PT-2021-2559 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11.3 Description: An issue was discovered in the Linux kernel when a webcam device exists, related to a memory leak in the video usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c for large arguments...

PT-2026-46908

Name of the Vulnerable Software and Affected Versions JCE Editor for Joomla versions prior to 2.9.99.5 Description A flaw in the JCE editor extension for Joomla allows unauthenticated users to create new editor profiles. This capability can be leveraged to upload and execute PHP code on the serve...

PT-2026-43439

Name of the Vulnerable Software and Affected Versions ctdb versions prior to 4.23.8+git.477.f78166bceed-1.1 Description A denial of service issue exists against the AD DC WINS server. Recommendations Update to version 4.23.8+git.477.f78166bceed-1.1...

PT-2026-40430

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...

PT-2026-39986

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

PT-2026-39568

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smf nsmf handle create sm context of the component SMF. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The project...

PT-2026-39574

Zephyr sockets created with IPPROTO TLS 1 3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtls ssl conf min tls version. The ClientHello advertises both versions and the...

PT-2026-39829

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions...

PT-2026-39546

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase save. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available...

PT-2026-38912

Name of the Vulnerable Software and Affected Versions DrayTek Vigor 2960 versions prior to 1.5.1.4 Description An OS command injection issue exists in the CGI login handler. Unauthenticated remote attackers can execute arbitrary commands with web server privileges by injecting shell metacharacter...

PT-2025-38126

Name of the Vulnerable Software and Affected Versions N-Reporter affected versions not specified N-Cloud affected versions not specified N-Probe affected versions not specified Description The N-Reporter, N-Cloud, and N-Probe developed by N-Partner are susceptible to an OS Command Injection issue...

PT-2025-36463

Name of the Vulnerable Software and Affected Versions: D-Link DIR-852 versions up to 1.00CN B09 Description: A vulnerability exists in D-Link DIR-852 that allows for information disclosure. The vulnerability is located in the phpcgi main function of the /getcfg.php file within the Device...

PT-2025-28426 · Undefined · Undefined

CVE-2025-53617 Rejected reason https://t.co/4W7JtMJDzr...

PT-2025-4846

Name of the Vulnerable Software and Affected Versions AWS Cloud Development Kit AWS CDK versions prior to 2.177.0 Description The issue concerns the AWS Cloud Development Kit's AWS CDK handling of IAM OIDC custom resource provider packages. Specifically, the tls.connect method sets...

PT-2024-36017 · Undefined · Undefined

MS-ISAC CYBERSECURITY ADVISORYMS-ISAC CYBERSECURITY ADVISORY MS-ISAC ADVISORY NUMBER: 2024-134 DATES ISSUED: 12/10/2024 SUBJECT: Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution OVERVIEW: Multiple vulnerabilities have been discovered in Adobe products, the most...

PT-2024-7334 · Google · Google Cloud Migrate To Containers

Name of the Vulnerable Software and Affected Versions: Google Cloud Migrate to Containers versions 1.1.0 through 1.2.2 Description: The issue is related to an insecure default user permission in Google Cloud Migrate to containers. A local user m2cuser is created with administrator privileges,...

PT-2024-12: SQL Injection in Cacti

The vulnerability was identified in Cacti version 1.2.25 and below. It allows to execute arbitrary SQL code. The vulnerability can be exploited by an authorized user using the vulnerable component pollers.php. Vulnerability status: Confirmed by vendor Date of vulnerability detection: 22.12.2023...

PT-2023-30151 · Elastic · Fleet Server

Name of the Vulnerable Software and Affected Versions: Fleet Server versions 8.10.0 through 8.10.2 Description: An issue was discovered where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into...

PT-2023-2756 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.2.13 Description: The issue is related to the qfq change class function in the Linux kernel, which allows an out-of-bounds write because lmax can exceed QFQ MIN LMAX. This can potentially impact the...

PT-2022-19653 · Horner Automation · Horner Automation Cscape Csfont +1

Name of the Vulnerable Software and Affected Versions: Product affected versions not specified Description: The issue allows an out-of-bounds read via an uninitialized pointer, potentially enabling an attacker to execute arbitrary code. Recommendations: At the moment, there is no information abou...

