175461 matches found
PT-2026-44179
Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.29.3 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers with subscriber-level...
PT-2026-44273
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the fanotify system allows the fsnotify get mark safe function to return false for a mark on an unrelated group. This behavior leads to the bypassing of permission checks. The...
PT-2026-44398
Name of the Vulnerable Software and Affected Versions PyJWT versions prior to 2.13.0 Description PyJWT is a JSON Web Token implementation in Python. When the verifier decodes JSON Web Tokens while supporting both asymmetric and HMAC algorithms, the library fails to validate the use of JSON Web Ke...
PT-2026-44304
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A misuse of Read-Copy Update RCU, a synchronization mechanism that allows multiple readers to access data while a writer modifies it, occurs in the mlx4 srq event function. The mlx4 srq...
PT-2026-44316
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the xfrm AH implementation where the system fails to account for Extended Sequence Number ESN high bits in asynchronous callbacks. When ESN is enabled, the asynchronou...
PT-2026-44335
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the batman-adv module. The batadv bla del backbone claims function removes all claims for a backbone by dropping the link entry in the hash list. Because...
PT-2026-44361
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the batman-adv module, BAT IV caches an originator pointer in each neigh node derived from a temporary lookup. This pointer is not owned by the neigh node and may refer to an invalid...
PT-2026-44230
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug exists in the rebalance children function within the dm-thin component. When an internal btree node contains a single entry, the system attempts to copy all btree entries from the...
PT-2026-44253
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the fec decode bufs function within the dm-verity-fec component. The issue occurs because the function incorrectly assumes that parity bytes of the first...
PT-2026-44252
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the btrfs module within the create space info function error path. When kobject init and add fails, the system executes a call chain that leads to space inf...
PT-2026-44231
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the ipmi:si component where the driver fails to return to a normal state when message allocation fails,...
PT-2026-44283
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the btrfs file system where the last unlink trans field is not updated when removing a directory. This can lead to incorrect fsync behavior if a user performs an fsync...
PT-2026-44350
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free or type confusion issue exists in the SCTP implementation of the Linux kernel. In the sctp sendmsg function, the SCTP SENDALL path iterates through associations using li...
PT-2026-44271
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the microchip-core-qspi driver where the built-in chip select is automatically operated by hardware. When multiple devices are attached to the QSPI controller, the...
PT-2026-44241
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference occurs in the papr hvpipe dev create handle function. This issue was introduced when the function was converted to use FD PREPARE, which caused the src info...
PT-2026-44290
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A heap leak exists in the usblp driver. The usblp read status function requests 1 byte of data, but if a malicious printer responds with zero bytes, the usblp ctrl msg function discards the...
PT-2026-44305
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel stack memory leak occurs in the pseries/papr-hvpipe component. The hdr variable is allocated on the stack, but only hdr.version and hdr.flags are explicitly initialized. Since t...
PT-2026-44269
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ALSA usb-audio component within the convert chmap v3 function. The function contains a loop that uses the cs desc-wLength variable to determine the increment size...
PT-2026-44353
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read issue exists in the drm/amdgpu/vcn3 component when parsing decoding messages. This occurs because the system fails to properly check bounds against the end of the...
PT-2026-44267
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An error unwind issue exists in the RDMA mana component. Specifically, the mana ib create qp rss function fails to properly...
PT-2026-44320
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the drm/amdkfd component where the nattr field is not properly validated against the buffer size. This allows for out-of-bounds buffer access through a user-controlled...
PT-2026-44279
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the LoongArch architecture where the loongson gpu fixup dma hang function may fail to handle certain switch cases. This can lead to an Address Detection Error ADE...
PT-2026-44245
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the b43 rx function within the b43 wifi driver. The firmware-controlled key index can exceed the size of the dev-key array, which contains 58 entries...
PT-2026-44292
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the hfsplus module where the hfs brec read function fails to validate that the on-disk record size matches the expected size for the record type being read. When...
PT-2026-44360
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An overflow issue exists in the drm/amdgpu/vcn3 component during the message bound check process. Recommendations At the moment, there is no information about a newer version that contai...
