184315 matches found
PT-2024-41: Bypass authentication in PT MaxPatrol SIEM, PT MaxPatrol VM, PT MaxPatrol EDR, PT MaxPatrol Carbon и PT MaxPatrol O2
The vulnerability was identified in PT MaxPatrol SIEM, PT MaxPatrol VM, PT MaxPatrol EDR, PT MaxPatrol Carbon и PT MaxPatrol O2 that affects versions that include component PT MC version earlier than 101.4.8813 and component MPX version earlier than 27.2.14850. The discovered vulnerability allows...
PT-2021-4234 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 5.13.7 Description: The issue allows an unprivileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This is possible because the protection...
PT-2026-52440
Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...
PT-2026-51630
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Git LFS storage is content-addressed by OID Object Identifier alone, while per-repository authorization is managed in the lfs object table. The serveUpload function skips the re-upload process when an...
PT-2026-51596
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.10.0 through 2.18.7 jackson-databind versions 2.19.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description The BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray function allowlists any...
PT-2026-50661
Name of the Vulnerable Software and Affected Versions MCP Toolbox for Databases affected versions not specified Description An authenticated authorization bypass occurs due to missing scope enforcement in older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces...
PT-2026-50521
Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.409 Description An authentication bypass exists in passkey registration endpoints. When HERMES WEBUI PASSKEY=1 is enabled and no credentials exist, unauthenticated remote attackers can register arbitrary...
PT-2026-50134
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description A scope escalation issue exists in the web archive download endpoint. A personal access token with any non-repository scope, such as read:issue or read:misc, can be used to download full...
PT-2026-50141
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow contains a path traversal flaw in the Knowledge Bases API endpoint 'POST /api/v1/knowledge bases'. The issue resides in the create knowledge base function, where the name variable is used t...
PT-2026-49964
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Metadata Plugin component of the Oracle Enterprise Manager Base Platform. An unauthenticated attacker...
PT-2026-49468
Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway versions prior to 3.1.13 Spring Cloud Gateway versions prior to 4.1.13 Spring Cloud Gateway versions prior to 4.2.9 Spring Cloud Gateway versions prior to 4.3.5 Spring Cloud Gateway versions prior to 5.0.2 Description Spri...
PT-2026-48886
Name of the Vulnerable Software and Affected Versions Yarbo cloud affected versions not specified Description The cloud service fails to enforce per-device or per-user authorization. A client with valid credentials, including shared hard-coded credentials or legitimate per-user credentials, can...
PT-2026-48898
Name of the Vulnerable Software and Affected Versions ChromaDB versions 0.4.17 through 0.4.16 Description An authenticated attacker with the UPDATE COLLECTION permission can execute arbitrary code on the server. This occurs by sending a malicious model repository and setting the trust remote code...
PT-2026-47252
Name of the Vulnerable Software and Affected Versions Online Music Site version 1.0 Description An issue exists in the processing of the '/Frontend/Search.php' endpoint. Manipulation of the Category argument allows for SQL injection, which is a technique used to execute malicious SQL statements...
PT-2026-47130
Name of the Vulnerable Software and Affected Versions Essential Addons for Elementor versions prior to 6.6.5 Description The plugin is subject to information exposure due to insufficient restrictions on the posts that can be included within the ajax load more function. This allows unauthenticated...
PT-2026-45821
Name of the Vulnerable Software and Affected Versions GoClaw versions prior to 3.11.4 Description An issue in the Webhook Verification Handler component allows for missing authentication. This occurs within the resolveAuth function located in the internal/http/auth.go file, enabling remote...
PT-2026-45587
In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-43976
Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.0 Description Sensitive information is stored in log files, which may allow a local user to read this data. Recommendations At the moment, there is no information about a newer versio...
PT-2026-43442
Name of the Vulnerable Software and Affected Versions Yeoman Environment versions 2.9.0 through 6.0.0 Description Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. The installLocalGenerators function calls...
PT-2026-43026
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...
PT-2026-40166
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network...
PT-2026-38594
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description A server-side request forgery SSRF issue exists in the notebook viewer. This occurs due to URL parser confusion between the validation layer and the HTTP request library, where the...
PT-2026-23098
Name of the Vulnerable Software and Affected Versions IDC SFX2100 satellite receiver affected versions not specified Description The /sbin/ip utility is installed with the setuid bit set on the IDC SFX2100 satellite receiver. This configuration allows any local user who can execute the binary to...
PT-2026-22887
Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.1 Description The SEPPmail Secure Email Gateway does not properly handle PDF encryption passwords, potentially allowing for operating system command execution. The issue arises from...
PT-2026-5883
Name of the Vulnerable Software and Affected Versions MyRewards – Loyalty Points and Rewards for WooCommerce plugin versions prior to 5.6.1 Description The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress does not properly verify user authorization when performing actio...
