184321 matches found
PT-2026-39412
Name of the Vulnerable Software and Affected Versions Next.js versions 13.0.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using beforeInteractive scripts combined with untrusted content are susceptible to cross-site scripting XSS, a flaw where malicious scripts...
PT-2026-37690
Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this...
PT-2026-37203
Name of the Vulnerable Software and Affected Versions Pelican versions 7.21.0 through 7.21.4 Pelican versions 7.22.0 through 7.22.2 Pelican versions 7.23.0 through 7.23.2 Pelican versions 7.24.0 through 7.24.1 Description A privilege escalation issue exists in the Web User Interface WebUI that...
PT-2026-37180
Name of the Vulnerable Software and Affected Versions Icinga Web versions prior to 0.13.1 Description An issue allows an attacker to inject malicious Javascript into a victim's browser to execute it within the context of Icinga Web. This occurs when a victim visits a specifically prepared website...
PT-2026-34007
Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...
PT-2026-29256
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected...
PT-2026-28574
Name of the Vulnerable Software and Affected Versions Happy DOM versions 15.10.0 through 20.8.7 Description Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions 15.10.0 through 20.8.7 contain a code injection issue in the ECMAScriptModuleCompile...
PT-2026-23404
Improper Control of Generation of Code 'Code Injection' vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through = 3.7.2...
PT-2026-21824
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4 Description OpenEMR is an open source electronic health records and medical practice management application. Prior to version 7.0.4, the disposeDocument method in EtherFaxActions.php allows authenticated users t...
PT-2026-43005
Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.10.0 Description Unauthorized access to multipart upload MPU endpoints is possible when the --serve-artifacts mode is enabled. The authorization logic fails to enforce resource-level permission checks for endpoints...
PT-2026-7121
A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch i...
PT-2026-5411
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...
PT-2026-4787
Name of the Vulnerable Software and Affected Versions Esri ArcGIS Pro versions 3.6.0 and earlier Description A Cross Site Scripting issue exists in Esri ArcGIS Pro. A local attacker could provide malicious strings to ArcGIS Pro, which may execute when a specific dialog is opened. Recommendations...
PT-2026-1043
Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A SQL injection issue exists in Yonyou KSOA 9.0 due to manipulation of the ID argument within the HTTP GET parameter handler of the /worksheet/agent worksdel.jsp file. Remote exploitation is possible. The...
PT-2026-21547
Name of the Vulnerable Software and Affected Versions evolution-data-server versions 22.04 through 25.10 Description The software contains a flaw related to insecure local cache file removal. This could allow for unauthorized access or modification of cached data. Recommendations Update to a newe...
PT-2025-49988
Name of the Vulnerable Software and Affected Versions adata Software GmbH Mitarbeiter Portal version 2.15.2.0 Description A stored Cross Site Scripting XSS issue exists in the bulletin board SchwarzeBrett component. This allows a remote authenticated user to execute arbitrary JavaScript code with...
PT-2025-43126
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the ttc timer probe function within the cadence-ttc timer driver. The timer baseaddr resource, obtained through of iomap, was not consistently...
PT-2025-35599
Name of the Vulnerable Software and Affected Versions DASYLab affected versions not specified Description DASYLab is susceptible to an out-of-bounds write due to improper bounds checking when parsing a DSB file. This can lead to arbitrary code execution if a user opens a specially crafted DSB fil...
PT-2026-50455
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.27 modelscan affected versions not specified Description A parsing logic error exists in the list globals function when processing STACK GLOBAL opcodes. The scanner fails to track arguments in the correct range...
PT-2025-31655
Name of the Vulnerable Software and Affected Versions The Language Sloth Web Application version 1.0 Description A stored cross-site scripting XSS vulnerability exists in The Language Sloth Web Application. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted...
PT-2025-27781 · Apache · Apache Httpd
Name of the Vulnerable Software and Affected Versions: Apache httpd affected versions not specified Description: The configuration of the Apache httpd webserver is partly insecure due to unnecessary activated modules. These modules pose a risk to the webserver, enabling directory listing...
PT-2025-20117 · Unknown · Contact Form Widget
Name of the Vulnerable Software and Affected Versions: Contact Form Widget versions 1.4.6 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Contact Form Widget, allowing unauthorized requests. Recommendations: For versions 1.4.6 and earlier, update to a version that...
PT-2025-18762 · WordPress · Wpml
Name of the Vulnerable Software and Affected Versions: WPML plugin for WordPress versions 3.6.0 through 4.7.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpml language switcher shortcode due to insufficient input sanitization and output escaping on...
PT-2025-7581 · Itsourcecode · Itsourcecode Simple Chatbox
Name of the Vulnerable Software and Affected Versions: ITSourcecode Simple ChatBox versions up to 1.0 Description: A vulnerability was found in ITSourcecode Simple ChatBox, affecting unknown code of the file /del.php. The attack can use SQL injection to obtain sensitive data. Recommendations: For...
