184253 matches found
PT-2022-24294 · Xpdf +1 · Xpdf +1
Name of the Vulnerable Software and Affected Versions: Xpdf version 4.04 Description: The issue is related to a use-after-free problem in the JBIG2Stream::close function, located in the JBIG2Stream.cc file. This can be triggered by sending a crafted PDF file to the pdfimages binary, for example. ...
PT-2019-4415 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.6 Description: A memory leak in the nfp abm u32 knode replace function in drivers/net/ethernet/netronome/nfp/abm/cls.c allows attackers to cause a denial of service memory consumption. The issue has been...
PT-2026-51514
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description A command injection issue exists in the SVG decoder. This allows attackers to inject arbitrary Magick Vector Graphics MVG drawing commands by crafting...
PT-2026-51194
Name of the Vulnerable Software and Affected Versions Ezbsystems UltraISO Premium Edition versions prior to 9.77 Description Improper access controls exist within the Kernel Driver component, specifically affecting the bootpt64.sys library. This issue allows for unauthorized access when manipulat...
PT-2026-51008
Name of the Vulnerable Software and Affected Versions @microsoft/kiota-http-fetchlibrary versions 1.0.0-preview.97 through 1.0.0-preview.101 Description The RedirectHandler in the library fails to properly remove sensitive headers during cross-origin redirects. While it is intended to strip...
PT-2026-50897
Name of the Vulnerable Software and Affected Versions Line Desktop MCP versions prior to 1.1.2 Description Line Desktop MCP allows users to operate the LINE Desktop application on Windows or Mac via Model Context Protocol MCP. When using the --http-mode Streamable HTTP transport, the server binds...
PT-2026-50907
Name of the Vulnerable Software and Affected Versions Iperius Remote version 1.7.0 Description An unquoted service path issue exists where the service installation path is not enclosed in quotes. This allows local users to execute arbitrary code with SYSTEM privileges. If the software is installe...
PT-2026-51066
Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlab git/handlers.py:91 to enforce the admin-configured excluded paths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive...
PT-2026-50896
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.5.0 through 3.16.0 Description An authentication bypass issue exists in the opa plugin. An attacker can relay spoofed identity headers to upstream services by exploiting non-default configurations in the opa plugin,...
PT-2026-50401
Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...
PT-2026-50047
Name of the Vulnerable Software and Affected Versions Oracle iSupport versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle iSupport product within Oracle E-Business Suite. A high privileged attacker with network access via HTTP can exploit...
PT-2026-49965
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Oracle Management Service component of the Oracle Enterprise Manager Base Platform. This flaw allows a...
PT-2026-49943
Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: End User Self Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Identity...
PT-2026-49705
Name of the Vulnerable Software and Affected Versions FactoryTalk Historian Site Edition affected versions not specified Description An authentication bypass issue exists where an attacker can obtain a valid authentication token by continually sending requests to the login endpoint. Recommendatio...
PT-2026-49074
Name of the Vulnerable Software and Affected Versions abrt-dbus affected versions not specified Description A race condition exists in the ChownProblemDir method of the abrt-dbus D-Bus service. The ChownProblemDir method opens the dump directory using DD OPEN READONLY and executes dd chown to...
PT-2026-48932
Summary A NoSQL injection vulnerability existed in MongoDBSaver where checkpoint identifier fields from config.configurable were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads for example MongoDB operators like $gt and $ne coul...
PT-2026-49030
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.26 Description An information disclosure issue exists in sandboxed session spawning that exposes the real workspace path to child prompts. This allows attackers to reveal the host workspace location or related...
PT-2026-48822
Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A path traversal issue exists in certain devices running UniFi OS. A malicious actor with network access can exploit this to obtain data from the affected devices or instances. Path traversa...
PT-2026-48481
Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.0.13 Description A cross-site request forgery CSRF issue exists where a cross-site GET request can trigger stored cron commands on a victim's agents. The dashboard exposes a manual-trigger action via t...
PT-2026-48176
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wl radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
PT-2026-48327
Name of the Vulnerable Software and Affected Versions Spring for Apache Kafka versions 4.0.0 through 4.0.5 Spring for Apache Kafka versions 3.3.0 through 3.3.15 Spring for Apache Kafka versions 3.2.0 through 3.2.13 Spring for Apache Kafka versions 2.9.0 through 2.9.13 Spring for Apache Kafka...
PT-2026-46910
Name of the Vulnerable Software and Affected Versions ansible-core affected versions not specified Red Hat Ansible Automation Platform affected versions not specified Description An argument injection flaw exists in the ansible-galaxy role install command. The issue occurs because dependency...
PT-2026-46001
Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to unauthenticated adjacent network attackers...
PT-2026-07: Local Privilege Escalation Vulnerability in the Linux Kernel (Copy Fail)
This security advisory provides information regarding a Linux kernel vulnerability, CVE-2026-31431 , informally known as Copy Fail. This vulnerability allows for local privilege escalation to the superuser root level and affects the Linux kernel module: algifaead. Vulnerability status : PT NGFW i...
PT-2026-45456
FlexRIC v2.0.0 contains reachable assert0 calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type e.g., E2nodeConfigurationUpdate to crash the near-RT RIC process port...
PT-2026-45443
Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...