PT-2025-50332
Hi All, Looking at the Action1 reports, and unable to see anything which would be useful to for reporting from for the vulnerability of devices. I'm looking for an export with the data similar to the below DeviceName, CveId, Severity, CVSS, PatchAvailable, Product, OS, LastSeen PC-001,...
PT-2024-6815 · Unknown · Zangi Private Messenger
Name of the Vulnerable Software and Affected Versions: Zangi Private Messenger affected versions not specified Description: The issue is related to weaknesses in the session key generation mechanism of the application. This could allow a remote attacker to implement a "man-in-the-middle" attack...
PT-2024-40259 · Passbolt · Passbolt
Name of the Vulnerable Software and Affected Versions: Passbolt affected versions not specified Description: The issue concerns the /auth/verify.json endpoint, which returns a JSON containing the cookies sent in the request. This could allow an attacker who exploits an XSS vulnerability to retrie...
PT-2022-17911 · Intel · Intel Xmm 7560 Modem
Name of the Vulnerable Software and Affected Versions: IntelR XMMTM 7560 Modem software versions prior to M2 7560 R 01.2146.00 Description: The issue is related to an out-of-bounds write in the IntelR XMMTM 7560 Modem software, which may allow an unauthenticated user to potentially enable...
PT-2022-13726 · Phpipam +1 · Phpipam +1
Name of the Vulnerable Software and Affected Versions: phpipam/phpipam versions prior to 1.4.6 Description: The issue is related to improper access control, which can lead to incorrect authorization. Recommendations: For versions prior to 1.4.6, update to version 1.4.6 or later to resolve the iss...
PT-2026-52968
Name of the Vulnerable Software and Affected Versions relibc affected versions not specified Description A Denial of Service DoS issue exists in the parse month function located in /time/strptime.rs. An attacker can cause the system to crash by providing a specially crafted input. This issue is...
PT-2026-52590
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A length-confusion issue exists in the wolfSSL OCSP resp find status function. The lookup process compares serial-number bytes without verifying that the two serial numbers are of equal lengt...
PT-2026-51514
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description A command injection issue exists in the SVG decoder. This allows attackers to inject arbitrary Magick Vector Graphics MVG drawing commands by crafting...
PT-2026-51430
Name of the Vulnerable Software and Affected Versions motionEye version 0.43.1 Description An absolute path traversal issue exists in the picture and movie API endpoints, such as '/picture/id/preview/filename'. The vulnerability occurs because the API handlers and functions get media preview and...
PT-2026-50736
Impact Hydro contains an insufficient session expiration vulnerability in its session recreation logic. When a session is recreated, including during logout or other session renewal flows, Hydro creates a new session token but does not delete the previous server-side session token. As a result, a...
PT-2026-50703
Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...
PT-2026-50258
Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network attacker with registration access can introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the Hostname field of the configuration fil...
PT-2026-49942
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
PT-2026-50083
Name of the Vulnerable Software and Affected Versions TL-WR940N version 6 Description An authenticated OS command injection exists in the IPv6 PPPoE configuration handler due to improper sanitization of user input. An attacker with administrative access can exploit this to execute arbitrary syste...
PT-2026-49979
Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description A flaw in the Shell for VS Code component of Oracle MySQL allows a low-privileged attacker with network access via multiple protocols to compromise the system. Successful...
PT-2026-49055
Name of the Vulnerable Software and Affected Versions Fabric.js versions prior to 7.4.0 Description Improper escaping of user-controlled input during SVG serialization via the toSVG method can lead to Cross-Site Scripting XSS. Specifically, the color field within the colorStops array of a...
PT-2026-49030
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.26 Description An information disclosure issue exists in sandboxed session spawning that exposes the real workspace path to child prompts. This allows attackers to reveal the host workspace location or related...
PT-2026-48647
A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...
PT-2026-48272
Name of the Vulnerable Software and Affected Versions ColdFusion versions prior to 2023.20 ColdFusion versions prior to 2025.9 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, allows an attacker to bypass security features and access unauthorize...
PT-2026-48299
Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A flaw in the BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The issue stems from uncontrolled mutual recursio...
PT-2026-47132
Name of the Vulnerable Software and Affected Versions Click to Chat – WA Widget versions prior to 4.39 Description The plugin is subject to Stored Cross-Site Scripting. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occurs because...
PT-2026-46001
Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to unauthenticated adjacent network attackers...
PT-2026-45492
Name of the Vulnerable Software and Affected Versions Vitest versions prior to 4.1.0 Description A flaw in the UI/API server on Windows allows remote attackers to bypass file access restrictions and read arbitrary files when the server is exposed to the network. The issue occurs because the API...
PT-2026-42166
The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view sensitive data...
PT-2026-40941
Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser controller copies raw POST username values into the display name field before sanitization occurs. Attackers can submit HTML and script markup in the username field duri...