184377 matches found
PT-2026-48314
Name of the Vulnerable Software and Affected Versions Spring AMQP versions 4.0.0 through 4.0.3 Spring AMQP versions 3.2.0 through 3.2.10 Spring AMQP versions 3.1.0 through 3.1.15 Spring AMQP versions 2.4.0 through 2.4.17 Description Correlation IDs for replies in the sendAndReceive function of...
PT-2026-47847
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl recv event parses Content-Length with atol and passes the result straight to mallocle...
PT-2026-48240
21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...
PT-2026-47989
Access of resource using incompatible type 'type confusion' in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...
PT-2026-48103
Name of the Vulnerable Software and Affected Versions Microsoft Windows Narrator Braille affected versions not specified Description An untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. This issue is related to an exposed dangerous...
PT-2026-48082
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
PT-2026-47817
Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...
PT-2026-48289
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A bug in the query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE causes...
PT-2026-48022
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...
PT-2026-48290
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description When OIDC OpenID Connect, an identity layer on top of the OAuth 2.0 protocol authentication is enabled in the configuration, unauthenticated clients can cause a...
PT-2026-48035
Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network. Cross-si...
PT-2026-47706
openSUSE issued new Chromium 149.0.7827.53 and Chromedriver builds fixing CVE-2026-0194 and CVE-2026-10958 for Backports SLE-15-SP7 and Tumbleweed, LinuxSecurity reported. https://t.co/OjsKRZMxHK...
PT-2026-47655
Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description A Spring MVC or Spring WebFlux application...
PT-2026-48031
Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description An issue in Microsoft Office, specifically affecting the Microsoft Outlook email client and Microsoft Word text editor, involves type confusion—where a resource is accessed using an...
PT-2026-47724
Name of the Vulnerable Software and Affected Versions MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails versions prior to 2.0.5 Description Insufficient input sanitization and output escaping allow authenticated attackers with author-level access or higher to perfor...
PT-2026-48078
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
PT-2026-47770
WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...
PT-2026-47771
Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the...
PT-2026-47998
Name of the Vulnerable Software and Affected Versions Windows DHCP Server affected versions not specified Description An out-of-bounds read occurs in Windows DHCP Server, which allows an authorized attacker to disclose sensitive information locally. An out-of-bounds read is a condition where the...
PT-2026-48147
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
PT-2026-48324
Name of the Vulnerable Software and Affected Versions Spring Data REST versions 3.7.0 through 3.7.19 Spring Data REST versions 4.3.0 through 4.3.16 Spring Data REST versions 4.4.0 through 4.4.14 Spring Data REST versions 4.5.0 through 4.5.11 Spring Data REST versions 5.0.0 through 5.0.5 Descripti...
PT-2026-47889
Name of the Vulnerable Software and Affected Versions Windows Hotpatch Monitoring Service affected versions not specified Description An out-of-bounds write in the Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally. An out-of-bounds write occurs when a program...
PT-2026-47614
Name of the Vulnerable Software and Affected Versions Netty ionetty:netty-resolver-dns affected versions not specified Description Insufficient validation of the bailiwick of NS records in DnsResolveContext allows for DNS Cache Poisoning. An attacker controlling an authoritative name server for a...
PT-2026-47269
A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search staff for deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed t...
PT-2026-47250
Name of the Vulnerable Software and Affected Versions Simple Flight Ticket Booking System version 1.0 Description An issue exists in the POST Parameter Handler component within the checkUser.php file. Remote manipulation of the Username parameter allows for SQL injection, a technique where...
PT-2026-47257
A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/add stock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be...
PT-2026-47511
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description An inappropriate implementation in MediaCapture allows a remote attacker to leak cross-origin data, which is data from a different origin than the one that initiated the request...
PT-2026-47437
Name of the Vulnerable Software and Affected Versions Tenda F451 versions 1.0.0.7 through 1.0.0.9 Description A security flaw in the Web Management Interface allows remote exploitation via OS command injection. The issue exists within the formWriteFacMac function located in the /goform/WriteFacMa...
PT-2026-47307
A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The...
PT-2026-47263
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=save patient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...
PT-2026-47453
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description bz2.BZ2Decompressor objects can be reused following a decompression error. If an application catches the resulting OSError and attempts to retry using the same decompressor, specially crafted...
PT-2026-47433
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import users.php. The manipulation of the argument raw password wit...
PT-2026-47238
A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument...
PT-2026-47305
OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext...
PT-2026-47488
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A type confusion issue in bindings allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Type confusion occurs when a program...
PT-2026-47500
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Guest View allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that...
PT-2026-47304
Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator crashes when it encounters a file via RRDP Router Role Distribution Protocol that uses a specifically crafted Document Type Definition DTD, which is a set of markup declarations...
PT-2026-47325
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A buffer underwrite issue exists when using crafted regular expressions within the configuration. Recommendations Upgrade to version 2.4.68...
PT-2026-47317
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A heap-based buffer overflow occurs when interacting with malicious backend servers using ProxyPassReverseCookie. A heap-based buffer overflow is a memory corruption issue where data...
PT-2026-47491
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An out of bounds read in Dawn allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. An out of bounds read occurs when a program reads data past the...
PT-2026-47324
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description The mod proxy ftp module contains a loop with an unreachable exit condition, leading to an infinite loop when interacting with an attacker-controlled backend FTP server...
PT-2026-47331
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.55 through 2.4.67 Description A Use After Free issue exists in the mod http2 module of Apache HTTP Server, which occurs when file handles are already exhausted. Use After Free is a memory corruption flaw where a...
PT-2026-47385
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A local user can cause an infinite loop in the kernel context by crafting a self-referential extension where ext-next == &ext with zero in sync count and out sync count. This occurs...
PT-2026-47348
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the drm/amdgpu component where the kernel crashes during the modprobe of the amdgpu driver on RDNA4 GFX 12 hardware, such as the RX 9070 XT. This occurs because the amdg...
PT-2026-47168
A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been release...
PT-2026-47178
A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf dump systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly...
PT-2026-47177
Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions prior to 0.8.3 Description Command injection is possible via the mermaid.path argument in the check cmd exists function located in the metagpt/utils/common.py file. This issue allows a remote attacker to execu...
PT-2026-47131
Name of the Vulnerable Software and Affected Versions WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More versions prior to 1.10.0.2 Description The plugin is subject to insufficient verification of data authenticity. The PayPal Commerce webhook endpoint...
PT-2026-47124
Name of the Vulnerable Software and Affected Versions Page-list plugin for WordPress versions prior to 6.3 Description Missing authorization occurs in the pagelist unqprfx ext shortcode function, specifically within the 'pagelist ext' and 'pagelistext' shortcodes. The function accepts...
PT-2026-47451
CVE-2026-36229 - VMware Aria Operations For Logs Directory Traversal CVE ID :CVE-2026-36229 Published : June 6, 2026, 9:16 p.m. | 2 hours, 14 minutes ago Description :Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further...