184491 matches found
PT-2026-49868
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
PT-2026-49840
Name of the Vulnerable Software and Affected Versions Oracle Data Integrator version 12.2.1.4.0 Oracle Data Integrator version 14.1.2.0.0 Description An issue exists in the Market Place component of the Oracle Data Integrator product of Oracle Fusion Middleware. A low privileged attacker with...
PT-2026-50180
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description The Compression node's Decompress operation expands attacker-controlled archives into memory without enforcing limits on the decompressed output size. An unauthenticated attacker can send a small...
PT-2026-49737
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description The CORS Middleware reflects the request Origin and sends Access-Control-Allow-Credentials: true when credentials: true is enabled and no explicit origin is defined defaulting to the wildcard. This...
PT-2026-49865
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites...
PT-2026-50061
Name of the Vulnerable Software and Affected Versions Oracle Project Portfolio Analysis versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Project Portfolio Analysis product within Oracle E-Business Suite. A low privileged attacker with...
PT-2026-50026
Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel Cloud Manager versions 17.0 through 26.5 Description An issue in the Siebel Cloud Manager component of Oracle Siebel CRM allows an unauthenticated attacker with network access via HTTP to compromise the system...
PT-2026-49807
In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-49788
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing bounds check in the decodeByePacket function of RtcpByePacket can lead to remote information disclosure. Exploitation requires user interaction and doe...
PT-2026-49969
Name of the Vulnerable Software and Affected Versions MySQL NDB Cluster versions 8.0.11 through 8.0.46 MySQL NDB Cluster versions 8.4.0 through 8.4.9 MySQL NDB Cluster versions 9.0.0 through 9.7.0 Description An issue exists in the NDB Operator component of MySQL NDB Cluster. A low-privileged...
PT-2026-49987
Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. An unauthenticated attacker with network access via JDENET can compromise th...
PT-2026-50123
Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...
PT-2026-50114
Unauthenticated PHP Object Injection in TechLink = 1.3 versions...
PT-2026-50078
Name of the Vulnerable Software and Affected Versions LangGraph Python SDK versions prior to 0.3.15 Description Unsafe URL path construction occurs due to unsanitized caller-supplied identifier values used in HTTP request paths for resource operations. Identifiers containing characters with speci...
PT-2026-49967
Name of the Vulnerable Software and Affected Versions Oracle Agile PLM version 9.3.6 Description An issue in the Security component of the Oracle Agile PLM product allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation can result in a...
PT-2026-49934
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
PT-2026-49848
Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools version 8.61 PeopleSoft Enterprise PT PeopleTools version 8.62 Description An issue exists in the Deployment Package component of Oracle PeopleSoft. This allows an unauthenticated attacker with access to th...
PT-2026-49610
On Xtensa targets with CONFIG USERSPACE and CONFIG XTENSA MMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensa domain list, of active memory domains using a list node embedded inside the caller-owned struct k mem domain. When a domain is destroyed via k mem domain...
PT-2026-49653
A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...
PT-2026-49862
Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools versions 8.61 PeopleSoft Enterprise PT PeopleTools versions 8.62 Description An issue exists in the Deployment Package component of PeopleSoft Enterprise PT PeopleTools. This flaw allows an unauthenticated...
PT-2026-49307
Name of the Vulnerable Software and Affected Versions Discuz! X5.0 versions 20260320 through 20260501 Description An authentication bypass allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality. This is possible due to a shared cryptograph...
PT-2026-49432
Subscriber Broken Access Control in Amelia = 2.2 versions...
PT-2026-49232
Name of the Vulnerable Software and Affected Versions GPTranslate – Multilingual AI Translation for WordPress versions prior to 2.32.7 Description An unauthenticated SQL Injection exists in the GPTranslate plugin for WordPress. This allows an attacker to execute arbitrary SQL queries on the...
PT-2026-49285
Name of the Vulnerable Software and Affected Versions Microvirt MEmu Android Emulator version 9.2.7.0 Description A flaw in the MemuService.exe component allows a local attacker to perform a Windows Service Hijacking attack, leading to local privilege escalation to SYSTEM level. Recommendations A...
