2026-48861
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with...
PT-2026-48998
Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An information disclosure issue exists in the AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown is populated using the AuthKey.user id...
PT-2026-48909
Name of the Vulnerable Software and Affected Versions Aqara Board service affected versions not specified Description The Aqara Board service at the endpoint "op-test.aqara.com" accepts arbitrary MQTT command payloads and forwards them to the platform's HiveMQ broker without authentication. This...
PT-2026-48661
Name of the Vulnerable Software and Affected Versions Check Point Identity Agent Full for Windows OS affected versions not specified Description A local privilege escalation issue exists where an authenticated local user can execute arbitrary code with SYSTEM privileges. This occurs due to improp...
PT-2026-48621
Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description Jaxp13XPathTemplate evaluated XPat...
PT-2026-48662
Name of the Vulnerable Software and Affected Versions Keras versions prior to 3.14.0 Description A path traversal issue exists in the archive extraction utilities within keras/src/utils/file utils.py. The functions filter safe tarinfos and filter safe zipinfos validate archive member paths agains...
PT-2026-48659
A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...
PT-2026-48487
Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description A privilege escalation issue in the Command Line Interface CLI of PAN-OS software allows an authenticated administrator to perform actions on the device with root privileges. This affects...
PT-2026-48309
Name of the Vulnerable Software and Affected Versions Spring Security versions 7.0.0 through 7.0.5 Spring Authorization Server versions 1.5.0 through 1.5.7 Description The authorization endpoint performs insufficient validation of the request uri parameter. An attacker can craft a malicious...
PT-2026-47684
Name of the Vulnerable Software and Affected Versions 6Storage Rentals versions prior to 2.22.1 Description An authorization bypass exists in the 6Storage Rentals plugin for WordPress. Unauthenticated attackers can read and modify arbitrary tenant profile data, including names, email addresses,...
PT-2026-48221
Name of the Vulnerable Software and Affected Versions Substance3D Sampler versions 6.0.0 and earlier Description An out-of-bounds write occurs when the software processes a malicious file. This issue can lead to arbitrary code execution within the context of the current user and requires user...
PT-2026-47834
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference occurs in the OpenSSL QUIC server when receiving a QUIC initial packet containing an invalid or expired token. This issue is triggered specifically when address...
PT-2026-47698
Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability...
PT-2026-47510
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient policy enforcement in the Network component allows a remote attacker who has compromised the utility process to leak cross-origin data through the use of a crafted HTML...
PT-2026-47321
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description An out-of-bounds read occurs when using mod headers and mod mime in conjunction with multiple response languages. An out-of-bounds read is a condition where a program reads data past...
PT-2026-47339
Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw in the Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, which can lead to a denia...
PT-2026-46315
Name of the Vulnerable Software and Affected Versions netty incubator codec-ohttp versions prior to 0.0.22.Final Description The codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp fails to verify the receipt of a cryptographically-signed final chunk before the outer HTTP body terminates...