PT-2026-38355

Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...

PT-2026-38377

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.13.Final Netty versions prior to 4.1.133.Final Description Netty incorrectly parses malformed Transfer-Encoding headers, which can lead to request smuggling attacks. Specifically, the framework incorrectly marks a...

PT-2026-38405

Name of the Vulnerable Software and Affected Versions ShellHub versions prior to 0.24.2 Description An issue exists where the endpoint "/api/namespaces/:tenant" returns the complete namespace object to any caller authenticated via an API Key, regardless of the API Key's tenant scope. This object...

PT-2026-38373

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.13.Final Netty versions prior to 4.1.133.Final Description Netty's chunk size parser silently overflows an integer, which allows for request smuggling attacks. This occurs within the getChunkSize function of the...

PT-2026-38394

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description A performance optimization in the code transformer skips AST Abstract Syntax Tree analysis when the code does not contain the keywords catch, import, or async. This fast-path bypass allows sandboxed cod...

PT-2026-37345

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

PT-2026-37595

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libertas wifi component where the usb tx block function submits cardp-tx urb without verifying if previous transmissions on that URB USB Request Block have...

PT-2026-37631

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

PT-2026-37495

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the mmio regmap when an allocation happens during the probe process and subsequently fails. The regmap is not freed during probe failures, such as probe deferral,...

PT-2026-37657

Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Description Improper role-based access control RBAC permissions on the RADIUS Policy API endpoints allow an authenticated remote attacker with read-only Administrator privileges to gain unauthorized re...

PT-2026-37979

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...

PT-2026-38301

Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description When LDAP TLS is enabled via the LDAP USE TLS variable, the LDAP authentication module in the bind function unconditionally disables TLS certificate verification at the global ldap module level. This...

PT-2026-38293

Name of the Vulnerable Software and Affected Versions Micronaut Framework versions prior to 4.10.22 Description In applications that explicitly register a ResourceBundleMessageSource bean and serve HTML error responses, an unauthenticated attacker can cause heap memory exhaustion. This occurs...

PT-2026-37936

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

PT-2026-37954

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

PT-2026-37276

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A low-privileged user, such as a Content Editor with pages.update permissions, can bypass Twig sandbox restrictions by utilizing the grav'accounts' service. This allows an attacker to...

PT-2026-37030

Name of the Vulnerable Software and Affected Versions Betheme versions prior to 28.5 Description The Betheme theme for WordPress allows authenticated attackers with author-level access or higher to upload arbitrary files, including PHP scripts. This occurs because the upload icons function moves...

PT-2026-37337

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.1 Description When a NodeVM is created with the nesting variable set to true, sandbox code can unconditionally use require'vm2' regardless of the outer VM's require configuration, including when require is set to...

PT-2026-37362

These are all security issues fixed in the cf-cli-8.18.3+git.0.83ce51d9c-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-36590

Name of the Vulnerable Software and Affected Versions Royal Elementor Addons versions prior to 1.7.1058 Description The Royal Elementor Addons plugin for WordPress contains a Server-Side Request Forgery SSRF issue. This occurs because the render csv data function does not sufficiently validate...

PT-2026-36611

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

PT-2026-36671

Name of the Vulnerable Software and Affected Versions Apache Polaris versions prior to 1.4.1 Description Changing the write.metadata.path table property via an ALTER TABLE settings change allows a user to bypass the commit-time branch intended to revalidate storage locations. This defect enables...

PT-2026-37146

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An issue exists where the Role::stopMembership function fails to verify if removing a user from the administrator role leaves the system with zero administrators. While the deprecated...

PT-2026-34864

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions read permission callback unconditionally returns true via return true instead of checking for...

PT-2026-34946

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A duplicate resource teardown occurs in the PCI endpoint pci-epf-vntb. The function epf ntb epc destroy performs a teardown that the caller is already expected to execute. This redundanc...

PT-2026-34964

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the smb2 get ea function reads the EaNameLength variable from a client request and passes it to strncmp as the comparison length without verifying if the name length...

PT-2026-34934

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the hwmon powerz component during USB disconnection. When powerz disconnect frees the URB USB Request Block and releases the mutex, a subsequent call to...

