PT-2025-51464

Name of the Vulnerable Software and Affected Versions Merkulove Buttoner for Elementor versions through 1.0.6 Description An incorrect access control configuration exists in Merkulove Buttoner for Elementor. This allows exploitation due to missing authorization. Recommendations Update Merkulove...

PT-2025-31874 · Unknown · Liquidfiles

Name of the Vulnerable Software and Affected Versions: LiquidFiles versions prior to 4.1.2 Description: LiquidFiles versions prior to 4.1.2 support FTP SITE CHMOD for mode 6777 setuid and setgid. This allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature an...

PT-2025-31466 · Unknown · Openviglet Shio

Name of the Vulnerable Software and Affected Versions: openviglet shio versions through 0.3.8 Description: A critical vulnerability exists in openviglet shio up to version 0.3.8. This issue affects the shStaticFilePreUpload function located in the file...

PT-2025-26023 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A bug in the Linux kernel has been identified, specifically in the s3fb driver, where the screen size value calculated from user input in the s3fb set par function can be larger than...

PT-2025-16358 · Joturl · Joturl

Name of the Vulnerable Software and Affected Versions: JotUrl version 2.0 Description: The issue allows bypassing security requirements during the password change process. Recommendations: For JotUrl version 2.0, at the moment, there is no information about a newer version that contains a fix for...

PT-2025-12313 · Unknown · Berriai/Litellm

Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.52.1 Description: An issue in the proxy server.py file causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This exposes sensitive information, including langfuse secret and...

PT-2025-12385 · Microsoft · Dataverse

Name of the Vulnerable Software and Affected Versions: Microsoft Dataverse affected versions not specified Description: Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. Recommendations: At the moment, there is no information...

PT-2024-1597

Name of the Vulnerable Software and Affected Versions: kernel versions prior to 6.1.77-alt1 kernel-uek, kernel-uek-debug, kernel-uek-debug-devel, kernel-uek-devel, kernel-uek-doc, kernel-uek-tools versions prior to 6.1.77-alt1 kernel versions 5.10.206 through 5.10.209 Debian 10 buster kernel...

PT-2024-10887 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: WP Editor WordPress plugin version 1.2.6 and earlier Description: The issue is related to an authenticated blind SQL injection problem. It occurs because the plugin does not properly sanitise or validate its setting fields, allowing an...

PT-2023-28659 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14 Description: A race condition was addressed with improved state handling, which may allow an app to execute arbitrary code with kernel privileges. Recommendations: For versions prior to 14, update to macOS Sonoma 14...

PT-2023-3559 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 5.19.0-35 Description: The issue is related to the nft byteorder function in the Linux Kernel's netfilter subsystem, which poorly handles vm register contents when CAP NET ADMIN is in any user or network...

PT-2023-23726 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud server versions 24.0.0 through 24.0.10 Nextcloud server versions 25.0.0 through 25.0.4 Nextcloud server versions prior to 26.0.0 Description: The issue is related to missing brute-force protection on the WebDAV endpoints via the bas...

PT-2023-12375 · Unknown · Openmage Lts

Name of the Vulnerable Software and Affected Versions: OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 Description: The issue allows a layout block to bypass the block blacklist, enabling the execution of remote code. This is a significant problem for an e-commerce...

PT-2022-26532 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about the issue, such as general information, estimated number of potentially affected devices...

PT-2022-14625 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to the SEPolicy configuration of system apps, which allows access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data without...

PT-2022-25316 · Samsung · Tizenrt

Name of the Vulnerable Software and Affected Versions: Samsung TizenRT versions through 3.0 GBM Samsung TizenRT version 3.1 PRE Description: An issue in the createDB function within security/provisioning/src/provisioningdatabasemanager.c leads to a denial of service due to a missing sqlite3 free...

PT-2022-23498 · Innosilicon · Innosilicon A10

Name of the Vulnerable Software and Affected Versions: InnoSilicon A10 version a10 20200924 120556 Description: A remote code execution issue was found in the setPlatformAPI function, allowing for potential exploitation. Recommendations: For InnoSilicon A10 version a10 20200924 120556, as a...

PT-2021-2271 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11.3 Description: An issue in the Linux kernel allows a kernel pointer leak, which can be used to determine the address of the iscsi transport structure. When an iSCSI transport is registered with the iSCSI...

PT-2020-6861 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.8 Description: The issue is related to uncontrolled recursion in the lib/nlattr.c component of the Linux kernel. This can be exploited by attackers to cause a denial of service via a nested Netlink policy with...

PT-2020-3996 · Unknown · Responsive Filemanager

Name of the Vulnerable Software and Affected Versions: Responsive Filemanager versions through 9.14.0 Description: An issue was discovered in the ajax calls.php file, specifically in the save img action, where the name parameter lacks validation of the sent extension. This allows for the executio...

PT-2019-12021 · Npm · Assign-Deep

Name of the Vulnerable Software and Affected Versions: assign-deep versions prior to 0.4.8 assign-deep versions prior to 1.0.1 Description: The issue allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. This is due to the...

PT-2026-47172

An autonomous AI security agent just found 21 zero-days in FFmpeg for $1,000. Some were 23 years old. All came with working PoCs. CVE-2026-39210 through 39218 assigned. 12 more fixed, not yet numbered. This is what commodity AI vulnerability research https://t.co/zpeiwGSVQh https://t.co/ad6T1JxzD...

