175420 matches found
PT-2026-45368
Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbash command="echo value: dag run.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...
PT-2026-45430
FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2 SETUP REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 364...
PT-2026-45620
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...
PT-2026-45466
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8...
PT-2026-45424
A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to th...
PT-2026-45471
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by...
PT-2026-45577
Name of the Vulnerable Software and Affected Versions Android Framework affected versions not specified Description An incorrect bounds check in the setTo function within ResourceTypes.cpp can lead to a read out of bounds. This issue allows for local information disclosure without requiring...
PT-2026-45501
Name of the Vulnerable Software and Affected Versions horizon921 mcpilot version 0.1.0 Description A server-side request forgery SSRF exists in the MCP API Call Endpoint within the file client/src/app/api/mcp/call/route.ts. This issue allows a remote attacker to manipulate the serverBaseUrl...
PT-2026-45279
A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock manager.php. This manipulation of the argument txt search category causes sql injection. The attack may be initiated remotely. The exploit has...
PT-2026-45605
A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched...
PT-2026-45261
An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...
PT-2026-45493
Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 0.20.0 through 2.0.11 Description Authenticated agents can forge service-monitor results for services belonging to other users. The system accepts TaskResult messages from an authenticated agent based solely on whethe...
PT-2026-45218
A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...
PT-2026-45175
🔒 CyberSecurity CVE-2024-36791: Flowise RCE Exploitation — Detection and Hardening Guide "Flowise servers face critical RCE via malicious chatflow imports. Immediate patching required to…" 🔗 https://t.co/VV0BIHRBy9 CyberSecurity ThreatIntel cve zeroday patchtuesday...
PT-2026-45190
A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...
PT-2026-45095
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A Use-After-Free UAF issue exists in the eventpoll component. The ep remove function via ep remove file clears file-f ep under file-f lock but continues to use the file variable within t...
PT-2026-45019
Summary Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relativ...
PT-2026-44986
Name of the Vulnerable Software and Affected Versions NanoMQ versions prior to 0.24.9 Description NanoMQ is an Edge Messaging Platform. A null pointer dereference can occur in the quic stream recv function when a substream is in a reopen state. The system completes the Asynchronous I/O AIO...
PT-2026-44822
A stored Cross-Site Scripting XSS vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views such as campaigns, emails, or forms, user-supplied project names are rendered without proper sanitization. An authenticated user...
PT-2026-44989
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description The planar bitmap decoder contains an out-of-bounds heap write when decoding RLE planar data. In the libfreerdp/codec/planar.c file, the freerdp bitmap decompress planar function validates the X...
PT-2026-44843
Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.50 FreePBX versions prior to 17.0.11 Description The CDR Reports module page allows SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. This issue occurs throug...
PT-2026-45036
Summary An authenticated Admidio member with upload rights on any one folder can permanently delete files from folders where they have only view access. The authorization check at the top of modules/documents-files.php evaluates upload rights against the attacker-supplied folder uuid URL paramete...
PT-2026-44800
Name of the Vulnerable Software and Affected Versions Acer Wave 7 router affected versions not specified Description The upload.cgi binary, which processes device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, which can...
PT-2026-44747
Name of the Vulnerable Software and Affected Versions Breeze versions prior to 2.5.3 Description Improper verification of the wordpress logged in cookie in the inc/cache/execute-cache.php file occurs when the "Cache Logged-in Users" setting is enabled. The plugin uses the substr function to parse...
PT-2026-44998
Name of the Vulnerable Software and Affected Versions ExtremeCloud IQ affected versions not specified Description A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path can intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued AP...
PT-2026-44922
Name of the Vulnerable Software and Affected Versions agno version 2.6.5 Description A SQL injection issue exists in the ClickHouse vector database backend. Attackers can inject arbitrary SQL expressions by providing malicious metadata keys and values to the delete by metadata function. This is...
PT-2026-44797
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client id and client secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to...
