184269 matches found
PT-2026-42966
A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...
PT-2025-52605
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...
PT-2025-45031
Name of the Vulnerable Software and Affected Versions Salesforce Mulesoft Anypoint Code Builder versions prior to 1.11.6 Description An issue exists in Salesforce Mulesoft Anypoint Code Builder related to improper neutralization of input used for LLM prompting, which allows manipulation of writab...
PT-2026-53645
A heap-based buffer overflow exists in the qr reader match centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...
PT-2026-51580
Name of the Vulnerable Software and Affected Versions @rtk-ai/rtk-rewrite version 1.0.0 Description The @rtk-ai/rtk-rewrite OpenClaw plugin fails to properly escape input passed to a shell-backed execSync function. While JSON.stringify is used to wrap values in double quotes, it does not neutrali...
PT-2026-50223
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-48692
Name of the Vulnerable Software and Affected Versions @grpc/grpc-js versions prior to 1.9.16 @grpc/grpc-js versions prior to 1.10.12 @grpc/grpc-js versions prior to 1.11.4 @grpc/grpc-js versions prior to 1.12.7 @grpc/grpc-js versions prior to 1.13.5 @grpc/grpc-js versions prior to 1.14.4...
PT-2026-44800
Name of the Vulnerable Software and Affected Versions Acer Wave 7 router affected versions not specified Description The upload.cgi binary, which processes device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, which can...
PT-2026-41842
There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface...
PT-2026-39112
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the netfilter nfnetlink queue component. The nfqnl recv verdict function calls find dequeue entry to remove a queue entry, taking ownership of it. For PF BRIDGE...
PT-2026-22146
Name of the Vulnerable Software and Affected Versions VMware Workstation versions 25H1 and below Description A flaw exists in VMware Workstation that could allow a user with limited access within a guest virtual machine to disrupt the host system. Specifically, an out-of-bounds write issue can le...
PT-2024-35332 · Unknown · Sanil Shakya Sticky Social Icons
Name of the Vulnerable Software and Affected Versions: Sanil Shakya Sticky Social Icons versions 1.2.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. Recommendations: For...
PT-2022-21749 · Qualcomm · Qualcomm Ipc
Name of the Vulnerable Software and Affected Versions: Qualcomm IPC in Snapdragon Mobile affected versions not specified Description: The issue is related to memory corruption in Qualcomm IPC due to a buffer copy without checking the size of the input while starting communication with a compromis...
PT-2026-51259
Name of the Vulnerable Software and Affected Versions Radware Cyber Controller versions prior to 10.11.0 Description An issue exists within the HTML Report Generation component that allows for HTML injection. This flaw can be exploited remotely to inject malicious HTML code into reports...
PT-2026-50852
Summary When DOMPurify.sanitizeroot, IN PLACE: true is called on an attacker-supplied live DOM node, DOMPurify still trusts currentNode.nodeName for non-form nodes in the main sanitizeElements pipeline. A real child node whose observable nodeName is attacker-controlled can therefore be...
PT-2026-48614
Name of the Vulnerable Software and Affected Versions Spring Web Flow version 4.0.0 Spring Web Flow versions 3.0.0 through 3.0.1 Spring Web Flow versions 2.5.0 through 2.5.1 Description The JavaScript RemotingHandler renders the body of an error response as HTML, regardless of whether the respons...
PT-2026-48038
Name of the Vulnerable Software and Affected Versions Azure Stack Edge affected versions not specified Description External control of a file name or path allows an unauthorized attacker to execute arbitrary code over a network. Recommendations At the moment, there is no information about a newer...
PT-2026-45602
In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-40382
Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified Description A session management issue allows previously authenticated users to maintain network access after their accounts have been administratively disabled. Because existing sessions are not invalidat...
PT-2026-39923
Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...
PT-2026-34596
Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.5.0 Description A Stored DOM XSS Cross-Site Scripting issue exists in the backup module. An attacker can manipulate the filename field using an SQL file to inject a hidden XSS payload, potentially leading to full...
PT-2025-33518 · WordPress · Ithemes Serverbuddy
Name of the Vulnerable Software and Affected Versions: iThemes ServerBuddy versions n/a through 1.0.5 Description: A Cross-Site Request Forgery CSRF vulnerability exists in iThemes ServerBuddy by PluginBuddy.Com, allowing Object Injection. Recommendations: At the moment, there is no information...
PT-2025-12805 · Appsmith · Appsmith
Name of the Vulnerable Software and Affected Versions: Appsmith versions prior to 1.51 Description: The issue concerns an information disclosure where users invited as "App Viewer" can access development information of a workspace, specifically getting a list of datasources. This does not expose...
