184253 matches found
PT-2026-49215
WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoin...
PT-2026-42911
Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.23 Description An injection issue exists in the Skills Guard Multi-Word Prompt Handler component within the file agent/skills guard.py. The flaw allows remote exploitation through the...
PT-2026-40430
An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...
PT-2026-39241
Name of the Vulnerable Software and Affected Versions eventsource-encoder versions prior to 1.0.2 Description The software fails to sanitize the event and id fields of an EventSourceMessage before serialization in the encodeMessage function. An attacker who controls these fields can inject...
PT-2024-19351 · Ibm · Ibm Txseries For Multiplatforms
Name of the Vulnerable Software and Affected Versions: IBM TXSeries for Multiplatforms version 8.2 Description: The issue allows web pages to be stored locally, which can then be read by another user on the system. Recommendations: For IBM TXSeries for Multiplatforms version 8.2, consider...
PT-2024-6814 · Google +4 · Google Chrome +4
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 129.0.6668.58 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in the Autofill feature, allowing a remote attacker to perform UI spoofing via a...
PT-2026-51626
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description An authorization bypass exists where three API endpoints are protected by write-level middleware instead of administrator-level middleware. This allows a collaborator with write access to perfor...
PT-2026-50528
Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An out-of-bounds write issue exists in the ssh2 transport read function due to an integer overflow and a failure to enforce upper bounds on the packet length field. A remote attacker operating a...
PT-2026-44608
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in ANGLE. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially...
PT-2026-39329
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This occurs because the...
PT-2026-30458
🚨 LIVE HIJACK ALERT — CVE-2026-55555. CVSS 9.3. langchain agents reading tool output as trusted input. attacker returns malicious prompt in tool result. agent executes it as instruction. investigating. 🧵...
PT-2024-8746 · Siemens · Tecnomatix Plant Simulation +1
Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter Visualization versions prior to V2312.0008 Teamcenter Visualization versions prior to V2406.0005 Tecnomatix Plant Simulatio...
PT-2023-24676 · Srs · Srs
Name of the Vulnerable Software and Affected Versions: SRS versions prior to 5.0.157 SRS versions prior to 5.0-b1 SRS versions prior to 6.0.48 Description: The issue concerns a drive-by command injection in the api-server server. An attacker can send a request to the "/api/v1/snapshots" endpoint...
PT-2026-42142
Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...
PT-2026-41441
bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts...
PT-2026-40780
Name of the Vulnerable Software and Affected Versions @strapi/upload versions prior to 5.33.3 Description In the Upload plugin, Content API endpoints failed to enforce administrator-configured MIME type restrictions defined in plugin.upload.security.allowedTypes and deniedTypes. While these...
PT-2022-20570 · Sourcegraph · Sourcegraph
Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 3.41.0 Description: The issue allows an attacker to delete other users’ saved searches due to a bug in the authorization check. It does not allow the reading of other users’ saved searches, only overwriting them...
PT-2021-19867 · Ory · Ory Oathkeeper
Name of the Vulnerable Software and Affected Versions: ORY Oathkeeper versions prior to v0.38.12-beta.1 Description: The issue arises when a request is made to an endpoint requiring a specific scope, and the access token is granted with that scope, making introspection valid and caching the token...
PT-2026-53359
NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query packets and insert functions...
PT-2026-49921
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content. A high privileged attacker with network access via HTTP can compromise the system, potentially leading to a fu...
PT-2026-48933
Name of the Vulnerable Software and Affected Versions apptainer versions prior to 1.5.1 Description Incorrect path matching occurs within the limit container paths directive. This issue specifically affects SUID installations where paths listed in limit container paths are string prefixes of othe...
PT-2026-37351
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking form page url' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it...
PT-2026-21948
Name of the Vulnerable Software and Affected Versions Cisco UCS Manager Software affected versions not specified Description A flaw exists in the NX-OS CLI privilege levels of Cisco UCS Manager Software that could allow an authenticated, local attacker with read-only privileges to modify files an...
PT-2025-26855 · Microsens · Microsens Nmp Web+
Name of the Vulnerable Software and Affected Versions: MICROSENS NMP Web+ versions prior to 3.3.0 Description: The issue allows an unauthenticated attacker to generate forged JSON Web Tokens JWT to bypass authentication. This could potentially lead to full system control. Organizations worldwide...
PT-2023-3288 · Adobe · Substance3D - Designer
Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Designer versions 12.4.1 and earlier Description: The issue is related to an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th...
PT-2021-22382 · Atlassian · Jira
Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.19.0 Description: The issue allows remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the "/rest/api/1.0/render" endpoint...