PT-2026-44244
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the DAMON sysfs interface. Direct reads and writes of the memcg path and path files can race, as the write operation deallocates the buffer pointed to by...
PT-2026-42166
The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view sensitive data...
PT-2026-45478
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11 Linux kernel versions prior to 6.18.34 Linux kernel versions prior to 6.12.92 Linux kernel versions prior to 6.6.142 Linux kernel versions prior to 6.1.175 Linux kernel versions prior to 5.15.209 Linux...
PT-2026-41986
Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.703.2 Description Incorrect default permissions in nsjail sandbox configuration files allow the /etc directory to be bind-mounted without read-write restrictions. This enables authenticated users to write arbitrary...
PT-2026-41658
Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description An issue exists where public/private permissions are not properly verified, allowing members who lack...
PT-2026-41421
Name of the Vulnerable Software and Affected Versions jsondiffpatch versions prior to 0.7.6 Description Improper sanitization of JSON values and property names in the annotated formatter allows for Cross-site Scripting XSS. This occurs when an application compares untrusted JSON or object data an...
PT-2026-40831
Name of the Vulnerable Software and Affected Versions Web::Passwd version 0.03 Description Web::Passwd, a small CGI application for managing htpasswd files via the htpasswd command, allows remote code execution. The user parameter is not validated or escaped before being used as the final argumen...
PT-2026-39415
Name of the Vulnerable Software and Affected Versions JeecgBoot version 3.9.1 Description A flaw in the 'mLogin' endpoint within the LoginController.java file of the jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ component allows for remote authorization...
PT-2026-38316
Name of the Vulnerable Software and Affected Versions Angular SSR versions 19.0.0-next.0 through 19.2.24 Angular SSR versions 20.x through 20.3.24 Angular SSR versions 21.x through 21.2.8 Angular SSR versions 22.0.0-next.0 through 22.0.0-next.6 Description An issue exists in the processing logic ...
PT-2026-35782
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.2 Description An improper access control issue exists in the iOS A2UI bridge, which incorrectly treats generic local-network pages as trusted origins. This allows attackers to inject unauthorized agent.request...
PT-2026-31260
Name of the Vulnerable Software and Affected Versions The Publisher Desk ads.txt versions n/a through 1.5.0 Description A missing authorization issue exists in PublisherDesk The Publisher Desk ads.txt, allowing exploitation due to incorrectly configured access control security levels...
PT-2026-28590
Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A flaw exists in the Docker daemon’s privilege validation process during docker plugin install. The daemon does not fully enforce plugin privilege checks, potentially allowing unintended...
PT-2026-27473
Name of the Vulnerable Software and Affected Versions Zabbix versions prior to 7.4 Description A design flaw in Zabbix Server/Proxy related to JavaScript Duktape context reuse can result in data leakage. Specifically, a regular Zabbix administrator may unintentionally expose data for hosts they a...
PT-2026-4146
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes PartyMaker partymaker allows PHP Local File Inclusion.This issue affects PartyMaker: from n/a through = 1.1.15...
PT-2026-4329
Name of the Vulnerable Software and Affected Versions HPE Alletra 6000/5000 and Nimble Storage versions prior to 6.1.2.800 HPE Alletra 6000/5000 and Nimble Storage versions prior to 6.1.3.300 Description A privilege escalation flaw exists in HPE Alletra 6000/5000 and Nimble Storage arrays. An...
PT-2025-47837
Name of the Vulnerable Software and Affected Versions ashraf-kabir travel-agency versions prior to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 Description A security issue exists in ashraf-kabir travel-agency. The manipulation of the edit pack argument in the /admin area/index.php file leads to SQL...
PT-2025-11089 · Unknown · Softether Vpn
Name of the Vulnerable Software and Affected Versions: SoftEther VPN version 5.02.5187 Description: The issue is related to a Buffer Overflow in the Command.c file, specifically via the PtMakeCert and PtMakeCert2048 functions. Recommendations: For SoftEther VPN version 5.02.5187, consider disabli...
PT-2023-9427 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the xhci component in the Linux kernel, where a NULL pointer dereference can occur when the host controller is not responding, causing a kernel panic. This...
PT-2022-10654
Name of the Vulnerable Software and Affected Versions jQuery-Upload-File version 4.0.11 Description A cross-site scripting XSS issue exists due to a vulnerability in the fileNameStr parameter, allowing attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload...
PT-2021-4560 · Php +10 · Php +10
Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.31 PHP versions 7.4.x through 7.4.24 PHP versions 8.0.x through 8.0.11 Description: The issue is related to the PHP FPM SAPI component, where child worker processes can access and modify memory shared with the...
PT-2021-4234 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 5.13.7 Description: The issue allows an unprivileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This is possible because the protection...
PT-2017-11760 · Bolt · Bolt Cms
Name of the Vulnerable Software and Affected Versions: Bolt CMS version 3.2.14 Description: The issue allows for stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. This can be exploited by uploading a malicious SVG file. Recommendations: For Bolt CMS version...
PT-2026-50873
Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...
PT-2026-50696
Name of the Vulnerable Software and Affected Versions Grav version 2.0.0-rc.9 with Admin2 version 2.0.0-rc.14 Description A stored cross-site scripting XSS issue exists in the Admin2 Pages API save flow due to a missing XSS safety check during partial validation. Stored XSS occurs when an...