PT-2026-44826

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.24.1 Description A Server-Side Template Injection SSTI exists in the prompt generator located in rag/prompts/generator.py. This issue allows authenticated users to execute arbitrary operating system commands on the...

PT-2026-44838

DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files...

PT-2026-44835

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor...

PT-2026-44851

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

PT-2026-44852

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

PT-2026-44866

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi foto.php, aksi user.php, and aksi kecamatan.php to execute arbitra...

PT-2026-44887

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. Thi...

PT-2026-44870

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log activity function. Attackers can send POST requests to /index.php/user/log activity with malicious SQL code ...

PT-2026-44867

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama kelompok' POST parameter sent to lap-anggota-kelompok-pdf.php. Attackers can send a crafted request with a time-based blind payload to...

PT-2026-44875

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

PT-2026-44862

Name of the Vulnerable Software and Affected Versions Wikidforum version 2.20 Description A cross-site scripting issue allows authenticated attackers to inject malicious scripts by submitting crafted HTML. This is achieved by sending JavaScript code through the 'rpc.php' endpoint using the reply...

PT-2026-44861

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded through the Conve...

PT-2026-44894

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

PT-2026-44900

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

PT-2026-44952

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 JetBrains TeamCity version 2025.11.5 Description An unauthenticated Server-Side Request Forgery SSRF is possible via the build status. SSRF is a flaw that allows an attacker to induce the server-side...

PT-2026-44944

Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Two authorization defects in the team settings allow an authenticated user to compromise the Role-Based Access Control RBAC system. The endpoint "Settings/Team/Index" lacks mount authorization,...

PT-2026-44927

Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description The device contains a default username and password and does not require the user to change the password upon initial setup. Recommendations At the moment, ther...

PT-2026-44965

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.1.13570 Description Improper access control allows low-privileged users to modify service accounts. Recommendations Update to version 2026.1.13570...

PT-2026-44947

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2026.1.1 Description Command execution is possible through the guest user account. Recommendations Update to version 2026.1.1...

PT-2026-44935

Name of the Vulnerable Software and Affected Versions Dokploy versions 0.27.0 through 0.29.2 Description A hardcoded fallback for the BETTER AUTH SECRET variable allows an unauthenticated attacker to forge email verification JSON Web Tokens JWTs, which are compact and self-contained ways for...

PT-2026-44933

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.28.9 Description Dokploy is a free, self-hostable Platform as a Service PaaS. An authenticated OS command injection exists in the '/listen-deployment' WebSocket endpoint, which allows any organization member to...

PT-2026-44993

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

PT-2026-44977

Name of the Vulnerable Software and Affected Versions Formie versions prior to 2.2.21 Formie versions prior to 3.1.26 Description Unauthenticated users can modify existing submissions by sending a known or guessed submission ID to the 'formie/submissions/save-submission' endpoint. Recommendations...

PT-2026-44973

Name of the Vulnerable Software and Affected Versions StrongDM Desktop Application versions prior to 23.74.0 StrongDM Desktop Client versions prior to 53.77.0 Description On Microsoft Windows, the software stores authentication state in cleartext within a per-user state file located at...

PT-2026-44983

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description The RDPEAR NDR parser in FreeRDP accepts a single non-null NDR pointer ref-id for multiple logical pointer fields without tracking the expected NDR type or ownership of the pointed object. If the sa...

PT-2026-44987

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.219 Description The password reset endpoint returns visually distinct responses based on whether the submitted email address is associated with an existing user account. This allows unauthenticated attackers to...

PT-2026-45068

Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and delete resources in any...

PT-2026-45058

Summary PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace by supplying the victim object's global UUID. The affected pattern...

PT-2026-45038

Summary modules/registration.php mode send login regenerates a random password for user uuid assigned, stores its bcrypt hash in adm users.usr password, and emails the cleartext to that user. Every other state-changing mode in the same file assign member, assign user, delete user, create user cal...

PT-2026-45046

The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...

PT-2026-45045

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.78 Parse Server versions prior to 9.9.1-alpha.2 Description The GraphQL endpoint discloses schema metadata to unauthenticated callers via "Did you mean ...?" suggestions within GraphQL validation-error...

PT-2026-45032

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description A sandbox escape allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly JavaScript Promise Integration,...

PT-2026-44829

Weak authentication between the Wireless Control Module WCM and the Engine Control Module ECM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the per-vehicle ECM immobilizer secret by passively...

PT-2026-44931

Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description Passwords are stored using a hashing method that restricts password length and is susceptible to brute force attacks, which is a trial-and-error method used to...

PT-2026-44954

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 Description Improper permission checks allow for the exposure of build configuration parameters. Recommendations Update to version 2026.1...

PT-2026-44860

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...

PT-2026-44813

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

PT-2026-47223

Name of the Vulnerable Software and Affected Versions guzzlehttp/psr7 versions prior to 2.10.2 Description The library fails to reject ASCII control characters, whitespace, or DEL in first-party URI host components. When an application uses a user-controlled URL to construct a PSR-7 Uri or Reques...

PT-2026-44976

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...

PT-2026-44369

Roundcube's HTML sanitization path for message rendering allows loopback, localhost, RFC1918, link-local, and ULA URLs even when remote content loading is disabled. A remote attacker can send an HTML email that causes the victim's browser to issue requests to local or private-network services...

PT-2026-44367

Name of the Vulnerable Software and Affected Versions Apache Artemis versions 2.50.0 through 2.53.0 Apache ActiveMQ Artemis versions 2.0.0 through 2.44.0 Description An issue exists where an application using the STOMP Simple Text Oriented Messaging Protocol protocol can augment the routing-type ...

PT-2026-44371

An issue in SMSGate sms-core=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component...

PT-2026-44391

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists via forged mce:protected comments. This allows attackers to bypass sanitization and...

PT-2026-44425

Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.363.0 Description Casdoor fails to enforce SAML assertion time bounds. The gosaml2 library calculates time-validation results, such as NotOnOrAfter and NotBefore, and reports them in the assertionInfo.WarningInfo...

PT-2026-44402

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9 B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

PT-2026-44415

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21 Description The serialize function in hono/cookie fails to validate the sameSite and priority options against characters that can corrupt Set-Cookie header syntax, such as semicolons, carriage returns, and line...

PT-2026-44478

Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Ubuntu Linux version 6.17 Ubuntu Linux version 7.0 Description SAUCE patches fail to validate invalid sizes of the name field in AppAmor notification responses. This issue can be triggered by an unprivileged local user...

PT-2026-44472

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validate url to validate the input URL. Th...

PT-2026-44468

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST LOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

PT-2026-44473

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS CORS ALLOWED ORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true a...