PT-2026-48908
The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...
PT-2026-46196
All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...
PT-2026-46054
Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software uses deprecated SHA-1 hashing for IWF CSAM URL matching and CIPA blocklist matching. SHA-1 is a cryptographic hash function that is no longer considered secure against well-funded...
PT-2026-37991
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...
PT-2026-1014
Name of the Vulnerable Software and Affected Versions code-projects Online Guitar Store version 1.0 Description A SQL injection issue exists in code-projects Online Guitar Store version 1.0. The issue is located in an unknown function within the /admin/Create product.php file. Manipulating the dr...
PT-2022-27518 · Acronis +1 · Acronis Cyber Protect Home Office +4
Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Home Office Windows versions prior to build 40173 Acronis Agent Windows versions prior to build 30600 Acronis Cyber Protect 15 Windows versions prior to build 30984 Description: The issue is related to local privilege...
PT-2026-53004
Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description The in http and in forward plugins support gzip-compressed data but only enforce size limits on the compressed payloads via settings like body size limit and chunk size limit. Because no limit is...
PT-2026-40607
Name of the Vulnerable Software and Affected Versions bandit versions 1.4.0 through 1.11.0 Description An unauthenticated remote attacker can cause a denial of service via memory exhaustion. The read data/2 function in Elixir.Bandit.HTTP1.Socket ignores the :length option when processing HTTP/1...
PT-2026-36635
Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 2.5.9 Apache OpenNLP versions prior to 3.0.0-M3 Description The DictionaryEntryPersistor class initializes a static SAXParserFactory without enabling FEATURE SECURE PROCESSING or disabling DTD processing. When...
PT-2026-2109
Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to commit 55d4206c9 Description llama.cpp is an inference engine for several Large Language Models LLMs implemented in C/C++. The software parses the n discard parameter directly from JSON input in its completion...
PT-2024-27461 · Matrix · Synapse
Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.106 Description: Synapse, an open-source Matrix homeserver, allows unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. This...
PT-2021-24346 · Openzeppelin · Openzeppelin Contracts
Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 3.2.0 through 4.4.0 Description: The issue concerns initializer functions that are invoked separate from contract creation, such as minimal proxies, which may be reentered if they make an untrusted non-view...
PT-2026-47172
An autonomous AI security agent just found 21 zero-days in FFmpeg for $1,000. Some were 23 years old. All came with working PoCs. CVE-2026-39210 through 39218 assigned. 12 more fixed, not yet numbered. This is what commodity AI vulnerability research https://t.co/zpeiwGSVQh https://t.co/ad6T1JxzD...
PT-2026-46951
Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description A stored cross-site scripting issue exists where attackers can inject malicious scripts through media file metadata tags, specifically GENRE, ARTIST, and ALBUM. These payloads execute within the we...
PT-2026-45586
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description An out-of-bounds read exists in the validateNode function within ResourceTypes.cpp due to an incorrect bounds check. This flaw allows for local escalation of privilege without requiring...
PT-2026-34090
Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft component: Absence Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft...
PT-2026-22404
Name of the Vulnerable Software and Affected Versions nimiq/core-rs-albatross versions prior to 1.2.2 Description A malicious or compromised validator, if elected as a proposer, could publish a macro block proposal where the header.body root does not match the actual macro body hash. Proposal...
PT-2026-34182
A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to...
PT-2024-25366 · Unknown · Profaceoff Ssu
Name of the Vulnerable Software and Affected Versions: ProFaceOff SSU versions 1.5.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in ProFaceOff SSU. Recommendations: For ProFaceOff SSU versions 1.5.0 and earlier, at the moment, there is no information abo...
PT-2026-50029
🚨 CVE-2026-46925 Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segmen...
PT-2026-48511
Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description An issue exists in the Kubernetes-native serverless framework where a tenant with environments.fission.io create/update RBAC permissions can deploy containers with privileged access,...
PT-2026-42966
A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...
PT-2025-40514
Name of the Vulnerable Software and Affected Versions Zabbix Agent versions 6.0.0 through 6.0.40 Zabbix Agent versions 7.0.0 through 7.0.17 Zabbix Agent versions 7.2.0 through 7.2.11 Zabbix Agent versions 7.4.0 through 7.4.1 Zabbix Agent 2 versions 6.0.0 through 7.4.1 Description The Zabbix Agent...
PT-2024-33043 · Mipjz · Mipjz
Name of the Vulnerable Software and Affected Versions: mipjz version 5.0.5 Description: A Server-side request forgery SSRF vulnerability exists due to the improper handling of the postAddress parameter in the mipPost method of the ApiAdminTool.php file. This allows an attacker to read server file...