184427 matches found
PT-2026-48416
Name of the Vulnerable Software and Affected Versions Ghidra versions prior to 12.2 Description The IsfServer accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation, leading to an unauthenticated path traversal. Remote attackers c...
PT-2026-48493
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.7 Splunk Enterprise versions prior to 10.2.4 Description An unauthenticated user can create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. This occurs because the endpoint...
PT-2026-48394
The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachment url' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-48549
Name of the Vulnerable Software and Affected Versions Sharp versions 9.0.0 through 9.22.2 Description Sharp is a content management framework built for Laravel as a package. The 'create' and 'store' endpoints of the Quick Creation Command feature fail to enforce authorization checks. This allows ...
PT-2026-48407
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public...
PT-2026-48485
A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual and...
PT-2026-48498
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic...
PT-2026-48223
Name of the Vulnerable Software and Affected Versions Dreamweaver Desktop versions 21.7 and earlier Description A dependency on a vulnerable third-party component allows for arbitrary code execution in the context of the current user. This issue requires user interaction, specifically the opening...
PT-2026-48066
Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...
PT-2026-47534
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform affected versions not specified Description An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML documents to the verifier. This...
PT-2026-48261
Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 through 26.001.21651 Description A heap-based buffer overflow occurs when a program writes more data to a heap-allocated memory block than it can hold. This issue could result in arbitrary code execution in...
PT-2026-47739
Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users with file writ...
PT-2026-47685
Name of the Vulnerable Software and Affected Versions Recover Exit For WooCommerce versions prior to 1.0.4 Description The plugin is subject to Local File Inclusion due to insufficient validation and sanitization of the tpf POST parameter within the recover exit function. This allows...
PT-2026-48101
Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network. Cross-si...
PT-2026-47658
Name of the Vulnerable Software and Affected Versions Spring Framework versions 5.3.0 through 5.3.48 Description Spring WebFlux applications may be subject to a security bypass when utilizing the Kotlin Router DSL. Recommendations At the moment, there is no information about a newer version that...
PT-2026-47852
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod verto's check auth userauth branch wrote request-supplied userVariables into the...
PT-2026-48304
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authenticated user with the read role can read limited amounts of uninitialized stack memory. This occurs through specially-crafted issuances of the 'filemd5'...
PT-2026-47716
Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description The server fails to sufficiently validate user-supplied image URLs. This allows arbitrary external content to be embedded as profile images, potentially exposing users to unintended external...
PT-2026-47809
Name of the Vulnerable Software and Affected Versions FortiSandbox versions 5.0.0 through 5.0.5 FortiSandbox versions 4.4.0 through 4.4.8 FortiSandbox version 4.2 FortiSandbox Cloud versions 5.0.4 through 5.0.5 FortiSandbox PaaS versions 5.0.4 through 5.0.5 Description An OS command injection iss...
PT-2026-47862
Name of the Vulnerable Software and Affected Versions Nuance PowerScribe affected versions not specified Description Deserialization of untrusted data allows an unauthorized attacker to execute code over a network. Deserialization is the process of converting a data stream back into an object,...
PT-2026-48257
Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 through 26.001.21651 Description A Use After Free issue exists in the annotation component, which occurs when a program continues to use a pointer after it has been freed, potentially leading to the...
PT-2026-47914
Name of the Vulnerable Software and Affected Versions Windows Push Notifications affected versions not specified Description A race condition occurs in Windows Push Notifications due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges...
PT-2026-47677
Name of the Vulnerable Software and Affected Versions kk blog card versions prior to 1.4 Description The kk blog card plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the plugin fails to properly sanitize input and escape output for the href and type attribut...
PT-2026-47672
Name of the Vulnerable Software and Affected Versions Helpfulcrowd Product Reviews versions prior to 1.3.0 Description The Helpfulcrowd Product Reviews plugin for WordPress allows unauthenticated authorization bypass due to PHP Type Juggling. This occurs because the helpfulcrowd validate token...
PT-2026-47531
Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...
PT-2026-47830
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description PKCS12 file processing fails to perform sufficient input validation for files using the Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism. This allows an attacker to...
PT-2026-47844
Name of the Vulnerable Software and Affected Versions OpenSSL version 4.0 OpenSSL version 3.6 OpenSSL version 3.5 OpenSSL version 3.4 OpenSSL version 3.0 OpenSSL version 1.1.1 OpenSSL version 1.0.2 Description A use-after-free condition occurs during PKCS7 signature verification when processing a...
PT-2026-48188
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
PT-2026-48274
Name of the Vulnerable Software and Affected Versions Adobe Campaign Classic ACC versions prior to 7.4.3 build 9395 Description A Server-Side Request Forgery SSRF issue exists where the server can be coerced into making unauthorized requests. This can lead to privilege escalation or arbitrary cod...
PT-2026-48003
Name of the Vulnerable Software and Affected Versions Windows RDP affected versions not specified Description An out-of-bounds read in Windows Remote Desktop Protocol RDP allows an unauthenticated and unauthorized attacker to disclose information from memory over a network. Recommendations At the...
PT-2026-47933
Name of the Vulnerable Software and Affected Versions Microsoft Office Excel affected versions not specified Description An integer underflow wrap or wraparound occurs in Microsoft Office Excel, which allows an unauthorized attacker to execute arbitrary code locally or remotely, affecting the...
PT-2026-48321
Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Spring Data Commons versions 3.3.0 through 3.3.16 Spring Data Commons versions 3.2.0 through...
PT-2026-48187
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP...
PT-2026-48007
Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Description An untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute arbitrary code...
PT-2026-48283
Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials versions c2pa-v0.80.1 and earlier Description Improper Input Validation allows an attacker to crash the application, resulting in a denial-of-service condition...
PT-2026-48302
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authorized user can cause a server crash by executing a query using a 2dsphere index on a field containing a GeoJSON GeometryCollection. The issue occurs when...
PT-2026-47725
Name of the Vulnerable Software and Affected Versions Prime Elementor Addons versions prior to 1.3.4 Description Insufficient input sanitization and output escaping in the Widget HTML Tag Settings allow authenticated attackers with contributor-level access or higher to perform Stored Cross-Site...
PT-2026-47868
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to elevate privileges over a network...
PT-2026-48073
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
PT-2026-48240
21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...
PT-2026-47776
Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw exists in the LDIF parser where it reads past the end of a heap buffer when processing attribute types that contain trailing semicolons during a database import. This...
PT-2026-47826
NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...
PT-2026-47532
SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...
PT-2026-47800
Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...
PT-2026-48247
Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 through 26.001.21651 Description A Use After Free issue exists in the Multimedia Rendition component, which could lead to arbitrary code execution in the context of the current user. This occurs when a user...
PT-2026-47643
Name of the Vulnerable Software and Affected Versions micrometer-core versions 1.16.0 through 1.16.5 micrometer-core versions 1.15.0 through 1.15.11 micrometer-core versions 1.14.0 through 1.14.15 micrometer-core versions 1.13.0 through 1.13.18 micrometer-core versions 1.9.0 through 1.9.17...
PT-2026-47858
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation. Recommendations At the moment, there ...
PT-2026-48307
Name of the Vulnerable Software and Affected Versions Spring Security versions 7.0.0 through 7.0.5 Description An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2 asserting party metadata can store malicious serialized payloads. This occu...
PT-2026-47935
Name of the Vulnerable Software and Affected Versions Microsoft Office Excel affected versions not specified Description An integer underflow wrap or wraparound occurs in Microsoft Office Excel, which allows an unauthorized attacker to execute arbitrary code locally or remotely, affecting the...
PT-2026-48064
Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...