184508 matches found
PT-2026-43915
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A reference count leak occurs in the ALSA caiaq component of the Linux kernel during probe failure. The create card function increases the reference count of the USB device using usb get de...
PT-2026-43249
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...
PT-2026-43433
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21.1 Description A Server-Side Request Forgery SSRF allows an attacker to force the server to send HTTP requests to internal services through the security advisories package lookup feature. By...
PT-2026-43204
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18...
PT-2026-43277
Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description IBM Db2 for Linux, UNIX, and Windows, including DB2 Connect Server, stores potentially sensitive information in log files. This data could be accessed an...
PT-2026-43238
Name of the Vulnerable Software and Affected Versions Security Gateway affected versions not specified Description An input-handling issue exists in the UserChoice flow of the UserCheck Web Portal when DLP is active. An attacker with access to the UserCheck Ask page can manipulate stored...
PT-2026-43326
A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has...
PT-2026-43415
A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...
PT-2026-45147
Name of the Vulnerable Software and Affected Versions MariaDB server versions 11.4.1 through 11.4.10 MariaDB server versions 11.8.1 through 11.8.6 MariaDB server version 12.3.1 Description A user granted EXECUTE access to a stored routine through a role can view the routine definition, even if th...
PT-2026-43437
Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the vfs worm module, which is designed to provide write-once, read-many WORM protections by preventing file modifications after a specific grace period. Due to insufficient...
PT-2026-43188
A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The...
PT-2026-43453
Name of the Vulnerable Software and Affected Versions Kata Containers version 3.28.0 Description Kata Containers allows pod creators to inject arbitrary command-line arguments into the virtiofsd process via the io.katacontainers.config.hypervisor.virtio fs extra args pod annotation. Because the...
PT-2026-43090
A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation of the attack is...
PT-2026-43089
A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirm logged in of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...
PT-2026-43031
A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit customer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed ...
PT-2026-42980
A flaw has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This affects an unknown part of the file /user of the component User Management Handler. This manipulation of the argument role causes improper authorization. It is possible to initiate the attack...
PT-2026-43066
Name of the Vulnerable Software and Affected Versions hackney versions 0.9.0 through 4.0.0 Description Improper Neutralization of CRLF Sequences, also known as CRLF Injection, allows HTTP Response Splitting. The setcookie/3 function in src/hackney cookie.erl validates Name and Value arguments...
PT-2026-42992
NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...
PT-2026-42906
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check all command guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is public...
PT-2026-42937
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...
PT-2026-42849
Name of the Vulnerable Software and Affected Versions Microsoft Entra ID affected versions not specified Description An origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about ...
PT-2026-42821
Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.15.3 Description An incomplete fix in the bot-engine runtime allows authenticated users to use credentials from any workspace via the preview chat endpoint. The getCredentials utility function employs a falsy check...
PT-2026-42766
Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.4 Description The quote function fails to validate object-token inputs against the operator model used by parse. Specifically, the .op field is escaped using a regular expression that does not match line...
PT-2026-42491
Name of the Vulnerable Software and Affected Versions VillaTheme HAPPY versions prior to 1.0.11 Description A missing authorization issue in VillaTheme HAPPY allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to version 1.0.11 or later...
PT-2026-42662
Name of the Vulnerable Software and Affected Versions LMDeploy versions 0.12.3 and earlier Description LMDeploy is a toolkit for compressing, deploying, and serving large language models. The software hardcodes trust remote code=True in multiple HuggingFace model-loading call sites, specifically...
PT-2026-42076
Name of the Vulnerable Software and Affected Versions Games Catalog versions prior to 1.2.1 Description The Games Catalog plugin for WordPress is susceptible to Cross-Site Request Forgery, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs because...
PT-2026-42259
Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.105.0 Frappe versions prior to 16.15.0 Description Frappe is a full-stack web application framework. A path traversal issue allows unauthenticated arbitrary file read on internet-facing surfaces, such as ERPNext. Ov...
PT-2026-42148
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description The BaseHandler.set trap in bridge.js ignores the receiver parameter and unconditionally writes to the host target object. According to the Proxy set trap specification, when the receiver is not the pro...
PT-2026-41984
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for clean start=0...
PT-2026-41911
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 Description Privilege escalation exists in the Enterprise Policies component. Recommendations Update...
PT-2026-42009
Name of the Vulnerable Software and Affected Versions Kieback & Peter DDC building controllers affected versions not specified Description Cross-site scripting XSS allows JavaScript to be executed by the victim's browser, enabling an attacker to control the browser. Recommendations At the moment,...
PT-2026-41513
Name of the Vulnerable Software and Affected Versions The AI Engine – The Chatbot, AI Framework & MCP for WordPress version 3.4.9 Description Missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path allows authenticated users with Subscriber privileges or higher t...
PT-2026-41420
Name of the Vulnerable Software and Affected Versions Essential Chat Support versions prior to 1.0.2 Description The Essential Chat Support plugin for WordPress contains an authorization bypass. The plugin fails to properly verify if a user is authorized to perform specific actions, allowing...
PT-2026-41436
NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that...
PT-2026-41198
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description A Stored Cross-Site Scripting XSS issue exists in the Banner component due to an improper sanitization order where DOMPurify.sanitize is executed before marked.parse. This allows a malicious...
PT-2026-41118
Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to th...
PT-2026-40976
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the tool update endpoint. This occurs when the server does not restrict which properties a client can modify, allowing user-controlled request bodies to include fiel...
PT-2026-41158
Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description In federated rooms, malicious homeservers can craft room events that prevent the server from providing full history to paginating clients. This can result in clients failing to display the room...
PT-2026-41136
Summary Any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The RoutinePermission class grants read access to any authenticated user when a routine has is...
PT-2026-41163
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.3.16 Description A missing permission check in API endpoints related to files allows any authenticated user to list, access, and delete every file uploaded by any user to the platform. The issue exists because th...
PT-2026-40708
Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP InertialSensor ADIS1647x.cpp, ArduRover, ADIS1647x Sensor component...
PT-2026-40729
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description SiYuan's publish-mode Reader can modify configuration and SQL index data through eight ungated APIs. These endpoints are registered with model.CheckAuth but lack model.CheckAdminRole and...
PT-2026-40841
Four CVEs CVE-2026-29103, CVE-2026-29104, CVE-2026-29892, CVE-2026-30441 shared the same root cause. An MCP server's response to the client includes free-form text fields — tool descriptions, resource summaries, prompt argument hints. These fields are surfaced into the…...
PT-2026-40713
Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description An authentication bypass exists in the Cloud Authentication Service CAS component of PAN-OS due to incorrect cryptographic signature verification. This allows an unauthenticated attacker with...
PT-2026-40700
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
PT-2026-39951
The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
PT-2026-40071
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions prior to 7.0.0 Description An...
PT-2026-44975
Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.43.4 Description A flaw exists in the way the library handles chunked Transfer-Encoding. The read payload function in httplib.h uses std::strtoul to parse the chunk-size field. Because std::strtoul accepts leadi...
PT-2026-40096
Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially...
PT-2026-40091
Buffer overflow for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...