175519 matches found
PT-2026-41148
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary run dbt command in src/dbt mcp/dbt cli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two...
PT-2026-41156
Summary Default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is reachable from their browser. CorsAllowedDomains: "." reflects any Origin, and LocalhostIsAdmin: true promotes requests from 127.0.0.1 to mesh-system:admin...
PT-2026-41175
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.5.7 Description An issue exists where a user can modify another user's model regardless of whether its visibility is set to Private. By altering access permissions during the editing process, unauthorized access...
PT-2026-40592
Impact Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypted props p value as...
PT-2026-40613
Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...
PT-2026-40729
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description SiYuan's publish-mode Reader can modify configuration and SQL index data through eight ungated APIs. These endpoints are registered with model.CheckAuth but lack model.CheckAdminRole and...
PT-2026-44988
Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.44.0 Description When the server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. Because the validity check is field value is performed before decoding,...
PT-2026-40834
Name of the Vulnerable Software and Affected Versions Strapi versions 4.0.0 through 4.26.0 Strapi versions 5.0.0 through 5.33.1 Description A database-query injection exists in the Content-Type Builder write API. An authenticated administrator can inject arbitrary database statements through the...
PT-2026-40747
Name of the Vulnerable Software and Affected Versions Prisma Browser affected versions not specified Description A race condition allows a locally authenticated non-admin user to bypass specific access and data control policies. A race condition is a situation where the system's substantive...
PT-2026-40635
Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.1.3.2 BIG-IP versions prior to 17.5.1.6 BIG-IP versions prior to 21.0.0.2 BIG-IQ versions prior to 17.1.3.2 BIG-IQ versions prior to 17.5.1.6 BIG-IQ versions prior to 21.0.0.2 Description A flaw in BIG-IP and BIG-IQ...
PT-2026-40577
Name of the Vulnerable Software and Affected Versions GUARDIANWALL MailSuite affected versions not specified GUARDIANWALL Mail Security Cloud SaaS version affected versions not specified Description A stack-based buffer overflow allows a remote attacker to execute arbitrary code by sending a...
PT-2026-40660
Name of the Vulnerable Software and Affected Versions iControl REST affected versions not specified Description A flaw in iControl REST allows a highly privileged, authenticated attacker with at least the Manager role to create configuration objects that enable the execution of arbitrary commands...
PT-2026-40731
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.3 Description A sandbox breakout allows attackers to execute arbitrary commands on the host system. This occurs because a host exception can be caught using the yield expression within an async generator. When the...
PT-2026-40806
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...
PT-2026-40637
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3 F5 BIG-IP versions prior to 17.5.1 Description When Bidirectional Forwarding Detection BFD, a network protocol used to quickly detect faults in the bidirectional path between two forwarding engines, is...
PT-2026-40819
Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.101.1 ERPNext versions prior to 16.10.0 Description An improper limitation of a pathname to a restricted directory, known as path traversal, allows an authenticated adjacent attacker to read arbitrary files via an...
PT-2026-40711
Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description A buffer overflow in the IKEv2 processing allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall or cause a deni...
PT-2026-40570
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code...
PT-2026-40628
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP MSP::loop, AP MSP, AP MSP.cpp components...
PT-2026-40563
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2S Post Tools::deleteUserPublishPost and B2S Post Tools::deleteUserSchedPost...
PT-2026-40584
Name of the Vulnerable Software and Affected Versions Avada Builder versions prior to 3.15.2 Description The Avada Builder plugin for WordPress contains a time-based SQL Injection, a technique where an attacker sends queries that cause the database to pause for a specific duration to determine if...
PT-2026-40610
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...
PT-2026-40709
A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises former 1E DEX Platform On-Premises prior to version 9.2. Improper input validation allows authenticated users with at least questioner privileges to inject commands in specific instructions. Exploitation could...
PT-2026-40801
Name of the Vulnerable Software and Affected Versions Quark Drive versions prior to 0.8.5 Description A mass assignment issue exists in the "POST /update" endpoint. Authenticated attackers can overwrite administrator credentials by submitting an arbitrary webui object to the config data dictionar...
PT-2026-40579
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...
PT-2026-39930
SAP TAF APPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...
PT-2026-39940
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker...
PT-2026-39950
The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the wpsbd post carousel shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2026-39992
A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current...
PT-2026-40077
Name of the Vulnerable Software and Affected Versions IntelR Processors affected versions not specified Description Shared microarchitectural predictor state that influences transient execution for some processors within VMX non-root guest operation may lead to information disclosure. An...
PT-2026-40092
Unchecked return value for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ma...
PT-2026-40102
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied arguments to be...
PT-2026-40059
PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syft function for remote execution on the server. While a...
PT-2026-40036
Name of the Vulnerable Software and Affected Versions consul-template versions prior to 0.42.0 Description A sandbox path bypass exists in the file template helper, which may allow an attacker to read files located outside of the intended sandbox directory. Recommendations Update to version 0.42....
PT-2026-40040
Name of the Vulnerable Software and Affected Versions Ivanti Xtraction versions prior to 2026.2 Description External control of a file name allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory. This can lead to information disclosure and...
PT-2026-40194
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
PT-2026-40240
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally...
PT-2026-40257
Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description Improper access control allows an unauthorized attacker to perform spoofing locally...
PT-2026-40248
Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description A relative path traversal issue in Visual Studio Code Live Preview allows an unauthorized attacker to disclose local information. Path traversal is a flaw that enables users to...
PT-2026-40241
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally...
PT-2026-40252
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...
PT-2026-40287
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...
PT-2026-40292
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...
PT-2026-40118
Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...
PT-2026-40153
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A use after free issue in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Use after free is a memory corruption flaw that occurs when an application continu...
PT-2026-40433
nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowed non write users: $...
PT-2026-40456
Name of the Vulnerable Software and Affected Versions Advanced Custom Fields: Extended versions prior to 0.9.2.4 Description The Advanced Custom Fields: Extended plugin for WordPress allows unauthenticated attackers to execute arbitrary shortcodes. This occurs because the software fails to proper...
PT-2026-40459
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.3.2 Description ChurchCRM is an open-source church management system. The UserEditor.php file processes user account creation and permission updates using $ POST parameters without validating Cross-Site Request...
PT-2026-40453
Name of the Vulnerable Software and Affected Versions Linux ksmbd affected versions not specified Description A remote memory corruption issue exists in the ACL inheritance path. Remote clients with directory creation permissions can trigger a heap out-of-bounds read and subsequent heap corruptio...
PT-2026-40447
Name of the Vulnerable Software and Affected Versions Deskflow versions prior to 1.26.0.167 Description Remote, unauthenticated denial of service DoS affects servers running with TLS enabled. When a TCP peer connects to the listening port and the initial bytes are not a valid TLS ClientHello, the...