175420 matches found
PT-2026-40013
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through = 1.1.7.1...
PT-2026-40463
ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...
PT-2026-39965
The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2026-40088
Improper conditions check in some firmware for some IntelR NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via...
PT-2026-40152
Name of the Vulnerable Software and Affected Versions Windows Server 2025 affected versions not specified Description A use after free issue in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network. This occurs via NVMe-oF NVMe over Fabrics, a network protocol...
PT-2026-40111
Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 7.6.0 through 7.6.4 FortiAnalyzer versions 7.4.0 through 7.4.8 FortiAnalyzer version 7.2 FortiAnalyzer version 7.0 FortiAnalyzer version 6.4 FortiManager versions 7.6.0 through 7.6.4 FortiManager versions 7.4.0 through...
PT-2026-40090
Uncontrolled search path for some IntelR Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may...
PT-2026-40534
Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths that accepts overlong UTF-8 byte sequences—sequences that use more bytes...
PT-2026-40310
In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...
PT-2026-39876
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description An authorization bypass exists in the private issue monitoring feature. A user with project-level access can send a crafted POST request to the 'bug monitor add.php' endpoint to...
PT-2026-39900
Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description An attacker can execute code via stored cross-site scripting XSS by uploading a crafted XHTML attachment that references a JavaScript attachment. This is achieved by using the 'file...
PT-2026-39702
Name of the Vulnerable Software and Affected Versions dnsmasq affected versions not specified Description A buffer overflow in the extract addresses function allows an attacker to trigger a heap out-of-bounds read and cause a crash. This occurs when a malformed DNS response is processed, enabling...
PT-2026-39883
Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description Improper escaping of the redirection page, which is retrieved from the Referer header of the request, allows an attacker to inject HTML. In certain server configurations, this can lead to...
PT-2026-39903
Name of the Vulnerable Software and Affected Versions bird-lg-go versions prior to 1.4.5 Description The apiHandler and webHandlerTelegramBot functions process user-provided JSON payloads using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remo...
PT-2026-39740
Name of the Vulnerable Software and Affected Versions Amazon::Credentials versions prior to 1.3.0 Description Amazon::Credentials stores credentials in an obfuscated form to prevent secrets from being accessed via a data dump of the object. The software uses a 64-bit key generated by the built-in...
PT-2026-39566
A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf nsmf handle created data in vsmf of the component SMF. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been published and may be used. The project was inform...
PT-2026-39889
Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description Lack of validation of the filter target parameter in the 'return dynamic filters.php' endpoint allows an attacker to inject arbitrary HTML when the target is a TEXTAREA custom field, leading...
PT-2026-39712
Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean thread html body used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with Django's |safe template filter in...
PT-2026-39641
In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...
PT-2026-39639
The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains a code injection vulnerability CWE-94 in its training script. The script registers the Python eval function as a Hydra configuration resolver under the name eval. This allows configuration files t...
PT-2026-39682
OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enforcement by triggering card-action flows in direct message conversations that should have been...
PT-2026-39856
Name of the Vulnerable Software and Affected Versions Outline versions prior to 1.7.0 Description An issue exists in the ZipHelper.extract function where the extraction path for each entry is computed by passing a full filesystem path through trimFileAndExt. This helper function uses path.basenam...
PT-2026-39583
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these...
PT-2026-39708
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view task aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGE BASE URL...
PT-2026-39714
Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...
PT-2026-39685
OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...
PT-2026-39765
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service...
PT-2026-39769
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 Description Processing maliciously crafted web content may...
PT-2026-39719
Name of the Vulnerable Software and Affected Versions jq versions 1.8.1 and earlier Description jq accepts embedded NUL bytes in import paths at the jq-language level, but subsequently resolves those paths using C string operations during module and data-file lookup. This results in a mismatch...
PT-2026-39809
Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 visionOS versions prior to 26.5 Description Processing maliciously crafted web content may...
PT-2026-39866
Name of the Vulnerable Software and Affected Versions HTTP::Tiny versions prior to 0.093 Description Perl HTTP::Tiny fails to validate CRLF Carriage Return Line Feed sequences in HTTP request lines or control field header values. The issue involves unvalidated inputs including the method and URI ...
PT-2026-39729
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin...
PT-2026-39844
Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 visionOS...
PT-2026-39647
Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-rc.2 Description The Twig sandbox allow-list permits any user with the admin.pages role to call the config.toArray function from within a page body. This action dumps the entire merged site configuration into the...
PT-2026-39827
Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions...
PT-2026-39868
Name of the Vulnerable Software and Affected Versions D-Link DIR-816 version 1.10CNB05 R1B011D88210 Description A command injection issue exists that allows a remote attacker to execute arbitrary commands. The flaw is located in the sub 445E7C function within the '/goform/singlePortForward'...
PT-2026-39552
A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...
PT-2026-39711
Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description The bytecode VM's data stack tracks its allocation size using a signed integer. When the stack grows beyond approximately 1 GiB through deeply nested generator forks, the doubling arithmetic overflows. Th...
PT-2026-39894
Name of the Vulnerable Software and Affected Versions RVF versions 6.0.0 through 6.0.3 RVF versions 7.0.0 through 7.0.1 Description The setPath function in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object fails to block the keys proto , constructor, or prototype...
PT-2026-39676
Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...
PT-2026-39873
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions 2.28.0 through 2.28.1 Description A low-privileged authenticated user with the add profile threshold permission can create a global profile even without the manage global profile threshold permission. This ...
PT-2026-39726
Name of the Vulnerable Software and Affected Versions cowlib versions 2.6.0 and later Description Improper Neutralization of CRLF Sequences CRLF Injection allows SSE event splitting and injection through unvalidated field values. The cow sse:event/1 function guards the id and event fields against...
PT-2026-39644
In Meari IoT SDK builds embedded in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and white-label Android apps = 1.8.x latest observed, multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys...
PT-2026-39643
In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...
PT-2026-39645
Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function...
PT-2026-39694
OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until...
PT-2026-39742
CVE-2026-20352 iOS 26.3-Research A Public Open-Source research framework with .py and .sh files created for analyzing iOS 26.3 security mechanisms. This project is designed to be advanced through the collective in... https://t.co/5O6AR6f6H7...
PT-2026-39472
Name of the Vulnerable Software and Affected Versions Moodle LMS version 4.0 Description An issue allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Specifically, JavaScript code can be injected via the search field in the...
PT-2026-39477
Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fields. Attackers can inject script tags through the title and excerpt parameters when creating...
PT-2026-39485
WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary...