184419 matches found
PT-2026-41244
An unchecked return value within the AMD Platform Management Framework PMF could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability...
PT-2026-41298
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.8 Linux kernel versions prior to 6.18.31 Linux kernel versions prior to 6.12.89 Linux kernel versions prior to 6.6.139 Linux kernel versions prior to 6.1.173 Linux kernel versions prior to 5.15.207 Linux kern...
PT-2026-41183
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description An internal-only bypass filter parameter is exposed on the '/openai/chat/completions' and '/ollama/api/chat' HTTP endpoints due to FastAPI query string binding. This allows any authenticated user...
PT-2026-41165
Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.22 Description The fetch url tool implements a check using the is restricted ip function to validate the resolved IP address of an initial URL against a blocklist of restricted IPs, such as localhost, private...
PT-2026-41150
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DefaultUsageTracker.emit tool called event in src/dbt mcp/tracking/tracking.py serializes the complete arguments dictionary of every MCP tool call and transmits it verbati...
PT-2026-41155
Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 Description The password reset flow in the resetRequest route of the modules/@apostrophecms/login/index.js component constructs the reset URL using req.hostname. When apos.baseUrl is not explicitly...
PT-2026-41120
HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab t from its strip list. User input then reaches shell exec, where the shell interprets these characters and commands...
PT-2026-41167
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description The channel webhook create and update flow accepts arbitrary profile image url values, including base64-encoded SVG payloads. The endpoint '/api/v1/channels/webhooks/webhook id/profile/image'...
PT-2026-41191
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An authenticated attacker can perform a mass assignment attack via the 'POST /api/v1/evaluations/feedback' endpoint. This is possible because the FeedbackForm uses a configuration that allows extr...
PT-2026-40967
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description A flaw in the Windows MDM management endpoint allows requests to be processed without proper client certificate validation. The endpoint relies on mutual TLS mTLS—a process where both the client and...
PT-2026-41189
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An issue exists where users granted read access to a model can also read the model's system prompt, which may contain confidential information. This occurs because the workspace model edit page...
PT-2026-41121
Name of the Vulnerable Software and Affected Versions libyang versions prior to 5.2.15 Description The lyb read string function in src/parser lyb.c contains an integer overflow. This occurs when parsing a maliciously crafted LYB binary blob, leading to a heap buffer overflow. An attacker capable ...
PT-2026-41032
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel encode highcolor's allocation size calculation can lead to a heap buffer overflow. The public sixel encode entry point validates only that width and height are greater...
PT-2026-40978
Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2016 Microsoft Exchange Server 2019 Microsoft Exchange Server Subscription Edition Description An improper neutralization of input during web page generation leads to a cross-site scripting XSS flaw in Outlook Web...
PT-2026-40846
Name of the Vulnerable Software and Affected Versions SOGo versions prior to 5.12.7 Description SOGo allows SQL injection when PostgreSQL is used. SQL injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database. Recommendations Updat...
PT-2026-41196
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description The validate url function in backend/open webui/retrieval/web/utils.py only validates the initial URL provided by the user. Downstream HTTP clients, including sync requests, async aiohttp, and...
PT-2026-41098
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description An out of bounds write in Codecs allows a remote attacker to potentially perform a sandbox escape by using a crafted video file. A sandbox escape is a technique used to break ou...
PT-2026-41193
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.12 Description An Insecure Direct Object Reference IDOR exists in the retrieval API due to insufficient validation in the validate collection access function. While the function checks specific prefixes for use...
PT-2026-40960
Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager versions prior to 26.0.1 Description A flaw in the web UI of Cisco Catalyst SD-WAN Manager allows an authenticated remote attacker with read-only permissions to elevate their privileges to a high-privileged level...
PT-2026-41182
Name of the Vulnerable Software and Affected Versions electerm versions 3.0.6 through 3.8.8 Description A local code execution issue exists where any process running under the same user can send a JSON payload to the single-instance socket or pipe of the application. This allows an attacker to...
PT-2026-40624
IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:Program Files x86IObit directory and restart the service to...
PT-2026-40628
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP MSP::loop, AP MSP, AP MSP.cpp components...