PT-2023-17234 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises when processing an email invite to a private channel on a team. Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite...
PT-2026-53626
Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...
PT-2026-52471
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
PT-2026-51119
Name of the Vulnerable Software and Affected Versions @cyclonedx/cyclonedx-npm versions 2.1.0 through 4.x Description Command injection occurs when the CLI is invoked with the --workspace option while the environment variable npm execpath is unset or empty. In this scenario, user-supplied values...
PT-2026-50850
Name of the Vulnerable Software and Affected Versions Dell Server Hardware Manager versions prior to 3.2.2 Description Improper Access Control allows a low privileged attacker with local access to potentially achieve Elevation of privileges, which is the act of gaining higher-level permissions th...
PT-2026-52216
Name of the Vulnerable Software and Affected Versions Gitea Docker image versions prior to 1.26.3 Description Official Gitea Docker images contain a configuration flaw in the app.ini file where the REVERSE PROXY TRUSTED PROXIES variable is set to a wildcard by default. When reverse-proxy...
PT-2026-48938
Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11.6.2 Mattermost versions prior to 11.5.5 Mattermost versions prior to 10.11.17 Description Authenticated users with delegated user-management permissions can escalate privileges by altering built-in role...
PT-2026-48821
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device...
PT-2026-48532
Name of the Vulnerable Software and Affected Versions UpdraftPlus: WP Backup & Migration Plugin versions prior to 1.26.5 Description An authentication bypass exists in the UpdraftPlus Remote Communications V2::wp loaded function due to insufficient validation of the remote communications message...
PT-2026-34667
Name of the Vulnerable Software and Affected Versions Pipecat versions 0.0.41 through 0.0.93 Description An issue exists in the LivekitFrameSerializer class, an optional and deprecated frame serializer used for LiveKit integration. The deserialize function in src/pipecat/serializers/livekit.py us...
PT-2026-25089
soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field...
PT-2023-10006 · Unknown · Fanzila Webfinance
Name of the Vulnerable Software and Affected Versions: fanzila WebFinance version 0.5 Description: A critical issue has been found in fanzila WebFinance, affecting an unknown function of the file htdocs/admin/save roles.php. The manipulation of the id argument leads to sql injection...
PT-2026-51138
Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...
PT-2026-50769
Name of the Vulnerable Software and Affected Versions pam usb versions 0.9.1 and earlier Description The xfree memory release helper calls free without zeroing buffer contents first. This results in heap-allocated buffers containing sensitive data, such as one-time pad bytes read from disk, being...
PT-2026-50640
The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...
PT-2026-48284
Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials versions c2pa-v0.80.1 and earlier Description An uncontrolled resource consumption issue allows an attacker to exhaust system resources, leading to an...
PT-2026-45648
Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description Kiteworks is a private data network PDN. A reflected Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript...
PT-2026-39942
Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...
PT-2026-40079
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...
PT-2026-39426
Уязвимость компонентов xfrm и RxRPC ядра операционной системы Linux связана с отсутствием проверки корректности принимаемых запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии до уровня root...
PT-2025-22220
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue occurs when bpf redirect peer is used to redirect packets to a device in another network namespace, and the packet is not...
PT-2025-14163 · Beastthemes · Beastthemes Clockinator Lite
Name of the Vulnerable Software and Affected Versions: BeastThemes Clockinator Lite versions 1.0.0 through 1.0.7 Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For version...
PT-2025-1788 · WordPress · The Photo Gallery Slideshow & Masonry Tiled Gallery
Name of the Vulnerable Software and Affected Versions: The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress versions up to, and including, 1.0.15 Description: The issue allows authenticated attackers with Subscriber-level access and above to make web requests to arbitrary...
PT-2024-7097 · Cisco · Cisco Routed Pon Controller +1
Name of the Vulnerable Software and Affected Versions: Cisco Routed PON Controller Software affected versions not specified Description: The issue exists due to insufficient validation of arguments passed to specific configuration commands, allowing an authenticated, remote attacker with...
PT-2024-23494 · Jnt Telecom · Jnt Liftcom Ums
Name of the Vulnerable Software and Affected Versions: JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 Description: An issue in the software allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. Recommendations: For JNT Telecom JNT Liftcom UMS V1.J...
PT-2009-5362 · Bingo! · Bingo!Cms
Name of the Vulnerable Software and Affected Versions: bingo!CMS versions 1.2 and earlier Description: A cross-site request forgery issue allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content. Recommendations: For versions 1.2...
PT-2026-53289
Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...