175406 matches found
PT-2026-38919
Name of the Vulnerable Software and Affected Versions Apache CloudStack versions 4.21.0.0 through 4.22.0.0 Description Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. The Proxmox extension improperly uses a user-editable instance...
PT-2026-38361
A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service...
PT-2026-38393
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description The CallSite wrapper class, designed as a safe wrapper for V8's native CallSite, fails to sanitize the output of the getFileName function. While the class blocks getThis and getFunction to prevent host...
PT-2026-38578
Name of the Vulnerable Software and Affected Versions Microsoft Edge Copilot Chat affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to disclose information over a network...
PT-2026-38638
Name of the Vulnerable Software and Affected Versions Next.js versions 13.4.13 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Self-hosted applications using the built-in Node.js server are subject to server-side request forgery SSRF, a condition where an attacker forces a serv...
PT-2026-38298
Name of the Vulnerable Software and Affected Versions Hugo versions prior to 0.161.0 Description When building a site that utilizes Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS, the software invokes configured Node tools without restrictions on file system access. This allows...
PT-2026-37203
Name of the Vulnerable Software and Affected Versions Pelican versions 7.21.0 through 7.21.4 Pelican versions 7.22.0 through 7.22.2 Pelican versions 7.23.0 through 7.23.2 Pelican versions 7.24.0 through 7.24.1 Description A privilege escalation issue exists in the Web User Interface WebUI that...
PT-2026-26955
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a crash when...
PT-2026-6009
Name of the Vulnerable Software and Affected Versions Autodesk 3ds Max affected versions not specified Description A specially designed RGB file, when processed by Autodesk 3ds Max, can lead to a memory corruption issue. An attacker could potentially use this to run code without authorization...
PT-2025-50605
Apache Struts 2 DoS Flaw CVE-2025-66675 Risks Server Crash via File Leak in Multipart Request Processing https://securityonline.info/apache-struts-2-dos-flaw-cve-2025-66775-risks-server-crash-via-file-leak-in-multipart-request-processing/...
PT-2025-50139
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the AddressesTo parameter of the ''/Mondo/lang/sys/Forms/AddressBook.aspx'' endpoint. The AddressesTo value...
PT-2025-32252 · Akamai · Akamaighost
Name of the Vulnerable Software and Affected Versions: Akamai Ghost versions prior to 2025-03-26 Description: An issue exists in Akamai Ghost, used for the Akamai CDN platform. A client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can...
PT-2025-31474 · WordPress · Ai Engine Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress versions 2.9.3 and 2.9.4 Description: The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest simpleFileUpload function. This allows authenticat...
PT-2025-28938 · Ооо "Юзергейт" · Usergate Next-Generation Firewall
Уязвимость страницы блокировки межсетевого экрана UserGate Next-Generation Firewall NGFW связана с недостаточной проверкой входных данных. Эксплуатация уязвимости, может позволить нарушителю, выполнить произвольный код при переходе по специально сформированной ссылке...
PT-2025-1920 · WordPress · The Coupon X: Discount Pop Up
Name of the Vulnerable Software and Affected Versions: The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress versions up to, and including, 1.3.5 Description: The issue is related to PHP Object Injection via deserialization of untrusted...
PT-2024-32821 · Jenkins · Credentials Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Plugin versions 1380.va 435002fa 924 and earlier, except version 1371.1373.v4eb fa b 7161e9 Description: The issue concerns the Jenkins Credentials Plugin, which does not redact encrypted values of credentials using the...
PT-2024-18881 · Qualcomm · Snapdragon +105
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns information disclosure when handling Multi-link IE in a beacon frame. No details are provided about the estimated number of potential...
PT-2024-5165 · Asus · Asus Fan Xpert +1
Name of the Vulnerable Software and Affected Versions: ASUS Fan Xpert versions prior to 10013 Description: An issue in the DeviceIoControl component allows an attacker to execute arbitrary code via crafted IOCTL requests. The vulnerability is related to a buffer overflow in the AsInsHelp64.sys...
PT-2024-22395 · Lektor · Lektor
Name of the Vulnerable Software and Affected Versions: Lektor versions prior to 3.3.11 Description: The issue concerns the lack of sanitization of database path traversal in Lektor. This allows shell commands to be executed via a file added to the templates directory under specific conditions. Th...
