184427 matches found
PT-2026-50201
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use-after-free issue exists in DigitalCredentials. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote attack...
PT-2026-50456
Name of the Vulnerable Software and Affected Versions undici versions 6.17.0 through 6.25.x undici versions 7.0.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description The WebSocket client fails to limit the number of fragments in a message, only enforcing the maxPayloadSize on the...
PT-2026-50190
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in DigitalCredentials on Windows allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free occurs when an...
PT-2026-50340
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
PT-2026-50123
Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...
PT-2026-50059
Name of the Vulnerable Software and Affected Versions Oracle Project Portfolio Analysis versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Project Portfolio Analysis product within Oracle E-Business Suite. A high privileged attacker with...
PT-2026-49985
Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. An unauthenticated attacker with network access via JDENET can compromise th...
PT-2026-50180
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description The Compression node's Decompress operation expands attacker-controlled archives into memory without enforcing limits on the decompressed output size. An unauthenticated attacker can send a small...
PT-2026-49832
CVE-2026-38194 in the pocket ! Driver expose insecure IOCTLs allowing memory access from a standard user. Rapido = https://t.co/lWzOOGLK8g PoC for the read primitive only. I'm not releasing the arbitrary write, but the clever ones will figure it out easily...
PT-2026-49755
Name of the Vulnerable Software and Affected Versions LangGraph SQLite Checkpoint versions prior to 4.1.1 Description The JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. If an unauthorized party modifies checkpoint bytes at rest in the backing store, the...
PT-2026-49610
On Xtensa targets with CONFIG USERSPACE and CONFIG XTENSA MMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensa domain list, of active memory domains using a list node embedded inside the caller-owned struct k mem domain. When a domain is destroyed via k mem domain...
PT-2026-49873
Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 Oracle Fusion Middleware WebLogic Server versions 14.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. This flaw allows an unauthenticated attacker...
PT-2026-49978
Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description An issue in the Shell for VS Code component of MySQL Shell allows a low-privileged attacker with network access via multiple protocols to compromise the software. Although the fl...
PT-2026-50089
Unauthenticated Local File Inclusion in Thegov Core 2.0.23 versions...
PT-2026-49790
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer overflow in the decodePacket function of RtpPacket can lead to out-of-bounds access. This issue may allow a local escalation of privilege without...
PT-2026-49977
Name of the Vulnerable Software and Affected Versions MySQL Shell versions 8.4.0 through 8.4.9 MySQL Shell versions 9.0.0 through 9.7.0 Description An issue exists in the Shell: Dump and Load component of Oracle MySQL. An unauthenticated attacker with network access via multiple protocols can...
PT-2026-49698
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12 Firefox ESR versions prior to 140.12 Description A memory safety bug exists in the software, which could lead to instability or unexpected behavior when handling memory operations. Recommendations Update to...
PT-2026-50176
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with permissions to create or modify workflows can provide crafted parameters to the TimescaleDB and legacy Postgres v1 nodes. This allows arbitrary SQ...
PT-2026-50135
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An issue exists in the token public-only scope enforcement where a public-only scoped API token can access private organization data. This occurs due to two flaws: the endpoint '/user/orgs' is...
PT-2026-50164
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The safe eval expression function in the computed fields feature uses an AST Abstract Syntax Tree validator that only blocks attributes starting with an underscore. Because Python generator and fram...
PT-2026-49972
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Agent Next Gen component of the Oracle Enterprise Manager Base Platform. A low privileged attacker wit...
PT-2026-49718
A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attack...
PT-2026-50114
Unauthenticated PHP Object Injection in TechLink = 1.3 versions...
PT-2026-49899
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description An issue exists in the Composer component of the Oracle WebCenter Portal product of Oracle Fusion Middleware. A low privileged attacker with...
PT-2026-49931
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Sites version 12.2.1.4.0 Oracle WebCenter Sites version 14.1.2.0.0 Description An issue in the Oracle WebCenter Sites component of Oracle Fusion Middleware allows an unauthenticated attacker with network access via HTTP to...
PT-2026-50078
Name of the Vulnerable Software and Affected Versions LangGraph Python SDK versions prior to 0.3.15 Description Unsafe URL path construction occurs due to unsanitized caller-supplied identifier values used in HTTP request paths for resource operations. Identifiers containing characters with speci...
PT-2026-49653
A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...
PT-2026-50084
Name of the Vulnerable Software and Affected Versions TL-WR940N version v6 Description An authenticated OS command injection exists in the BigPond Cable BPA WAN configuration module due to improper sanitization of user input. An attacker with administrative access can exploit this flaw to execute...
PT-2026-49967
Name of the Vulnerable Software and Affected Versions Oracle Agile PLM version 9.3.6 Description An issue in the Security component of the Oracle Agile PLM product allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation can result in a...
PT-2026-49765
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.26 Description An exec allowlist bypass exists where authenticated operators can execute wrapper-level side effects outside the intended allowlisted command. This occurs because a command request reaching the...
PT-2026-49831
Name of the Vulnerable Software and Affected Versions Real Testimonials Pro affected versions not specified Product Slider Pro for WooCommerce affected versions not specified Smart Post Show Pro affected versions not specified Description A supply chain compromise occurred where attackers...
PT-2026-49862
Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools versions 8.61 PeopleSoft Enterprise PT PeopleTools versions 8.62 Description An issue exists in the Deployment Package component of PeopleSoft Enterprise PT PeopleTools. This flaw allows an unauthenticated...
PT-2026-49780
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description An input validation issue exists in tool group policy callers that accept unvalidated group IDs. An attacker capable of supplying a group ID to the policy resolver could trigger incorrect...
PT-2026-49647
Unauthenticated Cross Site Scripting XSS in Pods = 3.3.8 versions...
PT-2026-49894
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. A low privileged...
PT-2026-49758
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description Exported session HTML preserves unsafe javascript: and data: links in generated content. This allows for the execution of browser-side scripts if a trusted operator opens the exported file and...
PT-2026-49990
Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. This flaw allows an unauthenticated attacker with network access via JDENET ...
PT-2026-49859
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture version 12.2.1.4.0 Oracle WebCenter Enterprise Capture version 14.1.2.0.0 Description A flaw in the Client Bundle component allows a low privileged attacker with network access via T3 and IIOP protocols to...
PT-2026-49934
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
PT-2026-50051
Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Quality versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Quality product. A low privileged attacker with network access via HTTP can exploit this flaw...
PT-2026-49735
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description The Body Limit Middleware trusts the Content-Length header to determine if a request body is within the allowed limit. In environments such as AWS Lambda including API Gateway v1/v2, ALB, VPC Lattice,...
PT-2026-49893
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. A low privileged...
PT-2026-49904
Name of the Vulnerable Software and Affected Versions Oracle Application Development Framework ADF version 12.2.1.4.0 Oracle Application Development Framework ADF version 14.1.2.0.0 Description An issue exists in the Security Framework component of the Oracle Application Development Framework ADF...
PT-2026-49200
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...
PT-2026-49354
Unauthenticated Cross Site Scripting XSS in Redirection for Contact Form 7 = 3.2.8 versions...
PT-2026-49320
An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...
PT-2026-49186
The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...
PT-2026-49483
Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...
PT-2026-49279
Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A heap buffer overflow occurs in the Opus audio stream parser component. This issue allows attackers to cause a Denial of Service DoS, which is a condition where a system or service becomes unavailable to it...
PT-2026-49265
LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...