184334 matches found
PT-2025-26840 · Onetrust · Onetrust Sdk
Name of the Vulnerable Software and Affected Versions: OneTrust SDK version 6.33.0 Description: The issue allows a local attacker to cause a denial of service via the Object.setPrototypeOf, proto , and Object.assign components. Recommendations: For OneTrust SDK version 6.33.0, consider disabling...
PT-2025-26023 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A bug in the Linux kernel has been identified, specifically in the s3fb driver, where the screen size value calculated from user input in the s3fb set par function can be larger than...
PT-2025-12828
Name of the Vulnerable Software and Affected Versions NASA cFS Core Flight System Aquila affected versions not specified Description The issue concerns a segmentation fault that can occur in the Memory Management Module of NASA cFS Core Flight System Aquila when a malicious telecommand is sent...
PT-2025-11458
Name of the Vulnerable Software and Affected Versions WebAssembly wabt version 1.0.36 Description A critical issue affects the function wabt::interp::anonymous namespace::BinaryReaderInterp::OnExport of the component Malformed File Handler, leading to a heap-based buffer overflow. The attack may ...
PT-2025-35718
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's netfilter module related to handling duplicate devices during netfilter table updates. Specifically, a chain or flowtable update may proceed with...
PT-2025-25841
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the rseq feature. The issue occurs when the rseq cs field is non-zero during registration, which can cause a segfault on...
PT-2025-3986 · Apache · Apache Httpd
Name of the Vulnerable Software and Affected Versions: Apache HTTPD affected versions not specified Description: The issue concerns a rejected reason related to the Apache HTTPD DNS. No further details are provided about the nature of the issue or its potential impact. There is no information...
PT-2025-1261 · Tenda · Tenda Ac15
Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.13.07.13 Description: A critical issue has been found in the function formSetDevNetName of the file /goform/SetDevNetName, which affects the Tenda AC15 router. The manipulation of the argument mac leads to a stack-based...
PT-2025-1977 · Go +2 · Github.Com/Ollama/Ollama +2
Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: A security issue has been discovered in a famous LLM product. The estimated number of potentially affected devices worldwide is not...
PT-2024-28848 · Doccano · Doccano
Name of the Vulnerable Software and Affected Versions: Doccano Open source annotation tools for machine learning practitioners version 1.8.4 Doccano Auto Labeling Pipeline module to annotate a document automatically version 0.1.23 Description: The issue allows a remote attacker to escalate...
PT-2024-28540 · Dell · Dell Powerscale Insightiq
Name of the Vulnerable Software and Affected Versions: Dell PowerScale InsightIQ version 5.0 Description: The issue is related to the use of hard-coded credentials in Dell PowerScale InsightIQ. A high-privileged attacker with local access could potentially exploit this, leading to information...
PT-2024-41391 · Suse +7 · Kernel-Azure +12
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name bsc1227716. - CVE-2024-42096: x86: stop playing stack games in profile pc bsc1228633. -...
PT-2024-27721 · Unknown · Phpgurukul Student Record System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Student Record System version 3.20 Description: A critical issue was found in the PHPGurukul Student Record System, affecting some unknown functionality of the file /edit-subject.php. The manipulation of the arguments sub1, sub2,...
PT-2024-22995 · Google · Android
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to a possible out of bounds read in the tmu get pi function of tmu.c due to improper input validation. This could lead to local information disclosure with no addition...
PT-2024-18358 · Dassault Systèmes · Dassault Systèmes Edrawings
Name of the Vulnerable Software and Affected Versions: Dassault Systèmes eDrawings affected versions not specified Description: The issue allows remote code execution via various file parsing vulnerabilities, including heap-based buffer overflow, memory corruption, out-of-bounds read, out-of-boun...
PT-2023-14370 · Ibm · Ibm Storage Scale Container Native Storage Access
Name of the Vulnerable Software and Affected Versions: IBM Storage Scale Container Native Storage Access versions 5.1.2.1 through 5.1.6.1 Description: The issue allows a local user to obtain escalated privileges on a host without proper security context settings configured. Recommendations: For...
PT-2023-2775 · Cisco · Cisco Dna Center
Name of the Vulnerable Software and Affected Versions: Cisco DNA Center Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the API of Cisco DNA Center Software. These vulnerabilities could allow an authenticated, remote attacker to read...
PT-2023-23176 · Mage Ai · Mage Ai
Name of the Vulnerable Software and Affected Versions: mage-ai versions 0.8.34 through 0.8.71 Description: The issue affects mage-ai, an open-source data pipeline tool, when used with user authentication enabled. It allows the terminal to be accessed by users who are not signed in or do not have...
PT-2023-18367 · Unknown · Campcodes Retro Basketball Shoes Online Store
Name of the Vulnerable Software and Affected Versions: Campcodes Retro Basketball Shoes Online Store version 1.0 Description: A critical vulnerability was found in the software, affecting the file contactus1.php. The manipulation of the email argument leads to SQL injection. The attack can be...
PT-2023-20852 · Llvm +1 · Llvm +1
Name of the Vulnerable Software and Affected Versions: LLVM version a0dab4950 Description: The issue is related to a segmentation fault in the mlir::outlineSingleBlockRegion function. It is noted that third parties dispute this as a vulnerability because the LLVM security policy excludes issues...
