184419 matches found
PT-2026-39723
An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...
PT-2026-39642
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
PT-2026-39677
Summary The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and...
PT-2026-39729
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin...
PT-2026-39721
Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2rc2 Description The ordinary module loader in this command-line JSON processor recurses without cycle detection when two valid modules include each other. Recommendations Update to a version later than 1.8.2rc1...
PT-2026-39423
Name of the Vulnerable Software and Affected Versions codelibs Fess versions prior to 15.5.2 Description Remote code injection is possible via the JSP File Handler component. The update function within the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java fails to properly handle...
PT-2026-39318
Name of the Vulnerable Software and Affected Versions Gibbon versions prior to v30.0.01 Description A local file inclusion issue allows remote code execution by modifying the report archive directory and forcing the system to interpret a user-provided .zip file as PHP. This requires Teacher or...
PT-2026-39283
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.1.124 Description An improper authorization control exists where the API fails to validate if a user possesses an authorized role of user or admin. When the platform is configured to allow new sign-ups, new...
PT-2026-38735
Vulnerability in the Java SE product of Oracle Java SE component: Deployment. The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require...
PT-2026-39189
Name of the Vulnerable Software and Affected Versions n8n-MCP versions 2.18.7 through 2.50.1 Description An authenticated server-side request forgery SSRF issue exists affecting the webhook trigger tools, the n8n API client N8N API URL, and per-request URLs provided via the x-n8n-url header in...
PT-2026-38716
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
PT-2026-38964
Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information...
PT-2026-38909
Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...
PT-2026-38650
Name of the Vulnerable Software and Affected Versions electerm versions 3.0.6 through 3.8.14 Description Arbitrary local code execution can occur via deep links, CLI --opts, or crafted shortcuts. This happens when a user clicks a crafted electerm://... link or opens a crafted shortcut or command...
PT-2026-39258
Name of the Vulnerable Software and Affected Versions free5GC SMF version 4.2.1 Description The SMF mounts the UPI management route group without inbound OAuth2 middleware, allowing unauthenticated access. A flaw in the DeleteUpNodeLink function causes a nil-pointer dereference when processing...
PT-2026-39139
In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting XSS vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been...
PT-2026-39260
Name of the Vulnerable Software and Affected Versions free5GC version 4.2.1 Description The Network Exposure Function NEF mounts the nnef-pfdmanagement route group without inbound OAuth2 or bearer-token authorization. This allows a network attacker with access to the Service-Based Interface SBI t...
PT-2026-39197
Name of the Vulnerable Software and Affected Versions draw.io versions prior to 29.7.9 Description The application accepts a gitlab URL parameter that overrides the GitLab server URL used during OAuth sign-in. An attacker can use a crafted link to cause the "Authorize in GitLab" dialog to open a...
PT-2026-39092
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs when reading portli debugfs files. This happens when the number of port registers counted in xhci-max ports exceeds the ports reported by Supported...
PT-2026-38890
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....
PT-2026-38479
Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
PT-2026-38355
Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...
PT-2026-38373
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.13.Final Netty versions prior to 4.1.133.Final Description Netty's chunk size parser silently overflows an integer, which allows for request smuggling attacks. This occurs within the getChunkSize function of the...
PT-2026-38377
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.13.Final Netty versions prior to 4.1.133.Final Description Netty incorrectly parses malformed Transfer-Encoding headers, which can lead to request smuggling attacks. Specifically, the framework incorrectly marks a...
PT-2026-38361
A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service...
PT-2026-38418
Name of the Vulnerable Software and Affected Versions Open Notebook version 1.8.3 Description Insufficient user input sanitization allows an application user to perform Server-Side Template Injection SSTI, a flaw where an attacker can inject malicious templates into a server-side engine. This...
PT-2026-38331
The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...
PT-2026-38280
Name of the Vulnerable Software and Affected Versions Netty versions 4.2.0.Final through 4.2.12.Final Description Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed. This occurs when a connection has ALLOW HALF CLOSURE enabled or is in a...
PT-2026-37345
A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...
PT-2026-37923
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...
