184379 matches found
PT-2026-48268
Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description Improper Input Validation allows for arbitrary code execution in the context of the current user. This issue can be exploited without requiring any user...
PT-2026-48097
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
PT-2026-48170
An uncaught exception in the /application/job/update/id endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module task:job:update permission to cause a Denial of Service DoS via manipulating the func field of scheduled tasks...
PT-2026-47726
Name of the Vulnerable Software and Affected Versions Catalyst::Plugin::Authentication versions prior to 0.10 027 Description The software is susceptible to session fixation attacks because it does not automatically change the session id after authentication. This allows an attacker who obtains a...
PT-2026-47761
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf tables component where the functions nft netdev unregister hooks and nft unregister flowtable net hooks fail to use list del rcu. This is problematic...
PT-2026-47554
Summary Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Details In io.netty.resolver.dns.DnsResolveContextbuildAliasMap, the resolver processes the ANSWER section of a DNS response and blindly caches all CNAME records it finds. According to...
PT-2026-47231
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...
PT-2026-47579
Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "r " to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...
PT-2026-47174
A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument media dir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...
PT-2026-47194
Name of the Vulnerable Software and Affected Versions Cordova Plugin InAppBrowser versions 3.1.0 through 6.0.0 Description The iOS implementation of the InAppBrowser plugin fails to validate the id field from a WKScriptMessage body before passing it to the commandDelegate...
PT-2026-47191
Name of the Vulnerable Software and Affected Versions USCiLab Cereal versions prior to 1.3.3 Description A type confusion issue exists within the Shared Pointer Handler component. A remote attacker can execute a manipulation to trigger this condition, which occurs when a program accesses a resour...
PT-2026-47044
Name of the Vulnerable Software and Affected Versions Altium Enterprise Server affected versions not specified Description Two path traversal issues in the Network Installation Service NIS allow an unauthenticated network attacker to read package archive files and write arbitrary files to any...
PT-2026-47020
Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The 'POST /ssh/tunnel/connect' endpoint allows persistent OS command injection on the...
PT-2026-46917
Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function...
PT-2026-46180
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template. save pil image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A...
PT-2026-46890
Summary This is a vertical authorization bypass in the Admin API affecting order state transition features /api/ action/order/orderId/state/transition and similar transaction/delivery transition routes. The root cause is that the transition action routes do not declare required server-side ACL...
PT-2026-46859
Summary The jwt and jwk middlewares do not verify that the Authorization header value uses theBearer scheme. Any two-part header value — regardless of the scheme name in the first position — proceeds to JWT verification. A request presenting a valid JWT under a non-Bearer scheme identifier such a...
PT-2026-46242
An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...
PT-2026-46229
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...
PT-2026-46602
Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.53 Description A use after free issue in WebRTC allows a remote attacker to execute arbitrary code through a specially crafted HTML page. Use after free is a memory corruption flaw that occur...
PT-2026-46400
Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Controller affected versions not specified Cisco Catalyst SD-WAN Manager affected versions not specified Cisco Catalyst SD-WAN Validator affected versions not specified Description A vulnerability in the CLI and web...
PT-2026-46822
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in WebView allows a remote attacker to perform privilege escalation through the use of a crafted HTML page. Recommendations Update to version...
PT-2026-46165
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The account validation endpoint '/v1/User/validate' exposes comprehensive user profile data sheets. This information can be accessed without authentication and...
PT-2026-46864
Summary A non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/ action/sync. The regular integration endpoint POST /api/integration correctly blocks this, but the Sync API bypasses th...
PT-2026-46215
WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...
PT-2026-45998
Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...
PT-2026-45816
Name of the Vulnerable Software and Affected Versions PlayStation 4 firmware versions 13.00 through 13.02 Description A privilege escalation issue allows the BD-J Blu-ray Disc Java sandbox to be escaped via a malformed JAR file. Recommendations At the moment, there is no information about a newer...
PT-2026-45887
Name of the Vulnerable Software and Affected Versions Passeum Ticketing versions prior to 1.1 Description The plugin is subject to Stored Cross-Site Scripting. This occurs because the get shop url method returns the shop name setting value without sanitization when it starts with "http", and the...
PT-2026-45681
Name of the Vulnerable Software and Affected Versions Simple Custom Login Page versions prior to 1.0.4 Description The Simple Custom Login Page plugin for WordPress contains a Stored Cross-Site Scripting issue. The problem occurs because color settings fields are registered and stored without a...
PT-2026-48942
A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...
PT-2026-45431
FlexRIC v2.0.0 crashes when receiving a RIC SUBSCRIPTION RESPONSE with an unknown ric id that has no corresponding pending event. The near-RT RIC uses assert to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged RIC SUBSCRIPTIO...
PT-2026-45559
Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate image function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplet...
PT-2026-45439
Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.6 Description Improper neutralization of input during web page generation allows for Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper...
PT-2026-45540
Name of the Vulnerable Software and Affected Versions AI Tensor Engine for ROCm AITER versions prior to 0.1.15 Description An unauthenticated remote code execution issue exists in the MessageQueue.recv function within shm broadcast.py. This occurs because a ZMQ SUB socket lacks authentication,...
PT-2026-45576
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
PT-2026-45355
Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...
PT-2026-45364
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the login redirect route allows authenticated users to craft URLs that bypass the is safe url check. This enables the redirection of users from a trusted Airflow domain to an origin...
PT-2026-45503
A security vulnerability has been detected in Bottelet DaybydayCRM up to 2.2.1. This impacts the function view of the file app/Http/Controllers/DocumentsController.php. Such manipulation leads to improper authorization. The attack may be launched remotely. It is best practice to apply a patch to...
PT-2026-45420
Name of the Vulnerable Software and Affected Versions HP Poly VVX 150 HP Poly VVX 250 HP Poly VVX 350 HP Poly VVX 450 HP Poly Trio 8300 HP Poly Trio 8500 HP Poly Trio 8800 Description An unauthenticated stack-based buffer overflow exists in HP Poly Voice products on the Linux platform during the...
PT-2026-45598
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description In the getApplicationLabel function of KeyChainActivity.java, misleading or insufficient user interface elements may allow a user to be tricked into approving...
PT-2026-45635
Memory corruption in windows drivers while sending incorrect trusted application request...
PT-2026-45521
Name of the Vulnerable Software and Affected Versions Nextcloud Approval app versions prior to 2.7.2 Description A privilege escalation issue exists in the Approval app of the Nextcloud content collaboration platform. This flaw allows a user lacking sharing permissions to force the system to shar...
PT-2026-45553
A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launc...
PT-2026-45256
In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786...
PT-2026-45574
In multiple functions of ubsan throwing runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-47753
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 13031fb6b835 Description A race condition exists in the vGIC-ITS Interrupt Translation Service emulation within KVM on arm64 systems. The issue occurs in the vgic its invalidate cache function, which iterates...
PT-2026-45220
A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched remotely. T...
PT-2026-45212
Name of the Vulnerable Software and Affected Versions Sereal::Decoder versions prior to 5.005 Description An issue exists where crafted input can lead to a heap out-of-bounds read. In the file Perl/Decoder/srl decoder.c, the functions srl read object and srl read hash process a COPY tag, which is...
PT-2026-45093
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs sbi xact add in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...
PT-2026-45091
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle scp info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been...