184269 matches found
PT-2026-53154
The WhatsApp and Linear bot adapters verify the inbound webhook HMAC signature only when a secret is configured. When the secret environment variable is unset — the default on a fresh install and common in development — verification is skipped entirely and the webhook body is parsed and dispatche...
PT-2026-50560
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The unarchive internal module's archive extraction commands lack code-level validation for extracted file paths. This causes the module to rely on the behavior o...
PT-2026-48436
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a config file name form field that is passed straight through to config mod.master slave upload and restart... as the destination path. The validati...
PT-2026-48437
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...
PT-2026-47148
Name of the Vulnerable Software and Affected Versions Protocol::HTTP2 versions prior to 1.13 Description The software is susceptible to an HTTP/2 Bomb, where a small request can expand into large server memory consumption. This occurs because the inbound HPACK path lacks a header-list size limit...
PT-2026-46301
Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.32.0 Axios versions prior to 1.16.0 Description The Node.js HTTP adapter in Axios may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This occurs when an...
PT-2026-45268
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handle webhook request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...
PT-2026-41585
Name of the Vulnerable Software and Affected Versions Kilo-Org kilocode versions prior to 7.0.48 Description A path traversal issue exists in the File Diff API Endpoint within the Bun.file function of the packages/opencode/src/kilocode/review/worktree-diff.ts file. A remote attacker can trigger...
PT-2026-39536
Name of the Vulnerable Software and Affected Versions D-Link DCS-935L versions prior to 1.10.01 Description A buffer overflow can be triggered remotely via the HNAP Service. The issue exists in the SetDeviceSettings function within the '/web/cgi-bin/hnap/hnap service' endpoint when manipulating t...
PT-2026-38641
Name of the Vulnerable Software and Affected Versions AsusPTPFilter affected versions not specified Description An exposed IOCTL Input/Output Control with insufficient access control allows a local user to bypass driver security mechanisms. This can lead to the unauthorized acquisition of...
PT-2026-35704
Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description Uncontrolled Recursion occurs in the Node.js bindings of Apache Thrift. Uncontrolled recursion is a condition where a function calls itself without a proper termination condition, potentially...
PT-2026-35273
Name of the Vulnerable Software and Affected Versions choieastsea simple-openstack-mcp versions prior to 767b2f4a8154cca344344b9725537a58399e6036 Description An OS command injection flaw exists that allows remote attackers to execute arbitrary commands. The issue is located within the exec...
PT-2026-27788
Name of the Vulnerable Software and Affected Versions Cisco IOS Software affected versions not specified Cisco IOS XE Software affected versions not specified Cisco Secure Firewall Adaptive Security Appliance ASA Software affected versions not specified Cisco Secure Firewall Threat Defense FTD...
PT-2026-5803
Name of the Vulnerable Software and Affected Versions Amiti Antivirus version 25.0.640 Description Amiti Antivirus contains an unquoted service path vulnerability in its Windows service configurations. This allows attackers to inject and execute malicious code with elevated LocalSystem privileges...
PT-2026-1860
Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2 Description A stored Cross-Site Scripting XSS issue exists in Perch CMS. An attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The...
PT-2025-48222
The Soundslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the soundslides shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
PT-2025-38853
Name of the Vulnerable Software and Affected Versions javothemes Javo Core versions through 3.0.0.266 Description An authorization issue exists in javothemes Javo Core due to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendations Update...
PT-2026-45416
Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference exists in the gf ac4 pres b 4 back channels present function within the /media tools/av parsers.c file. This issue allows an attacker to cause a Denial of...
PT-2025-23483 · Undefined · Undefined
Ubuntu is one of the most widely used Linux distributions, renowned for its security, stability, and performance. However, like any operating system, it’s not immune to vulnerabilities. With cybersecurity threats escalating in sophistication and scale, timely patching is essential to safeguard...
PT-2025-15635 · Dnn · Dnn
Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.2 Description: The issue allows uploading files with malicious content by renaming them to have an allowed file extension, such as renaming an executable file to have a .jpg extension. This could...
PT-2023-20534 · Node-Qpdf · Node-Qpdf
Name of the Vulnerable Software and Affected Versions: node-qpdf versions all Description: The issue arises from the encrypt method failing to sanitize its parameter input, which later flows into a sensitive command execution API. This allows attackers to inject malicious commands once they can...
PT-2022-23571 · Unknown · Ingredients Stock Management System
Name of the Vulnerable Software and Affected Versions: Ingredients Stock Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the Id parameter at the "/stocks/manage stockout.php" API endpoint. There is no...
PT-2019-12140 · Thinkadmin · Thinkadmin
Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 4.0 Description: The issue concerns the applicationadmincontrollerUser.php file in ThinkAdmin V4.0, where it fails to prevent the continued use of an administrator's cookie-based credentials after a password change. This...
PT-2026-48619
Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description Wss4jSecurityInterceptor sets the...
PT-2026-45583
Name of the Vulnerable Software and Affected Versions Android Framework affected versions not specified Description Improper input validation in multiple functions of DevicePolicyManagerService.java allows a system critical package to be hidden. This can result in a local denial of service withou...
PT-2026-37659
Name of the Vulnerable Software and Affected Versions JohnsonControls AC2000 versions 10.6 through 10 JohnsonControls AC2000 versions 11.0 through 9 JohnsonControls AC2000 versions 12 through 3 Description An uncontrolled search path element issue allows for the manipulation of configuration file...
