184334 matches found
PT-1988-1001 · Sendmail · Sendmail
Name of the Vulnerable Software and Affected Versions: Sendmail affected versions not specified Description: The issue concerns the debug command in Sendmail, which is enabled, allowing attackers to execute commands as root. Recommendations: At the moment, there is no information about a newer...
PT-2026-54432
Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description Storage Concentrator SC & SCVM contains hardcoded credentials for various internal services within a configuration file. Although these credentials use encoding, the...
PT-2026-52767
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...
PT-2026-51579
🚨 CVE-2026-54320 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates user...
PT-2026-51426
A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, bt sdp parse attribute accepts an input buffer once it contains the 1-byte attribute type and 2-byte attribute id, but then unconditionally pulls an...
PT-2026-51374
Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified Description A denial of service issue exists in the WebSphere WebServer...
PT-2026-51142
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.1.4 Description Configuration can be injected into the Chainflow during execution through the overrideConfig option, which is available in the frontend web integration and the backend Prediction API. This feature is...
PT-2026-51039
Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication logic flaw allows an attacker to register and control an account linked to a victim's email address before the email is verified. By enabling two-factor authentication on this...
PT-2026-51103
Summary A Stored Cross-Site Scripting XSS issue previously existed in the Text Widget in Board of Outerbase Studio where unsanitized HTML could be rendered using dangerouslySetInnerHTML Steps to Reproduce 1. Create a new dashboard. 2. Add a Text widget. 3. Insert the following payload: html...
PT-2026-50889
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An out-of-bounds read occurs in the NI grpc-device streaming API because of a missing bounds check. This issue can lead to a denial of service if an attacker provides a specially crafted writ...
PT-2026-51162
These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-51099
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An Insecure Direct Object Reference IDOR issue exists in the /api/v1/responses endpoint. This occurs because the get flow by id or endpoint name function in src/backend/base/langflow/helpers/flow.py...
PT-2026-51013
Name of the Vulnerable Software and Affected Versions Gonic versions prior to 0.21.0 Description A logic error in the ServeCreateOrUpdatePlaylist function allows for arbitrary file write operations within the music streaming server. Recommendations Update to version 0.21.0 or later. As a temporar...
PT-2026-50676
Name of the Vulnerable Software and Affected Versions Docker Sandboxes affected versions not specified Description Docker Sandboxes sbx fail to re-apply the ICMP egress authorizer to networks rebuilt from disk after a Docker daemon restart. This allows a restart-surviving sandbox to forward ICMP...
PT-2026-50229
Name of the Vulnerable Software and Affected Versions Android versions prior to June 2026 Description A logic error in the setAllowedCarriers function within PhoneInterfaceManager.java allows for the disabling of carrier restrictions. This flaw can lead to local escalation of privilege without...
PT-2026-50193
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Web Authentication component. This allows a remote attacker to execute arbitrary code by inducing the user to open a specially crafted HTML page. U...
PT-2026-50288
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...
PT-2026-50423
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...
PT-2026-50367
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8...
PT-2026-50280
Unauthenticated Local File Inclusion in Reprizo = 1.0.8 versions...
PT-2026-50207
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in Extensions allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML page. Site isolation is a...
PT-2026-50431
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 4.8 Description An unauthenticated attacker with remote access can exploit the inclusion of functionality from an untrusted control sphere, which may lead to information disclosure. Recommendations Upda...
PT-2026-50262
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...
PT-2026-50458
Name of the Vulnerable Software and Affected Versions Autodesk Revit affected versions not specified Description A NULL Pointer Dereference occurs when the application attempts to read a memory address that is NULL, typically resulting in a crash. This issue is triggered when a maliciously crafte...
PT-2026-50488
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains a Broken Object Level Authorization BOLA issue in the builtin search knowledge files function. BOLA occurs when an application does not properly verify if a user has permission...
PT-2026-49938
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue in the Content Server component of Oracle Fusion Middleware allows an unauthenticated attacker with network access via HTTP to compromise the system. The exploitation requires...
PT-2026-50060
Name of the Vulnerable Software and Affected Versions Oracle Project Portfolio Analysis versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Project Portfolio Analysis product within Oracle E-Business Suite. A low privileged attacker with...
PT-2026-50075
Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11.4 prior to SRU93 Description An issue exists in the Remote Administration Daemon that allows an unauthenticated attacker with network access via HTTPS to compromise the system. Successful exploitation can lead to...
PT-2026-51224
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The Docker API server contains an authentication bypass issue caused by a hardcoded default JWT JSON Web Token signing key. A JWT is a compact, URL-safe means of representing claims to be transferre...
