184508 matches found
PT-2026-49104
Name of the Vulnerable Software and Affected Versions LiteSpeed cPanel plugin versions prior to 2.4.8 LiteSpeed WHM PlugIn versions prior to 5.3.2.0 Description A privilege escalation issue exists where the software mishandles symbolic links symlinks provided by a user with FTP or web shell acces...
PT-2026-49072
Name of the Vulnerable Software and Affected Versions LWS Optimize ā All-in-One Speed Booster & Cache Tools versions prior to 3.3.20 Description The plugin is subject to an arbitrary file read issue. This occurs because the combine current css function trusts values harvested from page HTML and...
PT-2026-49091
Name of the Vulnerable Software and Affected Versions Bookly versions prior to 27.3 Description The Online Scheduling and Appointment Booking System ā Bookly plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping...
PT-2026-48919
A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...
PT-2026-48894
Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...
PT-2026-48943
Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi search endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to...
PT-2026-48891
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit discussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...
PT-2026-48947
Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.1 through 5.5.15 SimpleHelp versions 6.0 pre-release through 6.0 RC1 Description An authentication bypass exists in the OpenID Connect OIDC authentication flow. The server fails to verify the cryptographic signature of...
PT-2026-48882
Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...
PT-2026-49067
Name of the Vulnerable Software and Affected Versions File Browser affected versions not specified Description File Browser fails to properly validate symbolic links, allowing scoped users or unauthenticated public-share recipients to access files outside their intended directory boundaries. Whil...
PT-2026-49341
Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A flaw exists in the WavPack audio decoder within gst-plugins-good. An integer overflow occurs during the buffer size calculation 4 block samples channels inside the gst wavpack dec handle...
PT-2026-49038
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.27 Description An authorization bypass exists in QQBot pre-dispatch slash commands. This issue allows authenticated senders to skip allowFrom policy checks, enabling them to invoke slash commands before...
PT-2026-49029
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.7 Description The memory-wiki ingest feature allows authenticated Gateway operators with operator.write scope to read local files outside of the intended ingest sources. By specifying arbitrary local file path...
PT-2026-50785
Name of the Vulnerable Software and Affected Versions OpenBSD versions prior to commit 6a23123 Description An out-of-bounds read exists in the mpls do error function within sys/netmpls/mpls input.c. Remote attackers can disclose kernel stack memory by sending crafted MPLS frames containing 16...
PT-2026-48884
Name of the Vulnerable Software and Affected Versions WEOLL versions 2.0.9 through 3.2.45.32 Description An unrestricted file upload flaw allows the upload of dangerous file types. This issue enables attackers to access functionality that is not properly constrained by Access Control Lists ACLs,...
PT-2026-48982
Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The AI explain helper fails to verify the can see? permission on the reply to post of a post being explained. This allows an...
PT-2026-48946
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2026-55697
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.1.3 Linux kernel versions prior to 6.18.38 Linux kernel versions prior to 6.12.95 Linux kernel versions prior to 6.6.144 Linux kernel versions prior to 6.1.177 Linux kernel versions prior to 5.15.211 Linux kern...
PT-2026-48616
Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.6 Spring Boot versions 3.5.0 through 3.5.14 Spring Boot versions 3.4.0 through 3.4.16 Description Mail auto-configuration does not enable hostname verification, which is the process of verifying that the...
PT-2026-48633
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...
PT-2026-48656
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.10 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue exists where insufficient validation of secondary URLs could allow an authenticated user to...
PT-2026-48682
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description The RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...
PT-2026-48695
A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...
PT-2026-48699
Name of the Vulnerable Software and Affected Versions WordPress Toolkit versions prior to 6.11.0 Description An argument injection issue exists in the software as used in cPanel & WHM. This allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI...
PT-2026-48748
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.24 Description An authorization bypass exists in the MCP loopback feature. This allows non-owner callers to circumvent owner-only tool policies and before-tool-call hooks. When the feature is enabled and...
PT-2026-48372
Name of the Vulnerable Software and Affected Versions File Station 5 versions prior to 5.5.6.5208 Description A buffer overflow occurs when a program writes more data to a memory buffer than it can hold, potentially overwriting adjacent memory. A remote attacker with a user account can exploit th...