PT-2026-37660
Name of the Vulnerable Software and Affected Versions react-server-dom-webpack versions 19.0.0 through 19.0.5 react-server-dom-webpack versions 19.1.0 through 19.1.6 react-server-dom-webpack versions 19.2.0 through 19.2.5 react-server-dom-parcel versions 19.0.0 through 19.0.5...
PT-2026-37925
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attack...
PT-2026-38271
Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The make:controller CLI command allows arbitrary directory creation outside the project root. This occurs because the command calls mkdir..., recursive: true on a path constructed from a user-supplie...
PT-2026-38307
Name of the Vulnerable Software and Affected Versions fast-jwt versions prior to 6.2.4 Description An authentication bypass exists in the asynchronous key-resolver flow. When an application's key resolver returns an empty string '' or a zero-length Buffer, the software converts this to a...
PT-2026-37354
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...
PT-2026-38279
Name of the Vulnerable Software and Affected Versions Hatchet versions prior to 0.83.39 Description A missing authorization directive on the 'GET /api/v1/stable/dags/tasks' endpoint caused the tenant-membership check to be skipped. An authenticated user on a multi-tenant instance could query this...
PT-2026-37309
Name of the Vulnerable Software and Affected Versions YetAnotherForum.NET YAF.NET versions prior to 4.0.5 YetAnotherForum.NET YAF.NET versions prior to 3.2.12 Description Stored Cross-Site Scripting XSS occurs when attacker-controlled input is persisted and later rendered without proper...
PT-2026-36971
The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Live Action::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...
PT-2026-37252
Name of the Vulnerable Software and Affected Versions Geyser versions prior to 2.9.3 Description A server-side request forgery SSRF exists in the handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the '/give' command, an attacker can cause the...
PT-2026-37362
These are all security issues fixed in the cf-cli-8.18.3+git.0.83ce51d9c-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-37281
Name of the Vulnerable Software and Affected Versions Grav CMS Form plugin versions prior to 9.1.0 Description A Stored Cross-Site Scripting XSS issue exists in the select field template of the Grav CMS Form plugin. Taxonomy tag and category values are rendered using the Twig |raw filter in the...
PT-2026-37306
Name of the Vulnerable Software and Affected Versions ssrfcheck versions 1.3.0 and earlier Description ssrfcheck fails to block Server-Side Request Forgery SSRF attacks when a target private IP address is encoded as an IPv4-mapped IPv6 address e.g., 'http://::ffff:127.0.0.1/'. This occurs because...
PT-2026-38372
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description Netty's DNS codec fails to enforce RFC 1035 domain name constraints during encoding and decoding, creating a bidirectional attack surface. In the encoder, t...
PT-2026-37106
Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.31.0 Description Gotenberg fails to properly validate metadata tags passed to ExifTool, a tool used for reading and writing image, audio, and video metadata. While the software blocks specific tags like FileName a...
PT-2026-36929
Name of the Vulnerable Software and Affected Versions Amazon WorkSpaces for Windows versions prior to 2.6.2034.0 Description Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service allows a local non-admin authenticated user to place arbitrary files in...
PT-2026-36763
Name of the Vulnerable Software and Affected Versions osrg GoBGP versions prior to 4.4.0 Description A remote denial of service can occur in the SRv6 L3 Service component. The issue exists within the SRv6L3ServiceAttribute.DecodeFromBytes function located in the pkg/packet/bgp/prefix sid.go file,...
PT-2026-36907
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An open source workflow automation platform contains an issue where the Snowflake node and the legacy MySQL v1 node construct SQL queries by...
PT-2026-37196
Name of the Vulnerable Software and Affected Versions pyp2spec versions prior to 0.14.1 Description pyp2spec writes PyPI package metadata, such as the summary field, into generated spec files without escaping RPM macro directives. When a packager uses tools like rpmbuild -bs, rpmbuild --nobuild, ...
PT-2026-36786
A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...
PT-2026-36672
Name of the Vulnerable Software and Affected Versions crmeb java versions prior to 1.3.5 Description An unrestricted file upload issue exists within the Admin Upload component, specifically affecting the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java...