PT-2026-43832

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in AppArmor where a NULL pointer dereference occurs when the export binary parameter is disabled at runtime. Profiles loaded before this change retain their raw data in...

PT-2026-47112

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj jp2 read header may lead to OOB heap memory write when the data stream p stream is too short and p image is not initialized...

PT-2026-47116

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

PT-2026-44504

CVE-2026-43919 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID :CVE-2026-43919 Published : May 26, 2026, 3:16 p.m. | 53 minutes ago Description :Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-43918. Reason: This candidate is a duplicate of...

PT-2026-43163

Name of the Vulnerable Software and Affected Versions Archive::Tar versions prior to 3.08 Description Archive::Tar for Perl allows the extraction of hardlinks to attacker-controlled paths outside the intended extraction directory. The function make special file passes the tar header's linkname to...

PT-2026-43176

A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00ACPS.2C0, GS1200-8v3 firmware versions through 1.00ACPT.2C0, GS1200-5HPv3 firmware versions through 1.00ACPU.2C0, GS1200-8HPv3 firmware versions through 1.00ACPV.2C0, and GS1200-10v3 firmware versions through...

PT-2026-43193

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

PT-2026-43188

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The...

PT-2026-43189

Missing password field masking vulnerability in Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules, Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor Data Center Analytics, Analytics probe modules. This issu...

PT-2026-43184

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. This issue affects some unknown processing of the file /admin/judges.php. This manipulation of the argument fname causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...

PT-2026-43186

A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match BLOCK HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. The attack requires a local approach. The exploit has been...

PT-2026-43204

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18...

PT-2026-43235

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...

PT-2026-43238

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to...

PT-2026-43373

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom intern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the...

PT-2026-43372

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

PT-2026-43368

Name of the Vulnerable Software and Affected Versions IBM HTTP Server version 8.5 IBM HTTP Server version 9.0 Description Remote code execution and denial of service are possible in configurations that utilize TLS mutual authentication, also known as client authentication, which is a process wher...

PT-2026-43356

🚨 CVE-2026-48696 FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689. 🎖@cveNotify...

PT-2026-43361

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition...

PT-2026-43355

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description An OS command injection issue exists in the MikroTik router integration plugin. The log function in src/mikrotik plugin/fastnetmon mikrotik.php constructs shell commands by...

PT-2026-43340

Name of the Vulnerable Software and Affected Versions NVIDIA Display Driver for Linux affected versions not specified Description An issue exists in the Multi-Instance GPU MIG partition management due to insecure default initialization of memory subsystem routing resources. This flaw can result i...

PT-2026-43336

Name of the Vulnerable Software and Affected Versions NVIDIA Display Driver for Windows and Linux affected versions not specified Description An out-of-bounds write issue exists, which occurs when a program writes data past the end of the intended buffer. A successful exploit could result in deni...

PT-2026-43296

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper validation of the search parameter in the "com media files" API endpoint allows for path traversal, a condition where an attacker can access files and...

PT-2026-43279

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting XSS in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended...

PT-2026-43399

Name of the Vulnerable Software and Affected Versions Lumiverse versions prior to 0.9.7 Description The consumeNonce function only verifies that a module-level variable is set and has not expired, failing to validate values from the incoming HTTP request or bind the nonce to the administrator's...

PT-2026-43375

Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Management versions 7.0.3 through Interim Fix 021 IBM Engineering Lifecycle Management versions 7.1.0 through Interim Fix 009 IBM Engineering Lifecycle Management versions 7.2.0 through Interim Fix 001 Description An...

PT-2026-43379

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...

PT-2026-43403

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...

PT-2026-43424

Name of the Vulnerable Software and Affected Versions Vanetza versions 26.02 and earlier Description A denial-of-service issue exists in the ASN.1/OER parsing pipeline. When the system processes malformed network packets containing corrupted ASN.1/OER structures, such as invalid length fields or...

PT-2026-43421

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data...

PT-2026-43442

Impact yeoman-environment versions = 2.9.0 and 6.0.1 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation...

PT-2026-43450

TL;DR This vulnerability affects all Kirby sites that use the list field or list block, when content is authored by users who may not be fully trusted. The attack requires an authenticated Panel user with update permission to any list field or list block. This vulnerability is of high severity fo...

PT-2026-43406

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

PT-2026-43162

Name of the Vulnerable Software and Affected Versions Archive::Tar versions prior to 3.08 Description Archive::Tar for Perl allows the extraction of symlinks with attacker-controlled targets located outside the extraction directory. The function make special file passes the tar header's linkname ...

PT-2026-42979

A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be...

PT-2026-42995

A vulnerability was detected in code-projects Employee Management System 1.0. Affected is an unknown function of the file /myprofileup.php. Performing a manipulation of the argument ID results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public an...

PT-2026-43012

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643 b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be...

PT-2026-43011

A weakness has been identified in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument enable causes os command injection. The attack may be initiated...

PT-2026-43008

A vulnerability was found in Tenda F1202 1.2.0.20408. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. Performing a manipulation of the argument delno results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit...

PT-2026-43000

A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The exploit is publicly available and might be used...

PT-2026-43001

A security flaw has been discovered in Edimax BR-6675nD 1.12. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit has been releas...

PT-2026-43017

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

PT-2026-43028

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. Th...

PT-2026-43033

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-fab versions prior to 3.6.4 Description Apache Airflow FAB Auth Manager is subject to an LDAP filter injection, which occurs when user-supplied input is improperly sanitized before being used in an LDAP filter. This...

PT-2026-43032

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...

PT-2026-43072

Name of the Vulnerable Software and Affected Versions benoitc hackney versions 0.13.0 through 4.0.0 Description An interpretation conflict allows Server Side Request Forgery SSRF, a flaw where an attacker can induce the server to make requests to an unintended location. The function hackney...

PT-2026-43064

Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0-beta.1 through 4.0.0 Description An infinite loop exists in the Alt-Svc response header parser within src/hackney altsvc.erl. When the parse token/2 function receives a byte that is not a token, whitespace, or comma such...

PT-2026-43050

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly...

PT-2026-43084

A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirm logged in of the file student trans.php. Such manipulation of the argument FIRST NAME/Last Name/EMAIL leads to sql injection. It is...

PT-2026-43079

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 Description An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL Java Expression Language...