184508 matches found
PT-2026-50553
e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize image, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...
PT-2026-50461
Name of the Vulnerable Software and Affected Versions Cisco Umbrella Virtual Appliance affected versions not specified Description An issue in the vmadmin CLI of Cisco Umbrella Virtual Appliance allows an authenticated, local attacker to elevate privileges. This is caused by insufficient validati...
PT-2026-50221
Name of the Vulnerable Software and Affected Versions OpenBSD versions prior to 076e2b1 Description The sppp pap input function in sys/net/if spppsubr.c allows authentication bypass when certain zero values are used for lengths. Real-world offensive activities targeting this issue have been...
PT-2026-50386
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...
PT-2026-50525
Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.93.0 Description An authorization bypass exists in the proxy repository configuration. This issue allows a delegated repository administrator to disclose stored upstream proxy credentials...
PT-2026-50388
Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5...
PT-2026-50425
A stack-based buffer overflow exists in the raw to header function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width...
PT-2026-50494
Name of the Vulnerable Software and Affected Versions @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 @mariozechner/pi-coding-agent versions 0.50.0 through 0.73.1 Description Pi is a minimal terminal coding harness that used predictable paths under the operating system temporary...
PT-2026-50444
Name of the Vulnerable Software and Affected Versions Azuriom CMS versions prior to 1.2.11 Description Missing authorization in the server management routes allows an authenticated attacker with the admin.access permission to create AzLink server tokens. This can lead to the takeover of non-admin...
PT-2026-50609
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The Media module supports oEmbed, which utilizes two discovery mechanisms: providers.json and URL discovery. The URL discovery code can be exploited to trick the system into making...
PT-2026-50527
Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.1 Description A pre-authentication denial of service issue exists in the SSH MSG EXT INFO handler within src/packet.c. A malicious SSH server can trigger a CPU exhaustion loop on the client by sending a crafted...
PT-2026-50248
Three NVIDIA NeMo vulnerabilities CVE-2026-24155, CVE-2026-24252, CVE-2026-24228 enable code execution. Update NeMo Framework to v2.7.3 now. NVIDIA NeMo CVE202624155 AISecurity InfoSec https://t.co/VykvC24Ed4 https://t.co/93wJfksSbS...
PT-2026-50186
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...
PT-2026-50225
In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-50370
Cross-Site request forgery CSRF vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0...
PT-2026-50337
Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...
PT-2026-50318
Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...
PT-2026-50257
Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network-based attacker can cause a Denial of Service DoS on the web interface of the device using a Slow Loris attack. This technique involves sending partial HTTP requests...
PT-2026-49946
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description An issue exists in the Security Framework component of the Oracle WebCenter Portal product of Oracle Fusion Middleware. A low privileged attacker...
PT-2026-49980
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Install. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle...
PT-2026-49767
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description A control scope enforcement bypass exists in the focus command. This allows authenticated callers to execute the command without proper authorization checks, enabling them to change the focus...
PT-2026-49766
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description The allowFrom feature improperly validates Discord account identity by using mutable display names instead of immutable user IDs. This allows an attacker to change their display or global name...
PT-2026-49775
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where the STATE DIRECTORY variable in a workspace .env file can influence bundled runtime dependency roots. This allows attackers to manipulate STATE...
PT-2026-49844
Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware Identity Manager version 12.2.1.4.0 Oracle Fusion Middleware Identity Manager version 14.1.2.1.0 Description An issue exists in the Core component of the Identity Manager product. A low privileged attacker with network...
PT-2026-49864
Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Oracle Fusion Middleware WebLogic Server versions 15.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. An unauthenticated attacker with network...
PT-2026-49790
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer overflow in the decodePacket function of RtpPacket can lead to out-of-bounds access. This issue may allow a local escalation of privilege without...
PT-2026-49710
Name of the Vulnerable Software and Affected Versions Zephyr affected versions not specified Description A use-after-free issue exists in the mld send function within the IPv6 Multicast Listener Discovery MLD implementation. The function attempts to read the packet interface using net pkt ifacepk...
