PT-2026-45474

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-e...

PT-2026-45537

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

PT-2026-45529

Name of the Vulnerable Software and Affected Versions Nextcloud versions 32.0.0 through 32.0.8 Nextcloud versions 33.0.0 through 33.0.2 Description When a user shares a folder or file with a Nextcloud Team containing an external member a person added via email without a Nextcloud account, the...

PT-2026-45549

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

PT-2026-45530

Name of the Vulnerable Software and Affected Versions Nextcloud versions 5.5.13 through 5.5.16 Nextcloud versions 6.2.0 through 6.2.2 Description An authenticated user can enumerate other users on the same instance. This is possible because sharing restrictions were not effectively applied to the...

PT-2026-45561

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...

PT-2026-45531

Name of the Vulnerable Software and Affected Versions Nextcloud versions 4.3.0 through 5.2.6 Description A removed collaborator retains unauthorized read access to uploaded respondent files for an affected form. This access is limited to uploaded files for forms where the user previously possesse...

PT-2026-45553

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password verify of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Password leads to improper authentication. It is possible to launc...

PT-2026-45556

Name of the Vulnerable Software and Affected Versions FlexRIC version 2.0.0 Description A flaw allows a single SCTP connection to bind multiple xapp ids by sending multiple E42 SETUP REQUESTs. Upon disconnection, the system only cleans up resources for the first registered xapp id, leaving...

PT-2026-45548

A NULL pointer dereference in the ext4 dir en get name len function in include/ext4 dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validat...

PT-2026-45526

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

PT-2026-45516

Name of the Vulnerable Software and Affected Versions smb-volume-release versions prior to v3.60.0 CF Deployment versions prior to v56.0.0 Description An input validation bypass exists in the SMB volume mount handling within CloudFoundry Foundation diego-release. This allows a low-privileged CF...

PT-2026-45507

FlexRIC v2.0.0 contains a reachable assertion in e2ap recv sctp msg src/lib/ep/e2ap ep.c. The function allocates a fixed 32KB receive buffer and enforces assertrc = 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP...

PT-2026-45497

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get build status/get build log/trigger build. Such manipulation leads to server-side request forgery. The attack may be performed from...

PT-2026-45499

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read file/write file. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely...

PT-2026-45619

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

PT-2026-45626

ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages...

PT-2026-45568

In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45581

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in multiple functions within ubsan throwing runtime.cpp can lead to a permanent local denial of service. This issue allows an attacker to cause the system to become unavailable...

PT-2026-45609

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function g file test of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been...

PT-2026-45571

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45567

Name of the Vulnerable Software and Affected Versions Android 14 Android 15 Android 16 Android 16 QPR2 Description An integer overflow in multiple locations within the Android Framework allows for local escalation of privilege and arbitrary code execution. This issue requires no user interaction...

PT-2026-45601

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in multiple locations allows for the bypass of user interaction during the pairing of an LE Low Energy device. This flaw enables remote escalation of privilege for an adjacent...

PT-2026-45611

Name of the Vulnerable Software and Affected Versions DevicePolicyManagerService.java affected versions not specified Description Improper input validation in multiple functions of DevicePolicyManagerService.java can cause a desync from persistence. This issue may lead to a local denial of servic...

PT-2026-45614

Name of the Vulnerable Software and Affected Versions AppOpsService affected versions not specified Description A permissions bypass exists in multiple functions of AppOpsService.java, resulting in a missing permission check. This flaw allows for local information disclosure without requiring...

PT-2026-45631

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

PT-2026-45653

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description An Insecure Direct Object Reference IDOR issue in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users. This occurs because of...

PT-2026-45642

Memory corruption while processing fastboot OEM commands...

PT-2026-45663

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora path leads to reachable assertion. The attack can be launched...

PT-2026-45520

Name of the Vulnerable Software and Affected Versions rrdcached affected versions not specified Description A stack-based buffer overflow exists in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can trigger this issue by sending an oversized 'CREATE' request...

PT-2026-45371

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the XCom PATCH endpoint "PATCH /api/v2/xcomEntries/key" allows an authenticated UI/API user with XCom write permission on a Dag to set XCom entries using reserved key names, such as...

PT-2026-45451

Name of the Vulnerable Software and Affected Versions OpenSC versions prior to 0.26.2 Description A buffer overflow occurs in the pkcs11-tool Key Generation Module within the test kpgen certwrite function of the src/tools/pkcs11-tool.c file. This issue allows for remote attacks, although the...

PT-2026-45163

A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument current page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been ma...

PT-2026-45174

A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public a...

PT-2026-45172

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax forgot password of the file application/controllers/Login.php of the component Forgot Password Endpoint. Th...

PT-2026-45177

A weakness has been identified in Orthanc Explorer 2 up to 1.12.0. The impacted element is an unknown function of the file WebApplication/src/components/StudyList.vue of the component URL Handler. This manipulation of the argument remote-source causes cross site scripting. It is possible to...

PT-2026-45210

Name of the Vulnerable Software and Affected Versions D-Link DI-7001 MINI versions prior to 19.09.19A1 Description A stack-based buffer overflow occurs in the API component within the sprintf function of the '/httpd debug.asp' endpoint. This issue is triggered by the manipulation of the Time...

PT-2026-45217

Name of the Vulnerable Software and Affected Versions Assimp versions prior to 6.0.5 Description A heap-based buffer overflow occurs in the 4x4 Matrix Parser component within the glTFCommon.h library. The issue is located in the glTFCommon::CopyValue function. A local attacker can trigger this...

PT-2026-45221

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated remotely...

PT-2026-45219

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated remotely. T...

PT-2026-45104

Name of the Vulnerable Software and Affected Versions Text::LineFold versions prior to 2019.002 Description Text::LineFold splits input strings into segments using specific line break characters, such as Vertical Tab VT and Form Feed FF. However, the break function is applied to the entire string...

PT-2026-45119

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

PT-2026-45061

Summary The Platform server exposes resources under /api/v1/workspaces/workspace id/... and protects them with a require workspace memberworkspace id FastAPI dependency. The dependency only checks that the caller is a member of the workspace id in the URL prefix. The route handlers then look up t...

PT-2026-44743

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

PT-2026-44742

Name of the Vulnerable Software and Affected Versions ASUS System Control Interface affected versions not specified Description An incorrect permission assignment for critical resources in the ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary...

PT-2026-44746

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ays poll get user information' AJAX action, which serializes and returns the...

PT-2026-44753

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...

PT-2026-44767

Name of the Vulnerable Software and Affected Versions Acer Connect affected versions not specified Description Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header. The system fails to block requests when the Base64 decoding process fails, allowing...

PT-2026-44814

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

PT-2026-44818

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...