PT-2026-41419

Name of the Vulnerable Software and Affected Versions Funnel Builder affected versions not specified Description An SQL injection flaw in the Funnel Builder plugin allows attackers to inject payment skimmers into WooCommerce checkout pages. This issue enables script propagation across all checkou...

PT-2026-41397

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description The REST datasource integration in the packages/server/src/integrations/rest.ts file follows HTTP redirects without re-validating the target URL against the IP blacklist. This allows an authenticat...

PT-2026-41399

Name of the Vulnerable Software and Affected Versions simplesamlphp-module-casserver versions prior to 7.0.3 Description The software builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Publ...

PT-2026-41711

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A spoofing issue in Microsoft Edge Chromium-based allows attackers to affect the system. This includes a universal cross-site scripting XSS flaw—a type of vulnerability...

PT-2026-40843

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to a3f6d73 Description An infinite loop can occur during image handling when checksum calculations are performed using the 'file:///dev/zero' URL. Recommendations Update to version a3f6d73 or later...

PT-2026-40880

Name of the Vulnerable Software and Affected Versions Burst Statistics versions 3.4.0 through 3.4.1.1 Description An authentication bypass exists in the Burst Statistics plugin for WordPress due to incorrect return-value handling in the is mainwp authenticated function when validating application...

PT-2026-40853

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.1 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where an authenticated user with Guest permissions can view issues in projects they a...

PT-2026-40925

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 18.0 through 18.3 Description A buffer over-read occurs in the pg restore attribute stats function when it accepts array values of unmatched length. This causes query planning to read past the end of one array, allowing a...

PT-2026-40909

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...

PT-2026-40911

Name of the Vulnerable Software and Affected Versions podinfo versions prior to 6.11.3 Description A reflected cross-site scripting issue exists in the '/echo' and '/api/echo' endpoints. The echoHandler function writes request body content directly to the response without setting explicit...

PT-2026-40953

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

PT-2026-40951

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...

PT-2026-40959

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Controller versions prior to 20.12.6.2 Cisco Catalyst SD-WAN Manager versions prior to 20.12.6.2 Description A flaw in the peering authentication mechanism of the control connection handshaking allows an unauthenticated...

PT-2026-40957

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

PT-2026-40965

CWE-601 URL redirection to untrusted site 'open redirect'...

PT-2026-40940

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

PT-2026-40966

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

PT-2026-40972

Name of the Vulnerable Software and Affected Versions Strapi versions 4.0.0 through 5.36.1 Description Strapi did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessible...

PT-2026-40970

Summary Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled...

PT-2026-41069

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A type confusion issue in V8 allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. Type confusion occurs when a program accesses a...

PT-2026-41027

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i 3 inside ConvertCbYCrYToRGB causes the function to compute a larg...

PT-2026-41018

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT DISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

PT-2026-41072

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description An out of bounds read in FileSystem allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is convinced to perform...

PT-2026-41014

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified Description Improper input handling under certain conditions allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. T...

PT-2026-41161

Name of the Vulnerable Software and Affected Versions opentelemetry-java versions prior to 1.62.0 Description A flaw in the baggage propagation implementation within opentelemetry-api and opentelemetry-extension-trace-propagators allows for unbounded memory allocation and CPU consumption when...

PT-2026-41149

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DbtMCP.call tool in src/dbt mcp/mcp/server.py logs the complete raw arguments dictionary at INFO level on every tool invocation line 67 and again at ERROR level if the cal...

PT-2026-41148

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary run dbt command in src/dbt mcp/dbt cli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two...

PT-2026-41142

Name of the Vulnerable Software and Affected Versions portainer-ce versions 2.33.0 through 2.33.7 portainer-ce-agent versions 2.33.0 through 2.33.7 Description An authorization bypass exists in the middleware layer kubeClientMiddleware within the api/http/handler/kubernetes/handler.go file. The...

PT-2026-41163

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.3.16 Description A missing permission check in API endpoints related to files allows any authenticated user to list, access, and delete every file uploaded by any user to the platform. The issue exists because th...

PT-2026-41157

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.8.9 Description Persistent local-pty code execution is possible through the import of bookmark JSON files or compromised synchronization targets such as gist or WebDAV. An attacker can inject exec fields or global...

PT-2026-41156

Summary Default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is reachable from their browser. CorsAllowedDomains: "." reflects any Origin, and LocalhostIsAdmin: true promotes requests from 127.0.0.1 to mesh-system:admin...

PT-2026-41207

Name of the Vulnerable Software and Affected Versions flowise versions prior to 3.1.2 Description The endpoint "/api/v1/node-custom-function" lacks route-level authorization, allowing any authenticated user or holder of a valid API key to submit arbitrary JavaScript via the javascriptFunction...

PT-2026-41169

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description The "POST /api/v1/notes/id/pin" endpoint performs a write operation by toggling the is pinned field but incorrectly validates only for read permission. This allows users who have read-only access ...

PT-2026-41183

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description An internal-only bypass filter parameter is exposed on the '/openai/chat/completions' and '/ollama/api/chat' HTTP endpoints due to FastAPI query string binding. This allows any authenticated user...

PT-2026-41185

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description Server-Side Request Forgery SSRF occurs when the application fails to properly validate IPv6 addresses provided directly in a URL, such as http://::1. While the system validates hostnames that...

PT-2026-41202

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.12 Description Any verified user can execute arbitrary Python code via Jupyter because the '/api/v1/utils/code/execute' endpoint does not enforce the ENABLE CODE EXECUTION configuration flag. Even when an...

PT-2026-41175

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.5.7 Description An issue exists where a user can modify another user's model regardless of whether its visibility is set to Private. By altering access permissions during the editing process, unauthorized access...

PT-2026-41184

Name of the Vulnerable Software and Affected Versions @utcp/http versions prior to 1.1.2 Description The @utcp/http package is subject to a blind Server-Side Request Forgery SSRF, a flaw where an attacker can force the server to make requests to an unintended location. This is caused by a...

PT-2026-40561

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permission message' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escapin...

PT-2026-40557

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccb woocommerce payment AJA...

PT-2026-40589

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.12 Authlib versions prior to 1.7.1 Description An unauthenticated open redirect exists in the authorization endpoint of the OpenIDImplicitGrant and OpenIDHybridGrant components. A remote attacker can cause the...

PT-2026-40591

Name of the Vulnerable Software and Affected Versions OpenLearnX versions prior to 2.0.4 Description An authentication issue in this open-source, decentralized learning and assessment platform could allow unauthorized access to user accounts under specific conditions. Recommendations Update to...

PT-2026-40586

The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle ajax action' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated...

PT-2026-40595

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save widget and reset all widgets functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with...

PT-2026-40611

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pm invite user function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-lev...

PT-2026-40671

Name of the Vulnerable Software and Affected Versions F5 BIG-IP affected versions not specified BIG-IP Next SPK affected versions not specified BIG-IP Next CNF affected versions not specified BIG-IP Next for Kubernetes affected versions not specified Description Undisclosed requests can cause the...

PT-2026-40673

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description When embedded Packet Velocity Acceleration ePVA is configured, undisclosed local ethernet traffic can trigger an infinit...

PT-2026-40680

Name of the Vulnerable Software and Affected Versions BIG-IP affected versions not specified BIG-IQ affected versions not specified Description Incorrect permission assignment issues exist in the BIG-IP and BIG-IQ TMOS Shell tmsh 'arp' and 'ndp' commands, as well as in BIG-IP iControl REST. These...

PT-2026-40702

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons...

PT-2026-40707

Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...