PT-2026-5887
Name of the Vulnerable Software and Affected Versions Chapa Payment Gateway Plugin for WooCommerce versions up to and including 1.0.3 Description The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is susceptible to sensitive information disclosure. An unauthenticated attacker c...
PT-2025-31959 · Undefined · Undefined
Hi, I run a following script for a vulnerability test for my home network; nmap 192.168.1.1/24 -n -sP |rg -o "192." scan.txt nmap -sV --script vulners --script-args mincvss=7.0 -iL scan.txt Then I get this Vulner output in port 80; Nmap scan report for 192.168.1.5 Host is up 0.00021s latency. Not...
PT-2025-22907 · WordPress · The Essential Blocks – Page Builder Gutenberg Blocks
Name of the Vulnerable Software and Affected Versions: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 5.4.0 Description: The issue is related to Stored Cross-Site Scripting via HTML attributes in Slider and Post...
PT-2025-6483 · Intel · Intel Server Board S2600Bp +3
Name of the Vulnerable Software and Affected Versions: IntelR Server Board S2600WF versions prior to 02.01.0017 IntelR Server Board S2600ST versions prior to 02.01.0017 IntelR Server Board S2600BP versions prior to 02.01.0017 IntelR Server Board M50CYP versions prior to R01.01.0009 IntelR Server...
PT-2023-36414 · Mitsubishi · Gs21 +7
Уязвимость функции Data Transfer Security программного обеспечения создания и управления графическими интерфейсами операторов на промышленных панелях управления GT Designer3, GOT2000 Series, GOT SIMPLE Series, GT SoftGOT2000 связана со слабой криптографией паролей. Эксплуатация уязвимости может...
PT-2026-51127
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print attribute UTF8STRING path. print attribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen ...
PT-2026-49562
Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description A Denial of Service DoS issue exists in the @angular/common package. The formatNumber...
PT-2026-48990
Name of the Vulnerable Software and Affected Versions sanitize-html versions prior to 2.17.5 Description The software uses the allowedSchemesAppliedToAttributes variable to control the naughtyHref function, which is designed to block dangerous URI schemes such as javascript: and vbscript:. Howeve...
PT-2026-48509
Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is a Kubernetes-native serverless framework. The Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder...
PT-2026-48303
Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description An issue exists in the $ internalApplyOplogUpdate aggregation pipeline stage where an authenticated user with access to the aggregate command can execute a document diff containing a malforme...
PT-2026-50758
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if condition in modules/preprocs/nasm/nasm-pp.c...
PT-2026-46978
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub 41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may...
PT-2026-46265
Name of the Vulnerable Software and Affected Versions Etsy::StatsD versions prior to 1.002002 Description Etsy::StatsD for Perl allows metric injections because metric names and values are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted sources to inject...
PT-2026-44238
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description The biovec phys mergeable function, used in request merge, DMA mapping, and integrity merge paths, fails to verify if physically contiguous bvec segments belong to different dev pagemaps...
PT-2026-52217
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.3 Description Incomplete Server-Side Request Forgery SSRF protection exists within the webhook and migration allow-list filtering. SSRF is a flaw that allows an attacker to induce the server-side application to mak...
PT-2026-41197
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description Multiple endpoints accept a user-supplied file id and attach the referenced file to a resource controlled by the caller, such as folder knowledge or knowledge-base contents, without verifying if t...
PT-2026-36543
Name of the Vulnerable Software and Affected Versions bandit versions 0.5.0 through 1.10.x Description An allocation of resources without limits or throttling allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in the handle frame/3 function within...
PT-2026-28426
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where an administrator possessing manage-clients permission can exploit a misconfiguration. This misconfiguration arises when the manage-clients permission is...
PT-2026-27174
An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...
PT-2025-47968
Name of the Vulnerable Software and Affected Versions Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 Description A Directory Traversal issue exists in the Application Server of the software, allowing an attacker to write arbitrary files under certain conditions. The issue enables...
PT-2025-30076 · Git +1 · Pcapplusplus
Name of the Vulnerable Software and Affected Versions: cppc affected versions not specified Description: The software contains a heap-buffer-overflow read issue. The crash occurs within the toString function of the TelnetLayer class, triggered through toStringList and toString functions of the...
PT-2024-41: Bypass authentication in PT MaxPatrol SIEM, PT MaxPatrol VM, PT MaxPatrol EDR, PT MaxPatrol Carbon и PT MaxPatrol O2
The vulnerability was identified in PT MaxPatrol SIEM, PT MaxPatrol VM, PT MaxPatrol EDR, PT MaxPatrol Carbon и PT MaxPatrol O2 that affects versions that include component PT MC version earlier than 101.4.8813 and component MPX version earlier than 27.2.14850. The discovered vulnerability allows...
PT-2026-53483
A SQL injection vulnerability exists in the duckdb retriever component of the run-llama/llama index repository, specifically in llama-index-retrievers-duckdb-retriever prior to v0.4.0. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an...
PT-2026-51630
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Git LFS storage is content-addressed by OID Object Identifier alone, while per-repository authorization is managed in the lfs object table. The serveUpload function skips the re-upload process when an...