PT-2026-39964

The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the SkysaApps Admin AppPage function. This makes it possible for unauthenticated attackers to trick a site...

PT-2026-40091

Buffer overflow for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

PT-2026-40389

Name of the Vulnerable Software and Affected Versions Archon OS affected versions not specified Description A flaw in the local API handling allows unauthenticated attackers to perform a web-to-client attack. By inducing a user to visit a malicious website, an attacker can bypass Cross-Origin...

PT-2026-40446

Name of the Vulnerable Software and Affected Versions efw4.X versions prior to 4.08.010 Description The readonly flag in the '' JSP tag is intended to prevent file modifications. When protected=true, the elfinder checkRisk function ensures the client sends readonly=true to match the session value...

PT-2026-40285

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

PT-2026-40340

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. NOTE: This vulnerability only...

PT-2026-40198

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

PT-2026-40438

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account. Recommendations At the moment, the...

PT-2026-40355

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0 Description An uncontrolled recursion issue exists in the Electron Archive ASAR parser. When opening a specially crafted .asar file containing deeply nested JSON in the header, the...

PT-2026-40368

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

PT-2026-39972

The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form and the lack of any nonce verification via check admin referer or wp verify nonce in the...

PT-2026-39720

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 JetBrains TeamCity versions prior to 2025.11.5 Description Authenticated users can cause the server API to be exposed to unauthorized access. Recommendations Update to version 2026.1 or later. Update...

PT-2026-39773

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 Description Processing maliciously crafted web content may lead to an unexpected process...

PT-2026-39735

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profile funcionario.php?id funcionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving...

PT-2026-39680

OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are configured without explicit owner allowFrom settings. Attackers can exploit this by sending commands...

PT-2026-39642

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

PT-2026-39811

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data...

PT-2026-39837

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This...

PT-2026-39561

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

PT-2026-39489

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts v...

PT-2026-39456

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. T...

PT-2026-39524

Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the s emotion parameter. Attackers can submit POST requests to admin.php with JavaScript code i...

PT-2026-39476

WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post title parameter. Attackers with editor privileges can inject JavaScript payloads through the...

PT-2026-39423

Name of the Vulnerable Software and Affected Versions codelibs Fess versions prior to 15.5.2 Description Remote code injection is possible via the JSP File Handler component. The update function within the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java fails to properly handle...

PT-2026-39418

Name of the Vulnerable Software and Affected Versions Next.js versions 14.2.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using React Server Components RSC are susceptible to cache poisoning when shared caches fail to correctly partition response variants. An...

PT-2026-38717

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

PT-2026-38697

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

PT-2026-39264

Name of the Vulnerable Software and Affected Versions MCP Registry versions prior to 1.7.7 Description The MCP Registry contains a Server-Side Request Forgery SSRF issue in its HTTP-based namespace verification process. The system uses a function called safeDialContext to prevent connections to...

PT-2026-39268

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Open WebUI fails to validate that passwords are non-empty before performing LDAP Simple Bind authentication. On LDAP servers that permit unauthenticated empty-password binds, an attacker can...

PT-2026-38671

Name of the Vulnerable Software and Affected Versions RayVentory Scan Engine versions prior to 12.6 Update 9 Description An issue exists where attackers can gain elevated privileges if they have control over the value of the PATH environment variable. This condition is noted as being dependent on...

PT-2026-39104

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ASoC amd acp-mach-common component, the functions acp card rt5682 init and acp card rt5682s init fail to check the return values of clk get. This lack of error handling can result...

PT-2026-38677

Name of the Vulnerable Software and Affected Versions PredatorSense versions 3.00.3136 through 3.00.3196 Description A misconfigured Windows Named Pipe uses a custom protocol to invoke internal functions. This allows any authenticated local user to execute arbitrary code and delete arbitrary file...

PT-2026-39291

Name of the Vulnerable Software and Affected Versions Elixir WebRTC versions prior to 0.15.1 Elixir WebRTC versions prior to 0.16.1 Description Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. When acting as th...

PT-2026-38849

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

PT-2026-39011

Name of the Vulnerable Software and Affected Versions Langfuse versions 3.68.0 through 3.166.0 Description A role-based access control flaw exists in the LLM connection update flow. An authenticated user with the "member" role in a project can request an update to an existing LLM connection by...

PT-2026-38890

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

PT-2026-39200

Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1 Description Opening a .gpp file causes the language server to parse a companion .vmid file from the same directory. The VMID parser uses XDocument.Loadpath without XmlReaderSettings, which in .NET...

PT-2026-38733

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

PT-2026-38698

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

PT-2026-39270

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Administrative role changes and user deletions do not invalidate the SESSION POOL in-memory dictionary. When a user connects via Socket.IO, their role is snapshotted into this pool. Because the...

PT-2026-38553

Name of the Vulnerable Software and Affected Versions Postorius versions prior to 1.3.14 Description The software fails to escape HTML in the message subject when rendering it within the Held messages pop-up. This issue was exploited in the wild in May 2026. Recommendations Update to a version...

PT-2026-38372

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description Netty's DNS codec fails to enforce RFC 1035 domain name constraints during encoding and decoding, creating a bidirectional attack surface. In the encoder, t...

PT-2026-38387

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.32.0 Description Anonymous callers can access the '/forms/chromium/convert/url' and '/forms/chromium/screenshot/url' endpoints using the url parameter with the file:///tmp/ scheme. While a deny-list exists to...

PT-2026-38555

Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.13.0RC1 Description An issue exists in the HDF-EOS Grid File Handler component within the memmove function of the frmts/hdf4/hdf-eos/SWapi.c file. This flaw allows for an out-of-bounds read, which occurs when the...

PT-2026-38566

Name of the Vulnerable Software and Affected Versions ReverseProxy affected versions not specified Description ReverseProxy can forward queries containing parameters that are not visible to Rewrite functions. When utilizing a Rewrite function or a Director function that parses query parameters,...

PT-2026-37660

Name of the Vulnerable Software and Affected Versions react-server-dom-webpack versions 19.0.0 through 19.0.5 react-server-dom-webpack versions 19.1.0 through 19.1.6 react-server-dom-webpack versions 19.2.0 through 19.2.5 react-server-dom-parcel versions 19.0.0 through 19.0.5...

PT-2026-37927

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

PT-2026-38267

A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...

PT-2026-38306

Name of the Vulnerable Software and Affected Versions Daptin versions prior to 0.11.5 Description An issue exists in the processFuzzySearch function within server/resource/resource findallpaginated.go where the software fails to validate the column parameter against a whitelist. When using the 'G...

PT-2026-37514

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the io uring/zcrx component where closing a queue does not guarantee the immediate termination of all associated page pools. The system incorrectly releases the zcrx...