184315 matches found
PT-2017-11760 · Bolt · Bolt Cms
Name of the Vulnerable Software and Affected Versions: Bolt CMS version 3.2.14 Description: The issue allows for stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. This can be exploited by uploading a malicious SVG file. Recommendations: For Bolt CMS version...
PT-2026-50873
Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...
PT-2026-50696
Name of the Vulnerable Software and Affected Versions Grav version 2.0.0-rc.9 with Admin2 version 2.0.0-rc.14 Description A stored cross-site scripting XSS issue exists in the Admin2 Pages API save flow due to a missing XSS safety check during partial validation. Stored XSS occurs when an...
PT-2026-50823
Name of the Vulnerable Software and Affected Versions armeria-xds versions 1.38.0 through 1.39.0 Description DataSourceStream in the xDS module resolves filename and environment variable fields from SDS Secret resources without an allow-list or base-directory confinement. This allows a compromise...
PT-2026-50438
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source versions prior to 1.31.2-1.1 Description An issue exists in the ngx http proxy v2 module and ngx http grpc module modules. The problem occurs when the proxy http version is set to 2 ...
PT-2026-50374
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6...
PT-2026-50038
Name of the Vulnerable Software and Affected Versions Oracle Complex Maintenance, Repair and Overhaul versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite. A low...
PT-2026-49976
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Extensibility Framework component of the Oracle Enterprise Manager Base Platform. A high privileged...
PT-2026-50058
Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Subledger Accounting versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Subledger Accounting product. A low privileged attacker with network access via...
PT-2026-49881
Name of the Vulnerable Software and Affected Versions Oracle Coherence versions 12.2.1.4.0 Oracle Coherence versions 14.1.1.0.0 Oracle Coherence versions 14.1.2.0.0 Oracle Coherence versions 15.1.1.0.0 Description An issue in the Core component of Oracle Fusion Middleware allows an unauthenticate...
PT-2026-50020
Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Installation Security component of JD Edwards EnterpriseOne Tools. An unauthenticated attacker with access to the infrastructure where the...
PT-2026-49762
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description A hook bypass issue exists where skill commands routed through a specific dispatch path skip the runBeforeToolCallHook coverage. This allows attackers to send skill commands through the affected...
PT-2026-48951
Name of the Vulnerable Software and Affected Versions Naxclow Smart Doorbell X3 affected versions not specified Naxclow devices affected versions not specified Description Naxclow devices utilize a uniform request-signing scheme that relies on a hard-coded, platform-wide salt embedded in every...
PT-2026-48981
Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 through 2026.3.0 Discourse versions 2026.4.0 through 2026.4.0 Description Group owners who are not administrators or moderators can view a group's outgoing email and SMTP...
PT-2026-48612
Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Enterprise PeopleTools versions 8.61 through 8.62 Description An unauthenticated remote code execution flaw exists in the Updates Environment Management component of Oracle PeopleSoft Enterprise PeopleTools. An attacker with...
PT-2026-47240
A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...
PT-2026-47318
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
PT-2026-47080
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'connection-test' endpoint opens a raw TCP socket to a user-supplied database host without resolving or range-checking the destination. This allows private and link-local addresses, including...
PT-2026-47063
Name of the Vulnerable Software and Affected Versions DbGate versions prior to 7.1.9 Description DbGate is subject to authenticated remote code execution. Users with valid credentials can execute arbitrary operating system commands as root by exploiting an unsanitized functionName parameter in th...
PT-2026-46869
Summary An authenticated tenant can inject arbitrary SQL through the valueProperty or groupBy fields of POST /api/v1/meters. The injection passes the application's JSONPath validation check and executes against the shared ClickHouse database, which contains event data for all tenants with no...
PT-2026-46027
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the DRM/XE sysfs initialization where a failure in devm add action or reset causes a cleanup action to run immediately on a kobject that has not yet been initialized...
PT-2026-45475
Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...
PT-2026-45590
In multiple functions of ubsan throwing runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-44498
Name of the Vulnerable Software and Affected Versions Charging controller affected versions not specified Description A firmware update mechanism fails to validate the authenticity of firmware packages delivered through the device's management interface. Due to the lack of cryptographic signature...
PT-2026-43710
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv 10 scripter.ino, fetch jpg, jpg task.boundary40, strcpy function...