PT-2026-47121
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516422428 Crash type: Heap-buffer-overflow READ Crash state: md process all blocks md parse md html...
PT-2026-47210
Unknown description...
PT-2026-47218
Unknown description...
PT-2026-44558
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in PDFium allows a remote attacker to potentially exploit heap corruption through a crafted PDF file. Use after free occurs when an application continues to use ...
PT-2026-44648
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A heap buffer overflow exists in ANGLE, which is a compatibility layer that allows OpenGL ES to run on various graphics APIs. This issue allows a remote attacker to potentially exploit...
PT-2026-44049
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...
PT-2026-44108
Name of the Vulnerable Software and Affected Versions HCL BigFix Remote Control Server WebUI versions prior to 10.1.0.0443 Description A misconfigured Content Security Policy CSP, which is a security layer used to detect and mitigate certain types of attacks including Cross-Site Scripting XSS and...
PT-2026-44037
Name of the Vulnerable Software and Affected Versions GPAC MP4Box affected versions not specified Description A NULL pointer dereference occurs when parsing certain truncated MP4 files. An unknown or invalid stsd entry can lead to missing descriptor fields, such as codec, mime, or profile strings...
PT-2026-44146
Description SymfonyComponentYamlParser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...
PT-2026-44078
Name of the Vulnerable Software and Affected Versions MapServer versions 6.4.0 through 8.6.2 Description A NULL pointer dereference occurs when the msSLDParseUserStyle function calls SLDApplyRuleValuespsRule, psLayer, 1 for any containing an . The system assumes msSLDParseRule added one class;...
PT-2026-44088
pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny remote=false in pam usb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAM RHO...
PT-2026-44139
Description SymfonyComponentMimeHeaderParameterizedHeader and the related parameter handling reachable from SymfonyComponentMimeHeaderHeaders is responsible for serializing structured headers such as Content-Type and Content-Disposition, which carry key=value parameters e.g. Content-Disposition:...
PT-2026-44115
Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.0 Description This issue occurs in the deny remote feature of the PAM module, which is loaded into host processes such as sudo, login, GDM, and GNOME Shell. In multi-threaded environments like GDM, three functions...
PT-2026-44112
Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.8.7 Description An issue exists in the hardware authentication system for Linux where shell injection can occur. A crafted UUID in the configuration can lead to root remote code execution when the pamusb-conf...
PT-2026-44123
Name of the Vulnerable Software and Affected Versions Toolbox affected versions not specified Description The software is susceptible to DNS rebinding attacks when using Server-Sent Events SSE under specification v2024-11-05. This occurs because the SSE initialization handler retains a hardcoded...
PT-2026-43719
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the RDMA/rxe component. In the rxe srq from init function, the queue pointer q is assigned to srq-rq.queue before the SRQ number is copied to user space. If...
PT-2026-43470
A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
PT-2026-43536
The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdl off options function. This makes it possible for unauthenticated attackers to update the plugin's setting...
PT-2026-43566
Name of the Vulnerable Software and Affected Versions BOSH Director versions prior to v282.1.12 Description When the director sends a long-running request, such as compile package, the agent's reply JSON is processed by AgentClient. The functions inject compile log and format exception read the...
PT-2026-43662
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through = 1.3.46...
PT-2026-43617
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability...
PT-2026-43589
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox - Digital Products Ecommerce: from n/a through 1.4.2...
PT-2026-43584
Name of the Vulnerable Software and Affected Versions Synology Contacts versions prior to 1.0.10-20659 Description Improper neutralization of input during web page generation leads to a Cross-site Scripting XSS issue in the contact functionality. This allows remote authenticated users to read or...
PT-2026-43594
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...
PT-2026-43577
Name of the Vulnerable Software and Affected Versions Synology BeeDrive for desktop versions prior to 1.3.2-13814 Description A flaw in the redis-server component allows local users to perform denial-of-service attacks, which occur when a system is overwhelmed to the point of becoming unavailable...