PT-2026-48507
Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description An issue exists in the Kubernetes-native serverless framework where the Environment.spec.runtime.podSpec and spec.builder.podSpec passthrough lacks validation. This allows the MergePodSpec function ...
PT-2026-48406
Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...
PT-2026-48466
Name of the Vulnerable Software and Affected Versions Erlang/OTP versions 29.0 through 29.0.1 ssh versions 6.0 through 6.0.0 Description A timing side-channel in password authentication allows unauthenticated remote attackers to enumerate usernames. When the SSH daemon is configured with the user...
PT-2026-48519
Name of the Vulnerable Software and Affected Versions Metrics::Any::Adapter::Statsd versions prior to 0.04 Description The software does not protect against metric injections. The statsd protocol allows multiple metrics to be sent per packet, separated by newlines. The send method fails to valida...
PT-2026-48529
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...
PT-2026-48380
Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description When using aria2c as an external downloader for fragmented manifest formats like HLS or DASH streams, insufficiently sanitized input allows an attacker to perform arbitrary file writes. This occu...
PT-2026-48521
Name of the Vulnerable Software and Affected Versions Metrics::Any::Adapter::SignalFx versions prior to 0.04 Description The software does not protect against metric injections. The statsd protocol and its extensions, such as dogstatsd, allow multiple metrics separated by newlines to be sent with...
PT-2026-48500
In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...
PT-2026-48561
Name of the Vulnerable Software and Affected Versions Pi-hole FTL versions prior to 6.6.1 Description A race condition exists in the HTTP session management subsystem of the embedded CivetWeb-based web server. This issue was introduced during the v6.0 rewrite of the server engine. Recommendations...
PT-2026-48469
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 27.3.4.12 Erlang OTP versions 28.x prior to 28.5.0.2 Erlang OTP versions 29.x prior to 29.0.2 erl interface versions 3.7.16 through 5.5.2.0 erl interface versions 5.7.x prior to 5.7.0.1 erl interface versions...
PT-2026-48358
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
PT-2026-48508
Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. The Container Executor path allows a tenant to directly supply...
PT-2026-47723
Name of the Vulnerable Software and Affected Versions Blocksy versions prior to 2.1.36 Description Insufficient input sanitization in the blocksy sanitize post meta options function allows authenticated attackers with contributor-level access or higher to store serialized PHP object strings in po...
PT-2026-47964
Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio Code affected versions not specified Description Improper limitation of a pathname to a restricted directory, known as path traversal, allows an unauthorized attacker to bypass...
PT-2026-48070
Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...
PT-2026-47689
Name of the Vulnerable Software and Affected Versions Zephyr affected versions not specified Description A remote, unauthenticated attacker can cause memory corruption in the HTTP server WebSocket upgrade path. The issue occurs because the HTTP/1 header parser uses a bounded copy to move the...
PT-2026-48192
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
PT-2026-48160
šØ CVE-2025-55657 A NULL pointer dereference in the gf odf vvc cfg write bs function odf/descriptors.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file. š@cveNotify...
PT-2026-47848
Name of the Vulnerable Software and Affected Versions FreeSWITCH versions prior to 1.11.1 Description The mod verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts a Content-Length of up to nearly 10 MiB. Because the body-read loop...
PT-2026-48279
Name of the Vulnerable Software and Affected Versions OpenClinic GA version 5.351.19 Description A reflected cross-site scripting issue exists in the DICOM image upload handler. Attackers can execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata...
PT-2026-48300
Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description An authenticated user can cause a server crash or the return of incorrect results by creating documents that interfere with internal metadata processing during query execution. This issue is...
PT-2026-48270
Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 through 2025.8 Description Improper input validation allows a low-privileged attacker to bypass security measures and gain unauthorized read and write access. This issue does not require user interaction to be...
PT-2026-47969
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A Time-of-check time-of-use TOCTOU race condition exists in the Program Compatibility Assistant Service. This flaw allows an authorized attacker to elevate privileges locally, enabling them t...
PT-2026-47632
A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...