PT-2026-49911
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 Oracle WebCenter Enterprise Capture versions 14.1.2.0.0 Description An issue in the Client Bundle component of Oracle WebCenter Enterprise Capture allows an unauthenticated attacker with...
PT-2026-49849
Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft PeopleSoft Enterprise PT PeopleTools versions 8.61 through 8.62 Description A flaw in the Deployment Package component allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful...
PT-2026-49795
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description A missing bounds check in the software allows for an out-of-bounds read, which occurs when a program reads data past the end of the intended buffer. This can lead to a remote denial of service...
PT-2026-50050
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
PT-2026-49800
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing bounds check in the decodeAppPacket function within RtcpAppPacket.cpp allows for an out-of-bounds read. This condition can lead to remote information...
PT-2026-49851
Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools versions 8.61 PeopleSoft Enterprise PT PeopleTools versions 8.62 Description An issue exists in the Application Server component of Oracle PeopleSoft. This flaw allows an unauthenticated attacker with netwo...
PT-2026-50019
Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Web Runtime Security component of JD Edwards EnterpriseOne Tools. An unauthenticated attacker with network access via HTTP can compromise the...
PT-2026-49888
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. A low privileged...
PT-2026-50084
Name of the Vulnerable Software and Affected Versions TL-WR940N version v6 Description An authenticated OS command injection exists in the BigPond Cable BPA WAN configuration module due to improper sanitization of user input. An attacker with administrative access can exploit this flaw to execute...
PT-2026-50078
Name of the Vulnerable Software and Affected Versions LangGraph Python SDK versions prior to 0.3.15 Description Unsafe URL path construction occurs due to unsanitized caller-supplied identifier values used in HTTP request paths for resource operations. Identifiers containing characters with speci...
PT-2026-49867
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
PT-2026-49610
On Xtensa targets with CONFIG USERSPACE and CONFIG XTENSA MMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensa domain list, of active memory domains using a list node embedded inside the caller-owned struct k mem domain. When a domain is destroyed via k mem domain...
PT-2026-49164
A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...
PT-2026-49469
Name of the Vulnerable Software and Affected Versions Cursor versions prior to 3.0.0 Description Cursor Desktop allows the execution of workspace-defined Claude hook commands located in .claude/settings.local.json without requiring explicit user approval. A malicious workspace or a file created b...
PT-2026-49297
Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...
PT-2026-49533
Name of the Vulnerable Software and Affected Versions grpc versions 0.4.0 through 0.9.x Description Deserialization of untrusted data and allocation of resources without limits or throttling allow unauthenticated attackers to crash the BEAM node or achieve remote code execution on the server. The...
PT-2026-49298
Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description An issue in the code generation module allows an authenticated attacker with administrative privileges to access sensitive database information. This is possible through a SQL Injection in the...
PT-2026-49151
A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...
PT-2026-49580
Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description An information disclosure issue exists in the @angular/service-worker package. When the Service Worker fetches assets, it preserve...
PT-2026-49265
LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...
PT-2026-49579
Name of the Vulnerable Software and Affected Versions Electron versions 42.3.1 through 42.3.2 Description Incorrect byte length calculations in the Node.js Buffer API cause heap underflow or overflow, which can lead to memory corruption or application crashes. This issue may result in incorrect...
PT-2026-49144
Name of the Vulnerable Software and Affected Versions GL.iNet GL-MT3000 versions prior to 4.7 Description A command injection flaw exists in the Tor Proxy Service Configuration Handler. The issue is located within the replace country function in the /usr/lib/oui-httpd/rpc/tor library, allowing a...
PT-2026-49137
Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U version 108.86.0.118 Description A stack-based buffer overflow occurs in the Firmware Chunk Upload Handler component within the sprintf function of the file /api/upgrade/upgrade. This issue is triggered by manipulating the...