PT-2021-5289 · Apache +2 · Apache Tomcat +2

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 8.5.60 through 8.5.71 Apache Tomcat versions 9.0.40 through 9.0.53 Apache Tomcat versions 10.0.0-M1 through 10.0.11 Apache Tomcat versions 10.1.0-M1 through 10.1.0-M5 Description: The issue is related to a memory leak i...

PT-2021-3110 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.39 through 5.10.16 Description: An issue was discovered in the Linux kernel, as used in Xen, where block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. This issue...

PT-2020-17371 · Mediawiki +1 · Mediawiki Securepoll Extension +1

Name of the Vulnerable Software and Affected Versions: MediaWiki SecurePoll extension versions through 1.35.1 Description: An issue in the SecurePoll extension for MediaWiki may provide unintended clues about how a voting process unfolded due to the non-admin vote list containing a full vote...

PT-2017-13: Elevation of Privilege in Microsoft Windows

The specialists of the Positive Research center have detected an Elevation of Privilege vulnerability in Microsoft Windows. An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully...

PT-2016-5019

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.1 through 1.0.1t OpenSSL versions 1.0.2 through 1.0.2h Description The AES-NI implementation in OpenSSL does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive...

PT-2009-4392 · Cpcommerce · Cpcommerce

Name of the Vulnerable Software and Affected Versions: cpCommerce versions 1.2.x, possibly including 1.2.9 Description: The issue allows remote attackers to bypass a protection mechanism, enabling them to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, o...

PT-2000-1202 · Zone · Zonealarm

Name of the Vulnerable Software and Affected Versions: ZoneAlarm affected versions not specified Description: The issue concerns ZoneAlarm sending sensitive system and network information in cleartext to the Zone Labs server when a user requests more information about an event. Recommendations: A...

PT-2026-46231

Name of the Vulnerable Software and Affected Versions Progress ADC affected versions not specified Description An OS Command Injection flaw in the API of Progress ADC products allows an unauthenticated attacker to execute arbitrary commands on the LoadMaster appliance. This issue is caused by...

PT-2026-45476

Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and...

PT-2026-45658

Name of the Vulnerable Software and Affected Versions Strongbox affected versions not specified Description Memory corruption occurs when using Strongbox due to a missing bounds check. A bounds check is a security mechanism that ensures a program does not access memory outside the boundaries of a...

PT-2026-43951

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the RDMA mana ib component where the mana ib destroy qp rss function destroys RX WQ objects without disabling vPort RX steering in the firmware. This results in stale...

PT-2026-41108

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to perform an out of bounds memory write via a crafted print file...

PT-2026-39984

Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...

PT-2026-39954

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saab cancel booking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR...

PT-2026-40001

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

PT-2026-39956

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2026-39945

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...

PT-2026-40071

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions prior to 7.0.0 Description An...

PT-2026-39938

ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if a...

PT-2026-40437

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled...

PT-2026-39929

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...

PT-2026-39901

Name of the Vulnerable Software and Affected Versions GitHub Copilot CLI versions prior to 1.0.43 Description An issue exists where a malicious bare git repository nested inside a project directory can lead to arbitrary code execution when the agent performs git operations. By exploiting git's...

PT-2026-39594

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm handle pdu session modification qos flow descriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be...

PT-2026-39547

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales save. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the...

PT-2026-38675

Name of the Vulnerable Software and Affected Versions cPanel Nova plugin versions prior to 11.136.0.9 cPanel Nova plugin versions prior to 11.136.1.10 WP Squared cPanel Nova plugin versions prior to 11.134.0.25 cPanel Nova plugin versions prior to 11.132.0.31 cPanel Nova plugin versions prior to...

PT-2026-38672

Name of the Vulnerable Software and Affected Versions Netgate pfSense CE version 2.7.2 Description Netgate pfSense CE allows code execution through the module installer. This occurs when a backup file containing a serialized PHP object with the post reboot commands property is used. Recommendatio...

PT-2026-39236

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.7 Wagtail versions prior to 7.3.2 Description The Documents and Images API incorrectly lists items in private collections, allowing a user with API access to view the filename and name of documents and images stor...

PT-2026-38424

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

PT-2026-38297

Name of the Vulnerable Software and Affected Versions Scramble versions 0.13.2 through 0.13.21 Description When documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation. This can le...

PT-2026-38305

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.32 Description A logical flaw in the URL checking logic allows attackers to bypass security filters, leading to Server-Side Request Forgery SSRF. The system uses the validate url function to perform security...