PT-2026-40812
Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description The admin orders-transactions listing page at 'admin.php? g=orders&node=transactions' constructs a raw ORDER BY SQL fragment using the sort array from the $ GET variable without validating the colum...
PT-2026-40752
Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app affected versions not specified Description Multiple local privilege escalation issues in the GlobalProtect app allow a local user to elevate their privileges to NT AUTHORITYSYSTEM on Windows and root on...
PT-2026-40799
The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side...
PT-2026-40706
Name of the Vulnerable Software and Affected Versions U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K version 1.0 Description The Network Time Protocol NTP configuration interface fails to properly sanitize user-supplied input. An authenticated user with permissions to modify NTP settings can...
PT-2026-40223
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network...
PT-2026-39981
Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX MX5000 versions prior to V2.17.1 RUGGEDCOM ROX MX5000RE versions prior to V2.17.1 RUGGEDCOM ROX RX1400 versions prior to V2.17.1 RUGGEDCOM ROX RX1500 versions prior to V2.17.1 RUGGEDCOM ROX RX1501 versions prior to V2.17.1...
PT-2026-40548
Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.18.0 Description SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech voice models. The corsProxyMiddleware function forwards...
PT-2026-40067
Name of the Vulnerable Software and Affected Versions Pandora FMS versions 777 through 800 Description Improper neutralization of special elements used in an SQL command allows SQL Injection via the graph container parameter. SQL Injection is a technique where an attacker inserts malicious SQL co...
PT-2026-40188
Name of the Vulnerable Software and Affected Versions Microsoft Office Click-To-Run affected versions not specified Description Insufficient granularity of access control in the Click-to-Run C2R technology of Microsoft Office and Microsoft 365 Apps for Enterprise allows an authorized attacker to...
PT-2026-40040
Name of the Vulnerable Software and Affected Versions Ivanti Xtraction versions prior to 2026.2 Description External control of a file name allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory. This can lead to information disclosure and...
PT-2026-39930
SAP TAF APPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...
PT-2026-40395
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources,...
PT-2026-40252
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...
PT-2026-39959
Name of the Vulnerable Software and Affected Versions webpack-dev-server versions prior to 5.2.4 Description Cross-origin source code exposure occurs when serving over a non-potentially trustworthy origin, such as plain HTTP. The issue arises because the previous fix relied on Sec-Fetch-Mode and...
PT-2026-40031
pam authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer lookup tcp src/peer lookup.c:134, prior to the fix allowed a crafted NETLINK SOCK DIAG reply to slip past the message-size check...
PT-2026-40443
Name of the Vulnerable Software and Affected Versions efw4.X versions prior to 4.08.010 Description The unZip function in efw.file.FileManager writes zip entries to disk using new FilebaseDir, zipEntry.getName without performing a canonical-path check. This allows an attacker to use entry names...
PT-2026-40294
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...
PT-2026-40447
Name of the Vulnerable Software and Affected Versions Deskflow versions prior to 1.26.0.167 Description Remote, unauthenticated denial of service DoS affects servers running with TLS enabled. When a TCP peer connects to the listening port and the initial bytes are not a valid TLS ClientHello, the...
PT-2026-39776
A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to modify protected parts of the file system...
PT-2026-39746
EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device...
PT-2026-39714
Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...
PT-2026-39580
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The check user account lock states feature within the email OTP flow fails to validate user input. This allows an attacker to infer whether specific user account...
PT-2026-39566
A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf nsmf handle created data in vsmf of the component SMF. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been published and may be used. The project was inform...
PT-2026-39882
Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description An attacker can bypass the Content Security Policy CSP script-src directive by uploading a crafted attachment to an issue. When this attachment is accessed via the 'file download.php'...
PT-2026-39740
Name of the Vulnerable Software and Affected Versions Amazon::Credentials versions prior to 1.3.0 Description Amazon::Credentials stores credentials in an obfuscated form to prevent secrets from being accessed via a data dump of the object. The software uses a 64-bit key generated by the built-in...
PT-2026-39577
Name of the Vulnerable Software and Affected Versions WebDyne::Session versions prior to 2.076 Description The session handler generates session identifiers insecurely using an MD5 hash seeded with the built-in rand function. The rand function is seeded by 32-bits, making it predictable and...
PT-2026-39599
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...
PT-2026-39552
A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...