PT-2026-49591
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description An issue exists in the C parser of the asynchronous HTTP client/server framework where the max line size check can be bypassed in parts of an HTTP request. When using the optimized C parser, which i...
PT-2026-49304
Name of the Vulnerable Software and Affected Versions Spring Cloud Sleuth versions 3.1.0 through 3.1.13 Description A denial-of-service DoS condition can be triggered when a user provides specially crafted calls. This occurs in applications using the...
PT-2026-49617
CVE ID :CVE-2026-54296 Published : June 15, 2026, 6:31 p.m. | 1 hour, 19 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-49405
Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...
PT-2026-49246
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...
PT-2026-49259
Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description A directory or path traversal issue exists in the web UI of Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage. The flaw occurs because the software does not properly...
PT-2026-49361
Editor Privilege Escalation in AI Engine = 3.4.9 versions...
PT-2026-49235
Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...
PT-2026-49105
Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description When applying a PATCH request to update fields in volume properties for which a user is authorized, the system may return unredacted sensitive information, such as iSCSI credentials. This...
PT-2026-49133
Name of the Vulnerable Software and Affected Versions nanoMODBUS versions prior to 1.23.1 Description An off-by-one buffer overflow exists in the recv msg header function of the Modbus/TCP server. Remote unauthenticated attackers can write one controlled byte beyond the 260-byte receive buffer by...
PT-2026-49091
Name of the Vulnerable Software and Affected Versions Bookly versions prior to 27.3 Description The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping...
PT-2026-49183
CVE-2026-54095 - Rejected reason: CVE REJECT DO NOT USE THIS CVE ID :CVE-2026-54095 Published : June 12, 2026, 10:16 p.m. | 3 hours, 19 minutes ago Description :Rejected reason: CVE REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate is a duplicate of...
PT-2026-48876
Name of the Vulnerable Software and Affected Versions Yarbo Android and iOS applications affected versions not specified Description The Android and iOS applications contain hard-coded MQTT broker credentials that are identical across all users and devices. These credentials, embedded in the...
PT-2026-49057
Name of the Vulnerable Software and Affected Versions Fleet affected versions not specified Description An issue in the Apple MDM commands listing endpoint allows authenticated users with the Observer role to extract sensitive data from joined database tables, such as host enrollment secrets and...
PT-2026-48867
The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...
PT-2026-49022
Name of the Vulnerable Software and Affected Versions Imagination Graphics DDK affected versions not specified Description A web page containing unusual WebGPU content loaded into the GPU GLES render process can trigger an out-of-bound write in the GPU user-space driver. This occurs because the...
PT-2026-48840
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device...
PT-2026-48997
Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A reflected cross-site scripting issue exists in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping within a single-quoted...
PT-2026-48927
A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The get versioned path method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...
PT-2026-48975
Name of the Vulnerable Software and Affected Versions CodeAstro Human Resource Management System version 1.0 Description A security flaw in the Projects Management Page component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted...
PT-2026-48944
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. A 32-bit unsigned integer overflow ...
PT-2026-49606
Name of the Vulnerable Software and Affected Versions squid-cache Squid affected versions not specified Description A heap-based buffer overflow occurs during the processing of cache digests. A heap-based buffer overflow is a memory corruption issue where a program writes more data to a buffer...
PT-2026-48966
Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An improper authorization issue allows an authenticated organization administrator to access or modify user settings of site administrator accounts within the same organization. This occurs...
PT-2026-48978
Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The ReviewableQueuedPostSerializer unconditionally includes the raw email payload for posts received via incoming email. This allo...
PT-2026-48747
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.22 Description An issue in the Control UI pairing process involves insufficient locality-derived trust validation. This allows attackers with network access to spoof locality information to convert temporary...
PT-2026-48793
Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 - 133 Description An Insecure Direct Object Reference IDOR exists in the video subtitle editor of this open source video sharing platform. Due to a lack of authorization, an authenticated user can modify...