PT-2023-27461 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14 Description: A permissions issue was addressed with additional restrictions. This issue allows a sandboxed process to potentially circumvent sandbox restrictions. Recommendations: For versions prior to 14, update to...
PT-2025-18579 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel related to the tipc nl compat name table dump header function. The issue was caused by a missing type cast of sizeof.. to int, whi...
PT-2022-27890 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered, which can be triggered via the limitSpeedUp parameter at the "/goform/SetClientState" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, avoid using...
PT-2021-2217 · Linux +6 · Linux Kernel +6
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.13 Description: A local privilege escalation issue is present in the Linux kernel due to multiple race conditions in the AF VSOCK implementation. These conditions are caused by incorrect locking in the...
PT-2017-13225 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.12.10 Description: The issue is related to an integer overflow in the qla2x00 sysfs write optrom ctl function, which can be exploited by local users with root access to cause a denial of service, resulting in...
PT-2026-47134
Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin for Create and Sell Online Courses versions prior to 4.3.7 Description An issue exists that allows unauthenticated attackers to extract sensitive data through an unrestricted SELECT fallback query. By sending ...
PT-2026-46915
Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...
PT-2026-46930
In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user...
PT-2026-46180
A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template. save pil image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A...
PT-2026-46229
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...
PT-2026-45693
Name of the Vulnerable Software and Affected Versions Kirki versions 6.0.0 through 6.0.6 Description The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress contains a flaw allowing unauthenticated privilege escalation and account takeover. The issue occurs because th...
PT-2026-45673
A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...
PT-2026-45725
Name of the Vulnerable Software and Affected Versions Apache Kafka affected versions not specified Description An improper authorization issue exists in the 'CONSUMER GROUP DESCRIBE' 69 API. The implementation validates the DESCRIBE operation on the GROUP resource, which contradicts the READ...
PT-2026-45682
Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web action data URL parameter...
PT-2026-45678
A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...
PT-2026-08: Local Privilege Escalation Vulnerabilities in the Linux Kernel (Dirty Frag)
This security advisory provides information regarding Linux kernel vulnerabilities: CVE-2026-43284 and CVE-2026-43500 , informally known as Dirty Frag. These vulnerabilities allow for local privilege escalation to the superuser root level and affect the Linux kernel modules: esp4 , esp6 and rxrpc...
PT-2026-45246
A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function get safety warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit...
PT-2026-45591
In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-45534
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circumvent two-factor authentication 2FA protections...
PT-2026-45503
A security vulnerability has been detected in Bottelet DaybydayCRM up to 2.2.1. This impacts the function view of the file app/Http/Controllers/DocumentsController.php. Such manipulation leads to improper authorization. The attack may be launched remotely. It is best practice to apply a patch to...
PT-2026-45257
In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784...
PT-2026-45594
In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-45408
Name of the Vulnerable Software and Affected Versions logback-core versions prior to 1.5.34 Description Deserialization of untrusted data in the HardenedObjectInputStream module allows for Object Injection, although the impact is heavily restricted. An attacker capable of influencing serialized...
PT-2026-45439
Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.6 Description Improper neutralization of input during web page generation allows for Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper...
PT-2026-45492
Name of the Vulnerable Software and Affected Versions Vitest versions prior to 4.1.0 Description A flaw in the UI/API server on Windows allows remote attackers to bypass file access restrictions and read arbitrary files when the server is exposed to the network. The issue occurs because the API...
PT-2026-44754
The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmodule shortcode function, which...
PT-2026-45022
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description NodeVM allows the exclusion of public network builtins from the wildcard builtin option, which blocks direct access to modules such as 'http', 'https', 'http2', 'net', 'dgram', 'tls', 'dns', and...
PT-2026-44355
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the HID playstation module where the dualshock4 parse report function fails to validate the number of touch reports provided by a device. If a device reports an excessiv...
PT-2026-44336
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab use-after-free issue exists in the appletb-kbd driver. The problem occurs during driver tear-down in the appletb kbd probe and appletb kbd remove functions due to improper...
PT-2026-43615
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
PT-2026-45149
Name of the Vulnerable Software and Affected Versions MariaDB server versions 10.6.1 through 10.6.25 MariaDB server versions 10.11.1 through 10.11.16 MariaDB server versions 11.4.1 through 11.4.10 MariaDB server versions 11.8.1 through 11.8.6 MariaDB server version 12.3.1 Description The mbstream...