184427 matches found
PT-2026-55401
Command injection via dotfiles URI parameter combined with workspace auto-creation Summary The dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a crafted dotfiles uri value for example...
PT-2026-55198
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the do image upload function where user-supplied input from the acceptFileTypes PO...
PT-2026-55246
A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...
PT-2026-54935
Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.14.0 Description When authentication is enabled, the trace API endpoints lack proper authorization validators. This occurs because the before request handler fails to register authorization validators for these...
PT-2026-54495
The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data title, price, weight, stock status, and...
PT-2026-54694
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A heap buffer overflow exists in Skia, a graphics library used by the browser. This issue allows a remote attacker who has already compromised the renderer process to potentially achiev...
PT-2026-55180
These are all security issues fixed in the python311-jupyter-server-2.20.0-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53615
PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syft function for remote execution on the server. While a...
PT-2026-53170
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...
PT-2026-53529
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...
PT-2026-53448
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...
PT-2026-53587
Anyscale Ray allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...
PT-2026-53676
Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs with unsanitized error query parameters. Attackers can exploit the OAuth...
PT-2026-53288
Subscriber Broken Access Control in MainWP = 6.1.1 versions...
PT-2026-53349
Missing JWT signature check GHSL-2022-078 The StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because...
PT-2026-52692
Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers...
PT-2026-52958
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The wbt init enable default function uses WARN ON ONCE to check for failures from wbt alloc and wbt init. However, these are expected failure paths: wbt alloc may return NULL during memo...
PT-2026-52860
The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...
PT-2026-52694
Name of the Vulnerable Software and Affected Versions libnfs versions prior to 6.0.2 Description An integer underflow occurs in the READ IOVEC section of the rpc read from socket function within lib/socket.c. This issue is triggered during a connection to a crafted NFS server when the expected PD...
PT-2026-52449
Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description Nokogiri contains a bug occurring when certain methods are called on native wrapper classes that inherit from Nokogiri::XML::Node and have been allocated but not initialized. This leads to a NULL...
PT-2026-52616
Name of the Vulnerable Software and Affected Versions Flowise affected versions not specified Description An unauthenticated path traversal issue exists in the '/api/v1/document-store/loader/process' endpoint. This flaw allows attackers to write arbitrary files to the filesystem by using...
PT-2026-52598
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but permits multiple endpoints to connect using the same session identifie...
PT-2026-52200
Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.5 Description The parse function finalizes parsed tokens using Array.prototype.concat as a reduce accumulator, causing the entire growing array to be reallocated and copied during every iteration. This results...
PT-2026-52487
Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create...
PT-2026-52552
RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...
PT-2026-52618
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.201 Description An integer overflow exists in Mojo, a Chromium IPC Inter-Process Communication framework. This issue allows a remote attacker who has already compromised the renderer process to...
PT-2026-52151
Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDashboard JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from insufficien...
PT-2026-51986
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF Berkeley Packet Filter verifier regarding linked register delta tracking. When the source register src reg and destination register dst reg are pointers to the...
PT-2026-51980
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The bcmgenet timeout handler incorrectly attempts to shut down all transmit tx queues when only a single queue experiences a timeout. This behavior creates race conditions—situations whe...
PT-2026-51821
A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...
PT-2026-51747
Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A flaw in the cookie parsing logic allows a malicious HTTP server to set super cookies that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that...
PT-2026-51627
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Password-reset tokens are generated using the account-activation lifetime conf.Auth.ActivateCodeLives instead of the intended password-reset lifetime conf.Auth.ResetPasswordCodeLives. Because the token...
PT-2026-51536
Name of the Vulnerable Software and Affected Versions Control Builder A versions prior to 1.4/4 800xA for Advant Master versions prior to 6.0.3-1 800xA for Advant Master versions prior to 6.1.1-1 800xA for Advant Master version 6.1.1-3 800xA for Advant Master version 6.2.0-1 Description An...
PT-2026-51454
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description An authentication bypass exists in the Budibase server route POST /api/attachments/:datasourceId/url because it lacks the authorized... middleware. An anonymous attacker who can enumerate a workspa...
PT-2026-51431
Name of the Vulnerable Software and Affected Versions motionEye versions prior to 0.44.0 Description Configuration files /etc/motioneye/motion.conf and camera-.conf are created with 644 permissions, making them readable by any local user on the system. The motion.conf file contains sensitive data...
PT-2026-51310
Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A site administrator can configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Since log entries can contain attacker-controlled content, an authenticated attacker...
PT-2026-51418
Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.1 Description vLLM is an inference and serving engine for large language models. The Dockerfile is susceptible to a dependency confusion attack involving the flashinfer-jit-cache package. This occurs because the...
PT-2026-51455
Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.6.0 Description Actual is a local-first personal finance tool that fails to neutralize formula-trigger characters when exporting data to CSV. The functions exportToCSV and exportQueryToCSV in...
PT-2026-51315
Name of the Vulnerable Software and Affected Versions libxml2 versions 2.9.11 through 2.11.0 Description A Use After Free issue exists in the xmlParseInternalSubset function of libxml2. This occurs due to improper entity resolution handling, which allows a remote attacker to cause a...
PT-2026-51292
Name of the Vulnerable Software and Affected Versions Net::Statsite::Client versions prior to 1.1.1 Description Net::Statsite::Client, a client for the statsite protocol a variant of statsd, allows metric injections. This occurs because newlines are not removed from metric names, and values are n...
PT-2026-51386
Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.3.10 Description mise processes .tool-versions files using the Tera template engine, which includes a registered exec function that allows for arbitrary command execution. In the default non-paranoid mode,...
PT-2026-51233
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.13 Craft CMS versions 4.0.0-RC1 through 4.17.7 Description An authorization bypass exists in the 'assets/preview-file' endpoint. The system fails to enforce per-asset view authorization before returning...
PT-2026-51232
Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.7 Craft CMS versions 5.0.0-RC1 through 5.9.13 Description A missing authorization issue exists in the 'assets/preview-thumb' endpoint. A Control Panel user lacking permissions to view a specific privat...
PT-2026-51203
Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description A buffer overflow can be triggered remotely via the POST Request Handler. The issue exists within the formWlSiteSurvey function located in the /goform/formWlSiteSurvey file, specifically through the...
PT-2026-51149
Name of the Vulnerable Software and Affected Versions capgo versions prior to 12.128.2 Description An authorization bypass exists in several Supabase PostgREST RPC functions: get app metrics, get global metrics, and get total metrics. These functions are granted to the anon role without enforcing...
PT-2026-51145
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.8 Description Insufficient input filtering in chat messages and custom agent functions allows for cross-site scripting XSS, a flaw where malicious scripts are injected into trusted websites. An attacker can execut...
PT-2026-51043
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the public.upsert version meta SECURITY DEFINER function exposed via PostgREST RPC. This allows unauthenticated attackers to insert arbitrary rows into version meta...
PT-2026-51152
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the unauthenticated '/replication' endpoint. This allows attackers to retrieve internal PostgreSQL replication telemetry without authentication, exposing...
PT-2026-51159
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'confirm-signup' endpoint. The confirmation url parameter is not validated, which allows attackers to redirect users to arbitrary external websites. This can be...
PT-2026-50865
Name of the Vulnerable Software and Affected Versions GPU DDK affected versions not specified Description Software run by a non-privileged user can execute improper GPU system calls to trigger an error path, resulting in a Use-After-Free UAF of GPU page tables. This occurs because an error recove...