184379 matches found
PT-2026-39424
Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.13.0RC1 Description A heap-based buffer overflow exists in the SWSDfldsrch function within the frmts/hdf4/hdf-eos/SWapi.c file. This issue can be triggered through local access by executing a manipulation...
PT-2026-39407
Name of the Vulnerable Software and Affected Versions osTicket versions prior to 1.18.4 Description A cross-site request forgery issue exists in the Dispatcher component within the include/class.dispatcher.php file. The flaw allows remote exploitation through the manipulation of the method...
PT-2026-38681
Name of the Vulnerable Software and Affected Versions uriparser versions prior to 1.0.2 Description The software contains pointer difference truncation to int in various locations. Recommendations Update to version 1.0.2 or later...
PT-2026-39208
Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.11 Description The isInternalAddress function in packages/service/common/system/utils.ts fails to properly block cloud metadata endpoints. The function uses a fullUrl.startsWith check against a hardcoded list tha...
PT-2026-39236
Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.7 Wagtail versions prior to 7.3.2 Description The Documents and Images API incorrectly lists items in private collections, allowing a user with API access to view the filename and name of documents and images stor...
PT-2026-38393
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description The CallSite wrapper class, designed as a safe wrapper for V8's native CallSite, fails to sanitize the output of the getFileName function. While the class blocks getThis and getFunction to prevent host...
PT-2026-38297
Name of the Vulnerable Software and Affected Versions Scramble versions 0.13.2 through 0.13.21 Description When documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation. This can le...
PT-2026-38638
Name of the Vulnerable Software and Affected Versions Next.js versions 13.4.13 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Self-hosted applications using the built-in Node.js server are subject to server-side request forgery SSRF, a condition where an attacker forces a serv...
PT-2026-37348
Name of the Vulnerable Software and Affected Versions Oracle OCI CLI version 3.77 Description An issue in the Oracle OCI CLI product of Oracle Open Source Projects allows an unauthenticated attacker with network access to compromise the system. This flaw enables users to perform a path traversal,...
PT-2026-37259
Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.5.0 Description An unauthenticated remote BGP peer can cause a fatal panic and complete loss of service availability by sending a specially crafted BGP UPDATE message. When the server receives a message with...
PT-2026-38897
Summary Multiple denial-of-service vectors in gix-pack: unchecked array indexing causes panics on crafted delta data, and uncapped attacker-controlled size headers enable OOM process kills. Both are triggered by malicious pack data received during clone/fetch. Details Bug 1: Unchecked array...
PT-2026-35874
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the Xen privcmd driver. The privcmd vm ops defines a .close function privcmd close but lacks .may split and .open callbacks. When a partial munmap is...
PT-2026-34122
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application...
PT-2026-34184
Name of the Vulnerable Software and Affected Versions Zero Motorcycles firmware versions 44 and prior Description An issue in the Bluetooth pairing process allows an attacker in close proximity to forcibly pair a device with the motorcycle while it is in pairing mode. Once paired, the attacker ca...
PT-2026-34039
Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.215 Description The reply and draft flows trust encrypted attachment IDs supplied by the client. Any IDs included in the attachments all variable but omitted from retained lists are decrypted and passed to the...
PT-2026-46939
Name of the Vulnerable Software and Affected Versions X.Org X server affected versions not specified Xwayland affected versions not specified Description A stack-based buffer overflow exists in the X.Org X server and Xwayland. The function XkbSetMapChecks declares a fixed-size stack buffer...
PT-2026-33533
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint /api/public/user/login returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An...
PT-2026-41279
Name of the Vulnerable Software and Affected Versions DAEMON Tools Lite versions 12.5.0.2421 through 12.5.0.2434 Description A supply chain attack compromised official installation packages distributed via the legitimate website daemon-tools.cc between April 8, 2026, and May 5, 2026. Attackers...
PT-2026-30482
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute...
PT-2026-35859
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description A use after free issue in ANGLE allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Use after free...
PT-2026-24077
Name of the Vulnerable Software and Affected Versions MobaXterm versions prior to 26.1 Description The software contains an uncontrolled search path element issue. The application uses WinExec to launch Notepad++ without specifying the complete path to the executable when opening files from remot...
PT-2026-23180
Name of the Vulnerable Software and Affected Versions AncoraThemes CloudMe versions through 1.2.2 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files within th...
PT-2026-42471
Name of the Vulnerable Software and Affected Versions Trend Micro Apex One affected versions not specified Trend Micro Apex One as a Service affected versions not specified Description An origin validation issue in the Apex One/SEP agent allows a local attacker to escalate privileges. This flaw...
PT-2026-21732
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Thunderbird versions prior to 148 Description A use-after-free issue exists in the DOM: Core & HTML component. This condition occurs when memory is accessed after it has been freed, potentially leading to crashes ...
PT-2026-21247
A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerCacheController.java of the component Cache Sync Handler...
PT-2026-23554
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description The software uses SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations. SHA-1 is a deprecated cryptographic hash function with known collision weaknesses. A...