PT-2024-35947 · Eddi · Eddi
Name of the Vulnerable Software and Affected Versions: EDDI Enhanced Dialog Driven Interface versions prior to 5.4 Description: A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to acce...
PT-2024-34298 · Elementor · Alley Elementor Widget
Name of the Vulnerable Software and Affected Versions: Alley Elementor Widget versions 1.0.0 through 1.0.7 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means an attacker could potentially inject malicious...
PT-2025-18858 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition in the Linux kernel's serial driver, specifically in the fsl lpuart component, can lead to a NULL pointer dereference when the DMA completion interrupt occurs during D...
PT-2024-21948
Name of the Vulnerable Software and Affected Versions ChatGPT versions affected versions not specified Description A server-side request forgery SSRF vulnerability exists in the pictureproxy.php file of ChatGPT, specifically within commit f9f4bbc. This flaw allows attackers to force the applicati...
PT-2023-21824 · Qualcomm · Sd205 Firmware +58
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from the cam get device priv function not checking the type of handle being returned, which can be a device, session, or link handle...
PT-2023-13500 · Libslic3R +1 · Libslic3R +1
Name of the Vulnerable Software and Affected Versions: libslic3r version 1.3.0 libslic3r Master Commit b1a5500 Description: A heap-based buffer overflow issue exists in the TriangleMesh clone functionality. This can be triggered by a specially-crafted STL file, leading to a heap buffer overflow. ...
PT-2025-18803 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential use-after-free issue has been identified in the Linux kernel, specifically in the intel-ish-hid ipc component. This issue occurs when a reset notify IPC message is received...
PT-2023-19107 · Mainwp · Mainwp Matomo Extension
Name of the Vulnerable Software and Affected Versions: MainWP Matomo Extension versions prior to 4.0.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...
PT-2022-6166 · Cisco +6 · Cisco +6
Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: The issue is related to the Linux network backend, specifically the netback driver, where a guest can trigger a NIC interface reset, abort, or crash by sending certain kinds of packets. This ...
PT-2022-3915 · Linux +8 · Linux Kernel +8
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.18.9 Description: A type confusion bug in nft set elem init leading to a buffer overflow could be used by a local attacker to escalate privileges. The attacker can obtain root access, but must start with an...
PT-2021-5289 · Apache +2 · Apache Tomcat +2
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 8.5.60 through 8.5.71 Apache Tomcat versions 9.0.40 through 9.0.53 Apache Tomcat versions 10.0.0-M1 through 10.0.11 Apache Tomcat versions 10.1.0-M1 through 10.1.0-M5 Description: The issue is related to a memory leak i...
PT-2021-7066 · Linux +8 · Linux Kernel +8
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw in the processing of received ICMP errors, specifically ICMP fragment needed and ICMP redirect, allows an off-path remote user to quickly scan open UDP ports and bypass the sour...
PT-2020-3493 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 4.19 through 5.6.7 Description: The issue is related to a race condition in the Linux kernel, specifically in the enable sacf uaccess function, which can lead to code execution. This occurs because the function fails to...
PT-2019-6223 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.0.21 Description: The issue is related to a use-after-free vulnerability in the btrfs queue work function, located in the fs/btrfs/async-thread.c file. This vulnerability can be exploited by mounting a crafted btrfs...
PT-2019-3113 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.1.8 Description: The issue is related to a double-free error caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. This error can lead to a denial of service. Recommendations: For Linux...
PT-1988-1001 · Sendmail · Sendmail
Name of the Vulnerable Software and Affected Versions: Sendmail affected versions not specified Description: The issue concerns the debug command in Sendmail, which is enabled, allowing attackers to execute commands as root. Recommendations: At the moment, there is no information about a newer...
PT-2026-54432
Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description Storage Concentrator SC & SCVM contains hardcoded credentials for various internal services within a configuration file. Although these credentials use encoding, the...
PT-2026-52824
Affiliate Broken Access Control in Affiliates Manager = 2.9.49 versions...
PT-2026-52767
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...
PT-2026-51579
🚨 CVE-2026-54320 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates user...
PT-2026-51374
Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified Description A denial of service issue exists in the WebSphere WebServer...
PT-2026-51142
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.1.4 Description Configuration can be injected into the Chainflow during execution through the overrideConfig option, which is available in the frontend web integration and the backend Prediction API. This feature is...
PT-2026-51039
Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication logic flaw allows an attacker to register and control an account linked to a victim's email address before the email is verified. By enabling two-factor authentication on this...
PT-2026-51103
Summary A Stored Cross-Site Scripting XSS issue previously existed in the Text Widget in Board of Outerbase Studio where unsanitized HTML could be rendered using dangerouslySetInnerHTML Steps to Reproduce 1. Create a new dashboard. 2. Add a Text widget. 3. Insert the following payload: html...
PT-2026-50889
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An out-of-bounds read occurs in the NI grpc-device streaming API because of a missing bounds check. This issue can lead to a denial of service if an attacker provides a specially crafted writ...
PT-2026-51162
These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...