PT-2026-44247
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The issue exists in the isofs module where isofs fh to dentry and isofs fh to parent pass an attacker-controlled block numbe...
PT-2026-44707
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...
PT-2026-44256
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An out-of-bounds read exists in the RDMA Soft RoCE rxe driver. A single unauthenticated UDP packet containing an unknown opcode can trigger a kernel panic. The issue occurs because the driv...
PT-2026-44318
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SMB client where the server-supplied dacloffset is added to pntsd before verifying if a DACL header fits within the returned security descriptor. On 32-bit builds,...
PT-2026-44347
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer object bo leak occurs in the xe dma buf init obj function. When drm gpuvm resv object alloc fails, the pre-allocated storage bo is not freed. Because xe gem prime import cannot...
PT-2026-44326
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A flaw exists in the cadence-quadspi SPI driver where an unclocked register access can occur during driver unbind. This...
PT-2026-44343
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The sdma v4 0 ring emit fence function contains two BUG ON assertions used to verify that fence writeback addresses are dword-aligned. Unprivileged users can trigger these assertions by...
PT-2026-44507
Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0 Description An issue in the Core component allows a low privileged attacker with network access via HTTPS to compromise the system. Exploitation is difficult and requires human interacti...
PT-2026-44493
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper neutralization of input during web page generation allows for stored HTML injection. A user with write access to an Elasticsearch index can persist crafted markup that is not...
PT-2026-44261
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read and infinite loop exist in the hci le create big complete evt function. The function iterates over BT BOUND connections for a BIG handle using a while loop that...
PT-2026-44311
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A NULL pointer dereference occurs in the octeon ep vf driver. The function napi build skb can return NULL if an allocation failure occurs. In octep vf oq process rx, the result of this...
PT-2026-44379
A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...
PT-2026-44389
Name of the Vulnerable Software and Affected Versions TinyMCE versions 6.8.0 through 7.0.x Description An XSS Cross-Site Scripting issue exists due to improper SVG namespace scope handling within the sanitizer. An attacker can use a crafted payload with nested elements to bypass attribute...
PT-2026-44469
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TEST PRIVATE KEY and uses it in production via parse license to "verify" license tokens. Because the key is embedded in every...
PT-2026-44184
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists where Keycloak may incorrectly process unsigned claims when a JSON Web Encryption JWE encrypted request object is submitted, provided the decrypted content is raw JSON. This...
PT-2026-44185
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A remote, unauthenticated attacker can cause information disclosure by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy...
PT-2026-44229
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the eventfs component where the system fails to properly hold the eventfs mutex and SRCU Sleepable Read-Copy Update during remount operations that walk events...
PT-2026-44289
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-use-after-free error exists in the mac80211 wireless subsystem. The issue occurs during radar detect work when the ieee80211 dfs cac cancel function is called, which can cause the...
PT-2026-44477
Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Ubuntu Linux version 6.17 Ubuntu Linux version 7.0 Description AppArmor SAUCE patches contain an issue where the system incorrectly attempts to free a pointer that was not previously allocated via kmalloc, while...
PT-2026-44406
Name of the Vulnerable Software and Affected Versions InHand Networks IR302 versions prior to V3.5.108 InHand Networks IR305 versions prior to V1.0.118 InHand Networks IR315 versions prior to V1.0.118 InHand Networks IR615 versions prior to V1.0.118 Description A command injection issue exists in...
PT-2026-44340
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the DRM AMD GPU VCN4 module. This issue occurs during the message bound check, where an incorrect condition allows for an overflow to happen. Recommendation...
PT-2026-44235
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A memory corruption issue exists in the RDMA hns component. The function hns roce qp remove is called without the required locks during the error unwind process within the hns roce create q...
PT-2026-44296
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where an exiting task that experiences an oops a kernel panic that does not require a full system reboot can be preempted during the execution of do task dead. This occur...