PT-2026-43068
Name of the Vulnerable Software and Affected Versions hackney versions 0.10.0 through 4.0.0 Description Uncontrolled Resource Consumption in the SOCKS5 transport within src/hackney socks5.erl allows flooding. While the caller-supplied timeout is applied during the SOCKS5 negotiation phase, the...
PT-2026-43121
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...
PT-2026-42740
The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
PT-2026-42450
Name of the Vulnerable Software and Affected Versions CODESYS Visualization affected versions not specified Description Insufficient isolation of authentication data may cause the remote exposure of credentials between low privileged visualization users during concurrent login operations. This...
PT-2026-41861
The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...
PT-2026-41174
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description An issue exists where administrators' restrictions on API endpoint access can be bypassed. While requests using the Authorization: Bearer header are correctly blocked when restricted from the...
PT-2026-40972
Name of the Vulnerable Software and Affected Versions Strapi versions 4.0.0 through 5.36.1 Description Strapi did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessible...
PT-2026-48611
Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description A local privilege escalation issue exists in FreeBSD kTLS-RX. The flaw allows a local user to overwrite files they have read access to by utilizing in-place AES-GCM decryption over sendfile2...
PT-2026-39952
The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...
PT-2026-39901
Name of the Vulnerable Software and Affected Versions GitHub Copilot CLI versions prior to 1.0.43 Description An issue exists where a malicious bare git repository nested inside a project directory can lead to arbitrary code execution when the agent performs git operations. By exploiting git's...
PT-2026-39741
A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall relevant memories to working memory of the file core/cat/looking glass/stray cat.py of the component cheshire cat core. This manipulation causes resour...
PT-2026-38665
Name of the Vulnerable Software and Affected Versions Tenda CX12L version 16.03.53.12 Description A stack-based buffer overflow occurs in the formSetPPTPServer function within the '/goform/SetPptpServerCfg' file. This issue allows for remote execution of an attack. Recommendations At the moment,...
PT-2026-38381
Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.30.0 Description The ExifTool metadata write blocklist can be bypassed using group-prefix syntax, allowing an attacker to perform arbitrary file rename, move, hardlink, and symlink creation on the server. The...
PT-2026-39411
Name of the Vulnerable Software and Affected Versions Next.js versions prior to 15.5.16 Next.js versions prior to 16.2.5 Description Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A crafted POST request to a server action can...
PT-2026-36785
A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...
PT-2026-36668
Name of the Vulnerable Software and Affected Versions Apache Polaris affected versions not specified Description Apache Polaris issues broad temporary storage credentials during staged table creation before validating or reserving the effective table location. This allows an attacker to direct th...
PT-2026-34609
Name of the Vulnerable Software and Affected Versions @nocobase/database versions prior to 2.0.39 Description An issue exists in the queryParentSQL function within the core database package where a recursive CTE query is constructed by joining nodeIds using string concatenation instead of...
PT-2026-43391
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.2 Forgejo versions prior to 1.26.2 Description A critical access control issue in the container registry allows unauthenticated remote attackers to pull private container images without credentials. The system fail...
PT-2026-21927
Name of the Vulnerable Software and Affected Versions MR9600 versions 1.0.4.205530 MX4200 version 1.0.13.210200 Description A flaw exists due to missing neutralization of special elements, allowing for OS command injection via the TLS-SRP connection handshake. Successful exploitation results in...
PT-2026-7089
The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is archived and unlikely to receive a fix...
PT-2026-5603
Name of the Vulnerable Software and Affected Versions D-Link DSL-6641K N8.TR069.20131126 Description A security issue exists in D-Link DSL-6641K N8.TR069.20131126 related to the doSubmitPPP function within the sp pppoe user.js file. Manipulation of the Username argument can lead to cross site...
PT-2026-7843
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A flaw exists in PostgreSQL due to improper validation of...
PT-2025-29696 · Unknown · Access Point
Name of the Vulnerable Software and Affected Versions: Access point affected versions not specified Description: Successful exploitation of the issue could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity,...
PT-2023-29722 · Libsyn · Libsyn Publisher Hub
Name of the Vulnerable Software and Affected Versions: Libsyn Libsyn Publisher Hub plugin versions 1.4.4 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a...
PT-2023-3559 · Linux +10 · Linux Kernel +10
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 5.19.0-35 Description: The issue is related to the nft byteorder function in the Linux Kernel's netfilter subsystem, which poorly handles vm register contents when CAP NET ADMIN is in any user or network...