184508 matches found
PT-2026-35018
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return value after changing leaf in lookup extent data ref After commit 1618aa3c2e01 "btrfs: simplify return variables in lookup extent data ref", the err and ret variables were merged into a single ret...
PT-2026-34948
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the OCFS2 file system where the ocfs2 group extend function assumes that the global bitmap inode block returned from ocfs2 inode lock is already validated. In crafted...
PT-2026-34946
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A duplicate resource teardown occurs in the PCI endpoint pci-epf-vntb. The function epf ntb epc destroy performs a teardown that the caller is already expected to execute. This redundanc...
PT-2026-34660
Name of the Vulnerable Software and Affected Versions FunnelFormsPro versions n/a through 3.8.1 Description Improper Control of Generation of Code allows Remote Code Inclusion, which enables an attacker to inject and execute arbitrary code. Recommendations At the moment, there is no information...
PT-2026-34047
Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.16 Description An issue exists in the Custom Scripts Handler component that allows for cross site scripting. This flaw enables remote exploitation through the manipulation of an unknown functionality within the...
PT-2026-46937
Name of the Vulnerable Software and Affected Versions X.Org X server affected versions not specified Xwayland affected versions not specified Description A use-after-free flaw exists in the miSyncDestroyFence function. This occurs when a client sets up multiple fence triggers, allowing a function...
PT-2026-36836
Name of the Vulnerable Software and Affected Versions D-Link DIR-600L Hardware Revision A1 Description A hardcoded telnet backdoor exists in the device. At boot, the device starts a telnet daemon via the /bin/telnetd.sh script using the username "Alphanetworks" and a static password "wrgn35 dlwbr...
PT-2026-33415
Name of the Vulnerable Software and Affected Versions Canto plugin for WordPress versions prior to 3.1.2 Description Missing authorization occurs due to the absence of capability checks or nonce verification in the updateOptions function. This function is exposed via two AJAX hooks: 'wp ajax...
PT-2026-31102
Name of the Vulnerable Software and Affected Versions Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress versions up to and including 2.1.7 Description The Masteriyo LMS plugin is affected by an authorization bypass issue. Insufficient webhook signature...
PT-2026-31292
Name of the Vulnerable Software and Affected Versions The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress versions up to and including 5.1.2 Description The User Registration ...
PT-2026-29602
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP, an asynchronous HTTP client/server framework, is susceptible to excessive memory usage due to an unbounded DNS cache. This can potentially lead to a Denial of Service DoS situation if an...
PT-2026-28610
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.63 Parse Server versions prior to 9.7.0-alpha.7 Description The verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attack...
PT-2026-26466
The Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary...
PT-2026-24729
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups...
PT-2026-24776
ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public html/ to write executable code...
PT-2026-23789
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.13 Description Flowise is a drag & drop user interface to build customized large language model flows. A critical Insecure Direct Object Reference IDOR vulnerability, combined with a Business Logic Flaw, exists in...
PT-2026-22722
Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote...
PT-2026-22214
Name of the Vulnerable Software and Affected Versions Phishing Club versions prior to 1.30.2 Description Phishing Club is a phishing simulation and man-in-the-middle framework. An authenticated SQL injection issue exists in the GetOrphaned recipient listing endpoint. The endpoint builds a SQL que...
PT-2026-21416
Name of the Vulnerable Software and Affected Versions D-Link DWR-M960 version 1.01.07 Description A flaw exists in the D-Link DWR-M960 router, specifically in version 1.01.07. This issue is located within the sub 462590 function of the /boafrm/formOpMode component, which is part of the Operation...
PT-2026-20256
Old vuln, new life: React2Shell CVE-2025-55812 is seeing a surge in active exploitation with reverse shells + cryptominers. If your patching is based on CVSS instead of real-world activity, you’re already behind. https://t.co/2hEOe08JVG CyberSecurity ThreatIntel PatchNow...
PT-2026-20251
Name of the Vulnerable Software and Affected Versions IBM Security QRadar EDR versions 3.12 through 3.12.23 Description IBM Security QRadar EDR does not invalidate sessions after they expire. This could allow an authenticated user to impersonate another user on the system. Recommendations Update...
PT-2026-8047
The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulk save' AJAX action. This makes it possible for...
PT-2026-7596
Name of the Vulnerable Software and Affected Versions AMD µProf affected versions not specified Description A flaw in permission assignment within AMD µProf could allow a local, privileged attacker to escalate their privileges, potentially leading to arbitrary code execution. Recommendations At t...
PT-2026-7312
Name of the Vulnerable Software and Affected Versions IntelR NPU Drivers affected versions not specified Description An improper conditions check in some firmware for IntelR NPU Drivers within Ring 1 may allow a denial of service. An unprivileged software adversary with an authenticated user and ...
