184379 matches found
PT-2026-45093
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs sbi xact add in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...
PT-2026-45091
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle scp info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been...
PT-2026-44953
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 Description Remote code execution is possible through the Perforce connection settings. Recommendations Update to version 2026.1...
PT-2026-44908
Name of the Vulnerable Software and Affected Versions Froxlor versions 2.3.6 and earlier Description DNS record content is concatenated directly into bind9 zone files in the DnsEntry.php file, which allows for zone file injection. The issue stems from incomplete validation of LOC, RP, SSHFP, and...
PT-2026-44754
The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmodule shortcode function, which...
PT-2026-44228
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the mpt3sas SCSI driver where the HBA firmware reports NVMe MDTS Maximum Data Transfer Size values based ...
PT-2026-44265
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libwx network component where a Virtual Function VF attempts to access the WX CFG PORT ST register. Because this is a Physical Function PF restricted register, the...
PT-2026-44331
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the batman-adv module, TP meter sessions remain linked on bat priv-tp list after a netlink request finishes. When the mesh interface is removed, the batadv mesh free function tears do...
PT-2026-44317
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the f2fs file system between the destruction of extent nodes and the writeback process. The function f2fs destroy extent node fails to set the FI NO EXTENT fla...
PT-2026-44291
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the Multipath TCP mptcp implementation where the use of lock sock fast an atomic context around the sock...
PT-2026-46076
Уязвимость программного обеспечения Blitz Identity Provider связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить межсайтовые сценарные атаки XSS...
PT-2026-44397
Name of the Vulnerable Software and Affected Versions PyJWT versions 2.8.0 through 2.12.1 Description When verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, the software performs Base64URL decoding of the compact-serialization payload segment before enforcin...
PT-2026-44296
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where an exiting task that experiences an oops a kernel panic that does not require a full system reboot can be preempted during the execution of do task dead. This occur...
PT-2026-43951
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the RDMA mana ib component where the mana ib destroy qp rss function destroys RX WQ objects without disabling vPort RX steering in the firmware. This results in stale...
PT-2026-43962
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access issue exists in the check xattrs function of the ext4 file system. The bounds check for the next extended attribute xattr entry uses a comparison that allows the...
PT-2026-44155
TL;DR This vulnerability affects all Kirby sites that allow the use of the link: … KirbyTag, the link: parameter of the image: … KirbyTag, the built-in image block with a link or the HTML importer for blocks, when content is authored by users who may not be fully trusted. The attack requires an...
PT-2026-43292
Name of the Vulnerable Software and Affected Versions com finder affected versions not specified Description Improperly built filter clauses lead to a SQL injection in the search query. SQL injection is a type of vulnerability that allows an attacker to interfere with the queries that an...
PT-2026-43211
Name of the Vulnerable Software and Affected Versions Xibo CMS versions prior to 4.4.2 Description A vulnerability chain involving Stored Cross-Site Scripting XSS and Iframe Sandbox escape exists in the Xibo CMS. Users with DataSet permissions can utilize the Data Connector functionality to craft...
PT-2026-43425
Name of the Vulnerable Software and Affected Versions Vanetza versions 26.02 and earlier Description A denial-of-service issue exists in the cryptographic verification pipeline. When processing incoming V2X messages, the ASN.1 decoder accepts structures as syntactically valid even if semantic...
PT-2026-43070
Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0 through 4.0.0 Description The WebSocket client in src/hackney ws.erl lacks upper bounds on memory consumption across three code paths, allowing for flooding. First, the read handshake response/3 function accumulates...
PT-2026-42819
Name of the Vulnerable Software and Affected Versions Arm ArmNN versions prior to 2026-03-28 Description An integer overflow exists in the TensorShape::GetNumElements function within armnn/Tensor.cpp. This occurs when tensor dimensions are multiplied using 32-bit unsigned arithmetic without...
PT-2026-42460
Name of the Vulnerable Software and Affected Versions Divi Form Builder versions prior to 5.1.3 Description The Divi Form Builder plugin for WordPress allows unauthenticated attackers to create administrator accounts. This occurs because the plugin accepts a user-controlled role parameter from PO...
PT-2026-42454
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the udlfb component of the fbdev subsystem. The dlfb ops mmap function uses remap pfn range to map vmalloc framebuffer pages to userspace without setting...
