184322 matches found
PT-2026-46292
Name of the Vulnerable Software and Affected Versions Neterbit NW-431F Router versions prior to 20241014-IR03 Description The network diagnosis ping module allows OS command injection because the application fails to properly sanitize user input in the IP address field before passing it to the...
PT-2026-46139
Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description An issue exists where a crafted ISO image can lead to file overwrite via directory traversal during the deployment process. Directory traversal is a technique that allows an attacker to...
PT-2026-49160
Root has patched NSWG-ECO-154 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...
PT-2026-46386
Name of the Vulnerable Software and Affected Versions Network sockets subsystem affected versions not specified Description An out-of-bounds write and read issue exists in the TLS socket connect path within the network sockets subsystem, specifically in the subsys/net/lib/sockets/sockets tls.c...
PT-2026-46005
Name of the Vulnerable Software and Affected Versions Kimi AI version 1.0 Description A Cross Site Scripting issue exists in the 'Preview' feature of the web interface. The application does not properly sanitize or encode HTML or JavaScript payloads produced by the AI model. When a user accesses...
PT-2026-46908
Name of the Vulnerable Software and Affected Versions Widget Factory Joomla Content Editor JCE versions 1.0.0 through 2.9.99.4 Description An improper access control issue in the JCE editor extension for Joomla allows unauthenticated users to create new editor profiles. This flaw enables the uplo...
PT-2026-46464
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A type confusion issue exists in V8, the JavaScript and WebAssembly engine. This allows a remote attacker to execute arbitrary code within a sandbox by inducing a user to open a special...
PT-2026-46491
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A type confusion issue exists in the Media component, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Type confusio...
PT-2026-45673
A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...
PT-2026-45782
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...
PT-2026-45798
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...
PT-2026-45259
Content removed...
PT-2026-45591
In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-45577
Name of the Vulnerable Software and Affected Versions Android Framework affected versions not specified Description An incorrect bounds check in the setTo function within ResourceTypes.cpp can lead to a read out of bounds. This issue allows for local information disclosure without requiring...
PT-2026-45575
In multiple functions of ubsan throwing runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-45463
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...
PT-2026-45518
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...
PT-2026-45280
Name of the Vulnerable Software and Affected Versions Apache Directory LDAP API version 2.1.7 Description The LDAP client implementation fails to verify if the server certificate matches the intended LDAP hostname. Although the certificate chain is validated against a trusted authority, the lack ...
PT-2026-45402
A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /manage payment.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used...
PT-2026-45535
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...
PT-2026-44742
Name of the Vulnerable Software and Affected Versions ASUS System Control Interface affected versions not specified Description An incorrect permission assignment for critical resources in the ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary...
PT-2026-44477
Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Ubuntu Linux version 6.17 Ubuntu Linux version 7.0 Description AppArmor SAUCE patches contain an issue where the system incorrectly attempts to free a pointer that was not previously allocated via kmalloc, while...
PT-2026-44283
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the btrfs file system where the last unlink trans field is not updated when removing a directory. This can lead to incorrect fsync behavior if a user performs an fsync...
PT-2026-44360
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An overflow issue exists in the drm/amdgpu/vcn3 component during the message bound check process. Recommendations At the moment, there is no information about a newer version that contai...
PT-2026-44306
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A use-after-free issue exists in the Linux kernel within the DAMON sysfs schemes. The damon sysfs quot goal-path variable ca...
PT-2026-44267
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An error unwind issue exists in the RDMA mana component. Specifically, the mana ib create qp rss function fails to properly...
PT-2026-44344
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the EDAC/versalnet component. The init one mc function allocates memory for a device name using kzalloc, which is then assigned to dev-init name. Because device...
PT-2026-44237
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA rxe driver where the atomic write reply function in drivers/infiniband/sw/rxe/rxe resp.c unconditionally dereferences 8 bytes from the payload addrpkt. The...
PT-2026-44007
Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get resource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...
PT-2026-44139
Description SymfonyComponentMimeHeaderParameterizedHeader and the related parameter handling reachable from SymfonyComponentMimeHeaderHeaders is responsible for serializing structured headers such as Content-Type and Content-Disposition, which carry key=value parameters e.g. Content-Disposition:...
PT-2026-43298
Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...
PT-2026-43259
luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...
PT-2026-43428
Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.2 Description Improper access controls exist within the AiragModelController component. A remote attacker can exploit this by manipulating the list/queryById argument, leading to unauthorized access...
PT-2026-43033
Name of the Vulnerable Software and Affected Versions apache-airflow-providers-fab versions prior to 3.6.4 Description Apache Airflow FAB Auth Manager is subject to an LDAP filter injection, which occurs when user-supplied input is improperly sanitized before being used in an LDAP filter. This...
PT-2026-42949
Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists in the formWlSiteSurvey function within the '/goform/formWlSiteSurvey' endpoint when manipulating th...
PT-2026-42688
Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description In pkg/builder/builder.go, the software passes the Environment.spec.builder.command variable directly into the exec.Command function after a strings.Fields split without validating the executable pa...
PT-2026-41977
Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description A stored cross-site scripting XSS issue exists due to improper sanitization of elements. The application permits the use of javascript: URIs within the src attribute, which execute when a malicious...
PT-2026-41840
Name of the Vulnerable Software and Affected Versions Piotnet Addons for Elementor Pro versions prior to 7.1.71 Description Missing file type validation in the pafe ajax form builder function allows unauthenticated attackers to upload arbitrary files to the server. The plugin employs an incomplet...
PT-2026-41774
Name of the Vulnerable Software and Affected Versions TinyIce versions 0.8.95 through 2.4.1 Description TinyIce is a streaming server for audio and video. A missing authentication check on the WebRTC ingest endpoint 'POST /webrtc/source-offer?mount=' allows unauthenticated users to inject streams...
PT-2026-41767
Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of the docker cp command. When copying files into a container, the daemon creates a temporary filesystem view by bind-mounting volumes. A process...
PT-2026-41689
Name of the Vulnerable Software and Affected Versions Neotoma versions 0.6.0 through 0.11.0 Description Neotoma can treat public reverse-proxied requests as local when the application receives them over a loopback socket and no Bearer token is present. This occurs in deployments behind a reverse...
PT-2026-41186
Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description The task create tool spawns durable sub-agents that inherit insecure default settings. Specifically, the allow shell variable defaults to true and the auto approve variable defaults to true. When ...
PT-2026-41145
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions prior to 2.39.0 Description The backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function ExtractTarGz in api/archive/targz.go constructs...
PT-2026-41185
Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description Server-Side Request Forgery SSRF occurs when the application fails to properly validate IPv6 addresses provided directly in a URL, such as http://::1. While the system validates hostnames that...
PT-2026-41176
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.31 Description A Cross-Site Scripting issue exists in the SVG renderer implementation. This allows the permanent storage of HTML or JavaScript code within the application, which is then executed in the context ...
PT-2026-40001
The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
PT-2026-40439
Name of the Vulnerable Software and Affected Versions DNS Cluster affected versions not specified Description SSL verification is disabled in the DNS Cluster system. This allows a malicious server to perform a man-in-the-middle attack, which is a technique where an attacker intercepts communicati...
PT-2026-39986
Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...
PT-2026-40101
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability i...
PT-2026-39574
Zephyr sockets created with IPPROTO TLS 1 3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtls ssl conf min tls version. The ClientHello advertises both versions and the...