PT-2026-49958
Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description An issue in the Shell for VS Code component of MySQL Shell allows a low-privileged attacker with network access via HTTP to compromise the software. Successful exploitation can...
PT-2026-49922
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content within Oracle Fusion Middleware. An unauthenticated attacker with network access via HTTP can compromise the...
PT-2026-49149
Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.21 Description A path traversal issue exists in the API Endpoint component. A remote attacker can manipulate the cache path relative argument within the userfiles path function of the '/api nosession/thumbnail...
PT-2026-49552
Name of the Vulnerable Software and Affected Versions ws versions 1.1.0 through 5.2.4 ws versions 6.0.0 through 6.2.3 ws versions 7.0.0 through 7.5.10 ws versions 8.0.0 through 8.20.9 Description ws is an open source WebSocket client and server for Node.js. A peer can send a high volume of...
PT-2026-49106
Name of the Vulnerable Software and Affected Versions Iptanus File Upload versions prior to 5.1.7 Description Improper file handling occurs when the duplicatepolicy setting is configured to "maintain both." A Time-of-Check to Time-of-Use TOCTOU race condition—a scenario where a system checks a...
PT-2026-49090
Name of the Vulnerable Software and Affected Versions Meow Gallery versions prior to 5.4.5 Description The Meow Gallery plugin for WordPress allows unauthorized modification of data because of a missing capability check on the REST API endpoint "/wp-json/meow-gallery/v1/save shortcode"...
PT-2026-49077
Name of the Vulnerable Software and Affected Versions WP Ticket versions prior to 6.0.5 Description The WP Ticket plugin for WordPress allows unauthenticated attackers to extract sensitive information from the database. The issue occurs during unauthenticated front-end searches when the plugin...
PT-2026-49039
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description A configuration enforcement bypass exists in Feishu dynamic-agent bindings. This issue allows authenticated senders to create or update bindings without adhering to the configured config-write...
PT-2026-48818
The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link url' parameter of the presto player overlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which...
PT-2026-48668
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail id value...
PT-2026-48387
Name of the Vulnerable Software and Affected Versions Anti-Spam by CleanTalk. Spam protection WordPress plugin versions prior to 6.79 Description Insufficient sanitization of content within a custom shortcode used in the email-encoding feature allows unauthenticated attackers to perform Stored...
PT-2026-48357
Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.2.7.3256 build 20250913 Description An access-control flaw exists in legacy environments where the NFS Network File System service is enabled. When NFS share settings are permissive, specifically using a wildcard host...
PT-2026-48312
Name of the Vulnerable Software and Affected Versions Spring Data MongoDB versions 5.0.0 through 5.0.5 Spring Data MongoDB versions 4.5.0 through 4.5.11 Spring Data MongoDB versions 4.4.0 through 4.4.14 Spring Data MongoDB versions 4.3.0 through 4.3.16 Spring Data MongoDB versions 4.2.0 through...
PT-2026-47976
Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description An elevation-of-privilege issue exists due to a server-side request forgery SSRF flaw. This occurs because of insufficient input validation of URLs in the attachment preview...
PT-2026-48269
Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description An incorrect authorization flaw allows a high-privileged attacker to achieve arbitrary code execution in the context of the current user. This issue...
PT-2026-47795
Name of the Vulnerable Software and Affected Versions Waves Central for macOS versions 13.0.9 through 16.5.5 Description A trusted XPC client component is signed with hardened runtime entitlements that allow dynamic library injection. A local attacker can use the DYLD INSERT LIBRARIES environment...
PT-2026-48323
Name of the Vulnerable Software and Affected Versions Spring for Apache Kafka versions 4.0.0 through 4.0.5 Spring for Apache Kafka versions 3.3.0 through 3.3.15 Spring for Apache Kafka versions 3.2.0 through 3.2.13 Spring for Apache Kafka versions 2.9.0 through 2.9.13 Spring for Apache Kafka...
PT-2026-47612
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description In the network application framework, DefaultHttp2Connection.DefaultEndpoint initializes maxActiveStreams and maxStreams to Integer.MAX VALUE, while...
PT-2026-47545
Summary An attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses can bypass the restrictions. Details io.netty.handler.ipfilter.IpSubnetFilterRulecompareTojava.net.InetSocketAddress method performs a bitwise AND...
PT-2026-47170
A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...
PT-2026-47127
Name of the Vulnerable Software and Affected Versions MDJM Event Management plugin for WordPress versions prior to 1.7.8.4 Description The plugin allows arbitrary file upload because it does not perform validation on the file type, extension, or MIME type of uploaded files. This issue occurs with...