PT-2026-45857

Name of the Vulnerable Software and Affected Versions BrowserStack Runner versions prior to 0.9.6 Description An issue in the / log HTTP handler allows unauthenticated network-adjacent attackers to execute arbitrary code on the host system. The handler processes JSON request bodies by passing...

PT-2026-45855

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description An issue exists in the Simple Flow Executor SFE, which is a component used to manage the sequence of steps in an authentication flow. Due to the...

PT-2026-45820

Name of the Vulnerable Software and Affected Versions GoClaw versions prior to 3.11.4 Description A weakness in the Team Task Completion Handler component allows for missing authorization. This issue occurs within the TeamTasksTool.executeComplete function located in the internal/tools/team tasks...

PT-2026-45865

Name of the Vulnerable Software and Affected Versions warmcat libwebsockets versions prior to 4.5.9 Description A flaw in the SSH Protocol Handler component allows for remote resource consumption. The issue exists within the lws ssh parse plaintext function located in the plugins/protocol lws ssh...

PT-2026-45878

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description LibreChat is an enhanced ChatGPT clone supporting multiple AI providers. The Model Context Protocol MCP server integration improperly resolves $VAR placeholders against the server's process.env...

PT-2026-46605

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A bad cast in Dawn allows a remote attacker to execute arbitrary code inside a sandbox when a user accesses a crafted HTML page. Recommendations Update to version 149.0.7827.53 or later...

PT-2026-46616

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow exists in ANGLE, which is a compatibility layer that allows OpenGL ES to run on various graphics APIs. This issue allows a remote attacker who has already compromise...

PT-2026-46583

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in ANGLE Almost Native Graphics Layer Engine allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page...

PT-2026-46650

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An uninitialized use in ANGLE Almost Native Graphics Layer Engine, an abstraction layer that allows OpenGL ES to run on various graphics APIs allows a remote attacker to obtain...

PT-2026-46653

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in DevTools allows an attacker to leak cross-origin data. This occurs when a user is convinced to install a crafted malicious Chrome Extension...

PT-2026-46719

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Password Manager allows a remote attacker to perform UI spoofing via malicious network traffic. UI spoofing is a technique where an...

PT-2026-46725

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Codecs allows a remote attacker to potentially perform a sandbox escape by using a crafted video file. A sandbox escape is a technique used...

PT-2026-46417

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in Cast Streaming. This allows an attacker located on the same local network segment to execute arbitrary code by sending malicious network traffic. Use...

PT-2026-46451

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in DevTools allows a remote attacker to bypass the same origin policy via malicious network traffic, provided they can convince a user to...

PT-2026-46456

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds read in Dawn allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. An out of bounds rea...

PT-2026-46492

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow in V8 allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. V8 is the open-source high-performance JavaScript a...

PT-2026-46494

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow in DevTools allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. Recommendations Update to version 149.0.7827....

PT-2026-46503

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in ANGLE Almost Native Graphics Layer Engine allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page...

PT-2026-46609

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Canvas allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script loaded from on...

PT-2026-46623

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Codecs allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A...

PT-2026-45874

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Decoding a maliciously-crafted MIME header containing many invalid encoded-words can lead to excessive CPU consumption. Recommendations At the moment, there is n...

PT-2026-46737

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow in V8 allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. V8 is the open-source high-performance JavaScript a...

PT-2026-45726

Name of the Vulnerable Software and Affected Versions Tiled Gallery Carousel Without JetPack versions prior to 3.2 Description The plugin is subject to stored cross-site scripting due to insufficient input sanitization and output escaping. Authenticated attackers with contributor level access or...

PT-2026-46455

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in the Cast component. This allows an attacker located on the same local network segment to execute arbitrary code by sending malicious network traffic...

PT-2026-46632

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the WebUI allows a remote attacker who has compromised the renderer process to leak cross-origin data through the use of a crafted HTML pag...

PT-2026-46682

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in CSS allows a remote attacker to leak cross-origin data, which is information from a different domain than the one serving the page, by using a crafted...

PT-2026-46038

Name of the Vulnerable Software and Affected Versions MariaDB server versions 10.6.1 through 10.6.26 MariaDB server versions 10.11.1 through 10.11.17 MariaDB server versions 11.4.1 through 11.4.11 MariaDB server versions 11.8.1 through 11.8.7 MariaDB server version 12.3.1 Description A...

PT-2026-45831

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

PT-2026-46549

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Extensions allows a remote attacker to leak cross-origin data, which is data from a different origin than the one that requested it, by using a crafte...

PT-2026-45242

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function sanitize prompt description of the file astrbot/core/skills/skill manager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public an...

PT-2026-45245

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has...

PT-2026-45241

A vulnerability has been found in code-projects Online Hospital Management System 1.0. Affected is an unknown function of the file appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out...

PT-2026-45265

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

PT-2026-45248

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

PT-2026-45264

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

PT-2026-45255

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10886526; Issue ID: MSV-6791...

PT-2026-45250

A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolution handlers.go. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

PT-2026-45399

Name of the Vulnerable Software and Affected Versions Apache Fesod Incubating fesod-sheet versions prior to 2.0.2-incubating Description Server-Side Request Forgery SSRF in the UrlImageConverter component allows attackers to trigger outbound network requests to internal or restricted resources by...

PT-2026-45387

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

PT-2026-45384

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the KubernetesExecutor causes JSON Web Tokens JWT, used by worker pods to authenticate against the Execution API, to be passed to the worker container as command-line arguments. These...

PT-2026-45380

Name of the Vulnerable Software and Affected Versions Apache MINA SSHD versions prior to 2.18.0 Apache MINA SSHD versions 3.0.0-M1 through 3.0.0-M3 Description A path traversal issue exists in the org.apache.sshd:sshd-git bundle. Due to a lack of path validation in git-upload-pack,...

PT-2026-45378

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description The Event Log detail endpoint "GET /api/v2/eventLogs/event log id" fetches audit-log rows directly by numeric ID after performing only a generic Audit Log permission check. This differs from t...

PT-2026-45373

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

PT-2026-45376

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

PT-2026-45365

Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.2.2 Description The 'structure data' endpoint in the Airflow UI fails to verify if the caller has read permissions for linked DAGs Directed Acyclic Graphs, which are collections of all the tasks you want to...

PT-2026-45352

A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may b...

PT-2026-45370

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the Variable response masker allows the bypass of nested-key redaction when the nesting depth of a JSON value exceeds the recursion limit of the shared secrets masker. This occurs wit...

PT-2026-45441

Name of the Vulnerable Software and Affected Versions Sergey AIWU versions prior to 1.4.17 Description Incorrect privilege assignment in Sergey AIWU allows for privilege escalation, which occurs when a user is granted more permissions than intended, enabling them to perform unauthorized actions...

PT-2026-45442

A critical Remote Code Execution RCE vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3...

PT-2026-45433

Name of the Vulnerable Software and Affected Versions Contest Gallery Pro versions prior to 29.0.1 Description Incorrect privilege assignment allows for privilege escalation within the software. Recommendations Update to a version newer than 29.0.1...