PT-2026-47170

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

PT-2026-46137

Name of the Vulnerable Software and Affected Versions OpenStack Mistral versions prior to 22.0.0 Description An issue exists where a policy enforcement bypass allows arbitrary remote code execution when the API is exposed. Specific API endpoints do not properly validate user-supplied inputs,...

PT-2026-46292

Name of the Vulnerable Software and Affected Versions Neterbit NW-431F Router versions prior to 20241014-IR03 Description The network diagnosis ping module allows OS command injection because the application fails to properly sanitize user input in the IP address field before passing it to the...

PT-2026-45613

In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation...

PT-2026-45564

Name of the Vulnerable Software and Affected Versions Dräger Infinity Delta affected versions not specified Dräger Infinity Delta XL affected versions not specified Dräger Infinity Kappa affected versions not specified Description A denial-of-service issue exists where remote attackers can cause...

PT-2026-45525

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 32.0.0 through 32.0.8 Nextcloud Server versions 33.0.0 through 33.0.2 Nextcloud Enterprise Server versions prior to 33.0.3 Nextcloud Enterprise Server versions prior to 32.0.9 Nextcloud Enterprise Server versions prio...

PT-2026-45463

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

PT-2026-45146

Name of the Vulnerable Software and Affected Versions MariaDB server versions 10.6.1 through 10.6.25 MariaDB server versions 10.11.1 through 10.11.16 MariaDB server versions 11.4.1 through 11.4.10 MariaDB server versions 11.8.1 through 11.8.6 MariaDB server version 12.3.1 Description During the...

PT-2026-42911

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills guard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREAT PATTERNS leads to injection. Remote...

PT-2026-42956

A security flaw has been discovered in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is...

PT-2026-42236

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description Insufficient policy enforcement in ServiceWorker allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. A ServiceWorker is a script that the browser...

PT-2026-41585

Name of the Vulnerable Software and Affected Versions Kilo-Org kilocode versions prior to 7.0.48 Description A path traversal issue exists in the File Diff API Endpoint within the Bun.file function of the packages/opencode/src/kilocode/review/worktree-diff.ts file. A remote attacker can trigger...

PT-2026-40607

Name of the Vulnerable Software and Affected Versions bandit versions 1.4.0 through 1.11.0 Description An unauthenticated remote attacker can cause a denial of service via memory exhaustion. The read data/2 function in Elixir.Bandit.HTTP1.Socket ignores the :length option when processing HTTP/1...

PT-2026-39959

Name of the Vulnerable Software and Affected Versions webpack-dev-server versions prior to 5.2.4 Description Cross-origin source code exposure occurs when serving over a non-potentially trustworthy origin, such as plain HTTP. The issue arises because the previous fix relied on Sec-Fetch-Mode and...

PT-2026-39936

The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...

PT-2026-39941

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

PT-2026-40439

Name of the Vulnerable Software and Affected Versions DNS Cluster affected versions not specified Description SSL verification is disabled in the DNS Cluster system. This allows a malicious server to perform a man-in-the-middle attack, which is a technique where an attacker intercepts communicati...

PT-2026-39921

Name of the Vulnerable Software and Affected Versions SAP S/4HANA SAP Enterprise Search for ABAP affected versions not specified Description An authenticated attacker can inject malicious SQL statements through user-controlled input. The application directly concatenates this input into SQL queri...

PT-2026-39727

Name of the Vulnerable Software and Affected Versions cowlib versions 2.9.0 and later Description Improper Neutralization of CRLF Sequences CRLF Injection occurs when the cow cookie:cookie/1 function builds a client-side Cookie request header from name-value pairs without validating the fields. A...

PT-2026-39550

Name of the Vulnerable Software and Affected Versions WebAssembly Binaryen versions prior to 118 Description An issue exists in the BrOn Parser component within the IRBuilder::makeBrOn function of the src/wasm/wasm-ir-builder.cpp file. A specific manipulation can lead to a reachable assertion,...

PT-2026-39542

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A flaw in the SMF component allows remote attackers to cause a denial of service. The issue exists within the update authorized pcc rule and qos function located in the /src/smf/npcf-handler.c file...

PT-2026-39429

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendo...

PT-2026-39317

Name of the Vulnerable Software and Affected Versions Gibbon versions prior to 30.0.01 Description An authenticated SQL Injection exists in the Tracking/graphing feature. Users with Teacher or higher privileges can abuse this functionality to perform unintended read and write activities on the...

PT-2026-38644

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description A remote SQL injection is possible via an unknown function within the '/admin/viewmsg.php' file. The issue occurs when the msgid argument is manipulated, allowing an attacker to...

PT-2026-38916

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions prior to 4.20.3.0 Apache CloudStack versions prior to 4.22.0.1 Description Missing MinIO policy cleanup during bucket deletion allows users to retain access to buckets they previously owned. If a different user creat...

PT-2026-39056

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Linux kernel when the xe sync entry parse function fails during parsing. The function may allocate references for syncobj, fence, chain fence, or user fence...

PT-2026-38919

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions 4.21.0.0 through 4.22.0.0 Description Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. The Proxmox extension improperly uses a user-editable instance...

PT-2026-38361

A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service...