PT-2025-37662
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak can occur in the Linux kernel due to a failure during the attachment of fentry probes. When the attachment fails, the allocated bpf trampoline image remains in the system, ...
PT-2022-14002
Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 22.3.11164.0 M-Files Server versions prior to 22.3.11237.1 Description The issue is related to incorrect privilege assignment, allowing a user to read unmanaged objects. Recommendations For versions prior to...
PT-2022-22958 · Dotcms · Dotcms
Name of the Vulnerable Software and Affected Versions: dotCMS versions prior to 22.06 dotCMS version 5.3.8.12 dotCMS version 21.06.9 dotCMS version 22.03.2 Description: The issue allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a U...
PT-2022-16430 · WordPress · Popup Builder
Name of the Vulnerable Software and Affected Versions: WP Popup Builder versions prior to 1.2.9 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page...
PT-2022-6448 · Fortinet · Fortinac
Name of the Vulnerable Software and Affected Versions: Fortinet FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.8, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to an improper neutralization of input...
PT-2022-23551 · Unknown · Simple Task Scheduling System
Name of the Vulnerable Software and Affected Versions: Simple Task Scheduling System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Master.php?f=delete student" endpoint. Recommendations: Fo...
PT-2022-16697 · WordPress · The Visualizer: Tables/Charts Manager For Wordpress
Name of the Vulnerable Software and Affected Versions: The Visualizer: Tables and Charts Manager for WordPress versions up to, and including 3.7.9 Description: The issue concerns deserialization of untrusted input via the remote data parameter. This allows authenticated attackers with contributor...
PT-2021-7676 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.161 Description: A vulnerability in the io uring subsystem can leak kernel memory information to the user process. The timens install function calls current is single threaded to determine if the current...
PT-2021-7753 · Linux +8 · Linux Kernel +8
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability was found in the fs/inode.c:inode init owner function logic of the Linux kernel. This issue allows local users to create files for the XFS file-system with unintended...
PT-2020-6661 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to the use of memory after it has been freed in the llcp sock bind function of the NFC protocol in the Linux kernel. This could allow a local attacker to access...
PT-2023-2689 · Linux +7 · Linux Kernel +7
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 Description: The issue is related to the copy from user function in the Linux kernel, which does not implement the uaccess begin nospec feature. This allows a...
PT-2017-13: Elevation of Privilege in Microsoft Windows
The specialists of the Positive Research center have detected an Elevation of Privilege vulnerability in Microsoft Windows. An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully...
PT-2019-4107 · Linux +7 · Linux Kernel +7
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.34 through 5.2.x Description: A buffer overflow flaw was found in the Linux kernel's vhost functionality, which translates virtqueue buffers to IOVs and logs buffer descriptors during migration. This flaw can be...
PT-2026-53464
Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledge bases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit th...
PT-2026-52759
Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...
PT-2026-52187
OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max ttl, count, or time out request parameters due to insufficient input validation when constructing shell...
PT-2026-51901
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential NULL pointer dereference exists in the error path of the ice set ringparam function. The issue occurs because ice set ringparam nullifies the tstamp ring of temporary tx ring...
PT-2026-51458
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Organization team member management can be performed via GET requests without Cross-Site Request Forgery CSRF protection. CSRF is a security flaw where an attacker tricks a logged-in user into executin...
PT-2026-51372
WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG PATH directory by sending requests with percent-encoded backslashes %5C that bypass the path.Clean sanitization in handler/router.go...
PT-2026-51407
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A weak parsing issue exists in the x-limited-key-id header. Remote attackers can bypass subkey enforcement by submitting duplicate headers, zero, or malformed values that result in falsy values or N...
PT-2026-51462
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description Authenticated users with automation permissions can bypass the Server-Side Request Forgery SSRF blacklist through DNS rebinding. This occurs because the outbound fetch flow resolves the DNS twice:...
PT-2026-51196
Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description A security flaw exists in the PROXY ADMIN database API Key Generator component within the authenticate user function of the litellm/proxy/auth/login utils.py file. A remote attacker can...
PT-2026-51258
Name of the Vulnerable Software and Affected Versions kortix-ai suna versions prior to 0.8.39 Description A weakness in the Auth Endpoint component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted websites. The issue exists within...
PT-2026-51229
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 and later Description A stored cross-site scripting issue exists in the User Permissions page. The software fails to properly perform HTML escaping when rendering user group names. This allows attackers with...
PT-2026-51132
Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains insufficient authorization checks that allow unauthenticated attackers to delete and modify files on the server. This issue occurs within t...
PT-2026-50838
Name of the Vulnerable Software and Affected Versions Blocksy Companion versions prior to 2.1.46 Description The Blocksy Companion plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings caused by insufficient input sanitization and output escaping. This allows...
PT-2026-50837
Name of the Vulnerable Software and Affected Versions BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor versions prior to 4.5.4 Description Stored Cross-Site Scripting occurs via the blockId attribute of the 'betterdocs/category-slate-layout' Gutenberg block. The issue...
PT-2026-51063
Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.3 Description When parsing a JSON object with a key of 254 bytes or longer, the Oj.load function in :object mode reads uninitialized stack memory. For keys 256 bytes or longer, the process also performs an out-of-boun...
PT-2026-51037
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A cross-tenant authorization bypass exists in PostgREST endpoints. This issue allows API keys with organization-level read permissions to access webhook secrets and delivery logs belonging to other...
PT-2026-50628
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...