PT-2026-3696
Name of the Vulnerable Software and Affected Versions Oracle JD Edwards versions 9.2.0.0 through 9.2.26.0 Description A flaw exists within the Web Runtime SEC component of Oracle JD Edwards EnterpriseOne Tools that allows an unauthenticated attacker with network access via HTTP to compromise the...
PT-2026-3747
Name of the Vulnerable Software and Affected Versions Drupal Microsoft Entra ID SSO Login versions prior to 1.0.4 Description The Microsoft Entra ID SSO Login module for Drupal does not properly validate responses received from the Microsoft Entra ID service. This insufficient validation can lead...
PT-2026-2387
Name of the Vulnerable Software and Affected Versions Bitrix24 affected versions not specified Description A logged-in attacker can execute arbitrary system commands through the PHP command line admin interface, leading to remote code execution. The attacker leverages this by sending crafted POST...
PT-2026-1876
Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2 Description The software contains multiple Hibernate Query Language injection flaws. A user with limited privileges can exploit these to obtain passwords of other users and access sensitive data...
PT-2026-2178
Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. Prior to version 4.2, a flaw exists in the theme import functionality that allows an attacker with...
PT-2025-43724
Name of the Vulnerable Software and Affected Versions Fast Velocity Minify versions prior to 3.5.1 Description The Fast Velocity Minify plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticate...
PT-2025-41822
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.5.0 Description WeGIA is a Web Manager for Institutions focused on Portuguese language users. A flaw exists that allows redirection to arbitrary external domains via the nextPage parameter in the ''control.php''...
PT-2025-41638
Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A security issue exists in CodeAstro Gym Management System 1.0. The issue involves the manipulation of the ID argument in the file /admin/actions/delete-member.php, leading to a SQL...
PT-2025-40844
Name of the Vulnerable Software and Affected Versions Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 version 1.0 Description A security issue exists in the Tipray Data Leakage Prevention System. The findRolePage function within the findSingConfigPage.do file is susceptible to SQL...
PT-2025-40690
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 Description The usbnet driver in the Linux kernel has an issue where it trusts the bulk endpoint addresses received during the probe routine without verifying their...
PT-2025-39731
Name of the Vulnerable Software and Affected Versions westboy CicadasCMS version 1.0 Description A cross site scripting issue exists in an unknown functionality of the file /system/cms/category/save. The manipulation of the categoryName argument can lead to the execution of remote scripts. The...
PT-2025-38290
Name of the Vulnerable Software and Affected Versions D-Link DIR-852 version 1.00CN B09 Description A vulnerability exists in the Web Management Interface component of D-Link DIR-852 version 1.00CN B09. Manipulation of unknown code within the /htdocs/cgibin/hedwig.cgi file can lead to command...
PT-2025-38126
Name of the Vulnerable Software and Affected Versions N-Reporter affected versions not specified N-Cloud affected versions not specified N-Probe affected versions not specified Description The N-Reporter, N-Cloud, and N-Probe developed by N-Partner are susceptible to an OS Command Injection issue...
PT-2025-38180
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's i2c designware driver related to the handling of device interrupts. A regression was introduced by commit c7b79a752871, causing system crashes NULL...
PT-2025-37267
Name of the Vulnerable Software and Affected Versions: erjinzhi 10OA version 1.0 Description: A vulnerability exists in erjinzhi 10OA version 1.0. The issue involves cross site scripting caused by manipulation of the Name argument in an unknown function of the /trial/mvc/catalogue file. This...
PT-2025-33487 · Autodesk · Autocad
Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can trigger an uninitialized variable issue. A malicious actor can leverage this to cause a crash, read...
PT-2025-29698 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache Apache HTTP Server affected versions not specified Description: The reported issue concerns an authentication bypass. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information about a new...
PT-2025-29208 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The reported issue has been rejected as not used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-2025-28895 · Ibm · Ibm Openpages With Watson
Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 and 9.0 Description: An authenticated user may be able to obtain sensitive information that should only be accessible to privileged users. Recommendations: Apply appropriate access controls to restrict...
PT-2025-25517 · Unknown · Wukongopensource Wukongcrm
Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 9.0 Description: A vulnerability was found in the processing of the file AdminRoleController.java, leading to cross-site request forgery. The attack may be initiated remotely. Recommendations: For version 9....
PT-2025-24464 · Unknown · Snstheme Nitan
Name of the Vulnerable Software and Affected Versions: snstheme Nitan versions n/a through 2.9 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This...
PT-2025-18559 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue has been identified in the Linux kernel, specifically in the ASoC core. The issue arises when snd soc util init fails, but its return value is ignored, leading t...
PT-2025-18655 · Totolink · Totolink Cpe Cp900
Name of the Vulnerable Software and Affected Versions: TOTOLINK CPE CP900 version 6.3c.1144 B20190715 Description: A command injection issue was found in the setApRebootScheCfg function through the hour or minute parameters. This allows attackers to execute arbitrary commands via a manipulated...
PT-2025-6546 · WordPress · Team Members Showcase Plugin
Name of the Vulnerable Software and Affected Versions: The Team – Team Members Showcase Plugin plugin for WordPress versions up to, and including, 4.4.9 Description: The issue is related to unauthorized access due to a missing capability check on the response function. This allows authenticated...