PT-2026-6963
Name of the Vulnerable Software and Affected Versions Tenda TX3 versions up to 16.03.13.11 multi Description A flaw exists in Tenda TX3 that allows remote attackers to trigger a buffer overflow. The issue is located in the file /goform/SetIpMacBind and involves manipulation of the argument list t...
PT-2026-6891
Name of the Vulnerable Software and Affected Versions Video Onclick plugin for WordPress versions prior to 0.4.8 Description The Video Onclick plugin for WordPress is susceptible to Stored Cross-Site Scripting through the youtube shortcode. This is due to inadequate input sanitization and output...
PT-2026-6715
Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security flaw exists in itsourcecode Student Management System 1.0. The issue involves a SQL injection affecting an unknown function within the file /ramonsys/billing/index.php...
PT-2026-5868
Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description IBM Concert is susceptible to HTTP header injection due to inadequate validation of the HOST headers. This issue could enable an attacker to perform various attacks against the system,...
PT-2026-6274
Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.19.0 Description An Open Redirect issue exists in Qwik City’s default request handler middleware. This allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation could allow...
PT-2026-5847
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with...
PT-2026-4012
Name of the Vulnerable Software and Affected Versions merkulove Crumber versions through 1.0.10 Description An authorization issue exists in merkulove Crumber crumber-elementor due to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendation...
PT-2026-3143
Name of the Vulnerable Software and Affected Versions Altium Workflow Engine affected versions not specified Description A stored cross-site scripting XSS issue exists because of insufficient server-side input sanitization within workflow form submission APIs. An authenticated user can inject...
PT-2026-3202
Content removed...
PT-2026-2631
A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI...
PT-2026-1664
Name of the Vulnerable Software and Affected Versions EFACEC EV chargers affected versions not specified Description A large number of ARP requests can cause a denial of service on a control board within the EV charger, impacting the EV interfaces. The affected board's proper operation is essenti...
PT-2026-4493
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the idpf driver related to RSS LUT handling after a soft reset. Specifically, a NULL pointer dereference can occur if an ethtool command accessing...
PT-2026-8163
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the flexible proportions code. A lockdep splat can occur due to a race condition within the fprop new period function. Specifically, the issue arises...
PT-2026-5077
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 147.0.1 Thunderbird versions prior to 140.7.1 Description A flaw exists that could allow for CSS-based exfiltration of content from partially encrypted emails when remote content is permitted. This could potential...
PT-2025-54216
Name of the Vulnerable Software and Affected Versions Serverless Framework versions 4.29.0 through 4.29.2 Description The Serverless Framework includes a command injection issue within the built-in MCP server package @serverless/mcp. This affects users utilizing the experimental MCP server featur...
PT-2025-53034
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the ext4 subsystem related to inode eviction with dioread nolock. Specifically, a warning could occur when evicting an inode, potentially due to...
PT-2025-49835
A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...
PT-2025-49499
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The encryption algorithms within the kernel’s virt/coco/sev-guest component directly read from and write to shared unencrypted memory. This practice could potentially expose information...
PT-2025-47588
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo...
PT-2025-43999
Name of the Vulnerable Software and Affected Versions Rubikon Banking Solution version 4.0.3 Description A reflected cross-site scripting issue exists in the "Search For Customers Information" endpoints of Rubikon Banking Solution. This allows for the injection of malicious scripts through...
PT-2025-42179
Name of the Vulnerable Software and Affected Versions Illustrator versions 29.7 and earlier Illustrator version 28.7.9 and earlier Description The software contains an out-of-bounds write issue that may lead to arbitrary code execution with the privileges of the current user. Successful...
PT-2025-40114
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak issue was identified and resolved in the Linux kernel related to reference counting within the of lpddr3 get ddr timings function. The issue occurs when iterating through...
PT-2025-33690 · Totolink · Totolink A3002Ru
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: The device contains a command injection issue via the bupload.html component. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...
PT-2025-31874 · Unknown · Liquidfiles
Name of the Vulnerable Software and Affected Versions: LiquidFiles versions prior to 4.1.2 Description: LiquidFiles versions prior to 4.1.2 support FTP SITE CHMOD for mode 6777 setuid and setgid. This allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature an...
PT-2025-31474 · WordPress · Ai Engine Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress versions 2.9.3 and 2.9.4 Description: The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest simpleFileUpload function. This allows authenticat...
PT-2025-29613 · Cyberark · Secrets Manager +1
Name of the Vulnerable Software and Affected Versions: Conjur OSS versions 1.19.5 through 1.21.1 Secrets Manager, Self-Hosted versions 13.1 through 13.4.1 Description: Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who can inject secrets ...