PT-2026-42073
Name of the Vulnerable Software and Affected Versions Read More & Accordion versions prior to 3.5.8 Description The plugin is subject to privilege escalation because the RadMoreAjax::importData function fails to restrict which database tables can be written to during import and does not properly...
PT-2026-42378
free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/subId crashes the BSF process via concurrent map read/write on Subscriptions in github.com/free5gc/bsf...
PT-2026-42220
Name of the Vulnerable Software and Affected Versions CryptPad versions prior to 2026.2.0 Description The HTML sanitizer in Diffmarked.js contains a flaw where it fails to properly filter attributes on restricted tags. While the sanitizer validates the src attribute for , , and elements, it does...
PT-2026-42127
Name of the Vulnerable Software and Affected Versions Unbound versions 1.16.2 through 1.25.0 Description An issue exists within the ghost domain names family of attacks that allows an adversary who controls a ghost zone and can query the system to extend the ghost domain window by up to one cache...
PT-2026-41862
The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...
PT-2026-41824
Name of the Vulnerable Software and Affected Versions Samsung Open Source Walrus version f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9 Description A NULL pointer dereference occurs when the software processes a crafted WebAssembly module containing deeply nested instructions, which allows an attacker ...
PT-2026-41723
Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A missing authorization issue allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. By using malicious page or...
PT-2026-41516
A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs sbi nf instance set id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfInstanceId can lead to denial of service. The attack may be performed from remote. The exploit has...
PT-2026-41181
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.9 Description When a non-administrative user logs into the application, a web request to the '/api/models?' endpoint is initiated. The response from this request reveals the system prompts of available models...
PT-2026-41173
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description A Server-Side Request Forgery SSRF issue exists in the process picture url function within backend/open webui/utils/oauth.py. The function fetches URLs from OAuth picture claims without using the...
PT-2026-41130
Name of the Vulnerable Software and Affected Versions Hedera Guardian versions prior to 3.5.2 Description An authentication bypass exists in the 'GET /api/v1/demo/registered-users' endpoint. This allows unauthenticated attackers to retrieve sensitive user information, including usernames, Hedera...
PT-2026-41166
Name of the Vulnerable Software and Affected Versions CodeWhale versions 0.3.0 through 0.8.22 Description The run tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, allowing it to run without user approval. Because cargo test compiles and executes arbitrary...
PT-2026-41123
Name of the Vulnerable Software and Affected Versions python-utcp versions prior to 1.1.3 Description The substitute utcp args method in cli communication protocol.py inserts user-controlled tool args values directly into shell command strings without sanitization or escaping. These commands are...
PT-2026-40787
Three CVEs CVE-2026-29774, CVE-2026-30015, CVE-2026-30221 exploited the fact that the protocol did not, in version 1.2, canonicalize tool names. Multiple servers in the same session could expose tools named, respectively: readfile the legitimate filesystem server…...
PT-2026-40639
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description An authenticated iControl SOAP user can obtain information regarding other accounts through a privilege assignment issue...
PT-2026-40835
Name of the Vulnerable Software and Affected Versions Strapi versions prior to 5.33.3 Description Changing or resetting a user's password does not invalidate existing refresh-token sessions by default. In the users-permissions and admin authentication controllers, the invalidation process depends...
PT-2026-39929
SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...
PT-2026-39921
Name of the Vulnerable Software and Affected Versions SAP S/4HANA SAP Enterprise Search for ABAP affected versions not specified Description An authenticated attacker can inject malicious SQL statements through user-controlled input. The application directly concatenates this input into SQL queri...
PT-2026-40078
Improper input validation for some Intel Endpoint Management Assistant EMA software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation...
PT-2026-40431
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...
PT-2026-39884
Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where the $g show user realname variable is set to ON, leading to Cross-site scripting XSS...
PT-2026-39891
Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description A missing authorization check in the file visibility function allows any authenticated user with REPORTER level access or higher to download attachments from private bugnotes they are not...
PT-2026-39568
A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smf nsmf handle create sm context of the component SMF. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The project...
PT-2026-39634
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its make parquet list.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load withou...
PT-2026-39716
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...
PT-2026-39546
A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase save. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available...
PT-2026-39501
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...