PT-2026-34660

Name of the Vulnerable Software and Affected Versions FunnelFormsPro versions n/a through 3.8.1 Description Improper Control of Generation of Code allows Remote Code Inclusion, which enables an attacker to inject and execute arbitrary code. Recommendations At the moment, there is no information...

PT-2026-34409

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the packet release function where a NETDEV UP event can re-register a socket into a fanout group's arr array. Because packet release does not zero the po-num...

PT-2026-34008

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.0 Description The git resolver in API mode sends the system-configured Git API token to a user-controlled 'serverURL' when the token parameter is omitted. A tenant with TaskRun or PipelineRun create...

PT-2026-34193

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update,...

PT-2026-33909

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.9 OpenEXR versions 3.3.0 through 3.3.9 OpenEXR versions 3.2.0 through 3.2.7 Description An integer overflow occurs in the reference implementation of the EXR image storage format. The issue exists in internal...

PT-2026-33847

Name of the Vulnerable Software and Affected Versions LMDeploy versions prior to 0.12.3 Description A Server-Side Request Forgery SSRF issue exists in the vision-language module of LMDeploy, a toolkit for compressing, deploying, and serving large language models. The load image and encode image...

PT-2026-44910

Name of the Vulnerable Software and Affected Versions axios versions 0.x through 1.x Description A prototype pollution gadget in the lib/adapters/http.js component allows an attacker to escalate any Object.prototype pollution within an application's dependency tree into a full Man-in-the-Middle...

PT-2026-32535

Name of the Vulnerable Software and Affected Versions UniFi Play PowerAmp versions prior to 1.0.38 UniFi Play Audio Port versions prior to 1.1.9 Description Improper Access Control in the UniFi Play network allows a malicious actor with network access to enable SSH, which can lead to unauthorized...

PT-2026-31850

Name of the Vulnerable Software and Affected Versions Customer Reviews for WooCommerce plugin for WordPress versions up to and including 5.103.0 Description The Customer Reviews for WooCommerce plugin for WordPress is susceptible to authentication bypass. This occurs because the create review...

PT-2026-31260

Name of the Vulnerable Software and Affected Versions The Publisher Desk ads.txt versions n/a through 1.5.0 Description A missing authorization issue exists in PublisherDesk The Publisher Desk ads.txt, allowing exploitation due to incorrectly configured access control security levels...

PT-2026-40436

Name of the Vulnerable Software and Affected Versions cPanel versions prior to 11.134.0.26 Description Incorrect privilege management and insufficient path filtering in the cpdavd component allow an unauthenticated attacker to read arbitrary files on the server as root. This is achieved through a...

PT-2026-29567

🔴 CVE-2026-30643 - Critical An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. https://t.co/rjHTzSsdI1 https://t.co/y2qo3h5iFP...

PT-2026-28450

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description OpenClaw contains a privilege escalation issue within the device.token.rotate function. Callers possessing operator.pairing scope can generate tokens with expanded scopes, bypassing intended sco...

PT-2026-28740

The '/api/v1/files/images/flow id/file name' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users,...

PT-2026-28213

The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update responsive woo free shipping left shortcode AJAX action that does not properly validate the content rech data parameter before...

PT-2026-28301

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software contains an Internal IP Disclosure issue that could provide attackers with a more detailed understanding of the organization’s network layout. This disclosure could a...

PT-2026-25967

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak’s Security Assertion Markup Language SAML broker endpoint. The endpoint does not properly validate encrypted assertions when the overall SAML response is not signed...

PT-2026-24581

The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location id' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer FlipperCode Model Base::is column treating user input wrapped in backticks as column...

PT-2026-23342

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Happy Baby happy-baby allows PHP Local File Inclusion.This issue affects Happy Baby: from n/a through = 1.2.12...

PT-2026-23396

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Notarius notarius allows PHP Local File Inclusion.This issue affects Notarius: from n/a through = 1.9...

PT-2026-23180

Name of the Vulnerable Software and Affected Versions AncoraThemes CloudMe versions through 1.2.2 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files within th...

PT-2026-23153

Name of the Vulnerable Software and Affected Versions Mikado-Themes Cortex versions through 1.5 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendatio...

PT-2026-23321

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpDataTables wpDataTables wpdatatables allows PHP Local File Inclusion.This issue affects wpDataTables: from n/a through = 6.5.0.1...