184322 matches found
PT-2026-45951
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The unicodedata.normalize function can consume excessive CPU time when processing specially crafted Unicode input. This occurs when the input contains long sequences of combining characters wi...
PT-2026-45955
An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
PT-2026-46071
Name of the Vulnerable Software and Affected Versions ealpha072 Student-Management-System versions prior to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08 Description An issue in the Administrative Backend component, specifically within the 'admin/config.php' file, allows for improper authentication...
PT-2026-46012
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A crash occurs in the PF driver during a kexec reboot because the hardware is not power-cycled, allowing the AF state from the previous kernel to persist. When AF and PF drivers are buil...
PT-2026-46024
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential NULL pointer dereference exists in the wpcm fiu probe function. This occurs because platform get resource byname can return a NULL value, which leads to a system crash when...
PT-2026-46041
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...
PT-2026-45904
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth component where the hci adv bcast annoucement function fails to properly validate the size of the combined data when prepending Broadcast Announcement...
PT-2026-45939
Missing input validation in the rfapiRibBi2Ri function rfapi rib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
PT-2026-45936
An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...
PT-2026-46239
Name of the Vulnerable Software and Affected Versions SolarWinds Serv-U versions prior to 15.5.4 Hotfix 1 Description SolarWinds Serv-U is susceptible to uncontrolled resource consumption when processing compressed HTTP request bodies. An unauthenticated remote attacker can trigger a...
PT-2026-46089
There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...
PT-2026-46116
Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.7 Description The 'DomainZones.add' API endpoint fails to sanitize newline characters within TXT record content. An authenticated customer with DNS editing permissions can inject newlines into TXT record values,...
PT-2026-46063
Name of the Vulnerable Software and Affected Versions Acronis DeviceLock DLP Windows versions prior to 9.0.15051.93227 Description Local privilege escalation is possible due to an EXE hijacking issue. This occurs when an application searches for a required executable file in an insecure order,...
PT-2026-46055
Name of the Vulnerable Software and Affected Versions DD-WRT affected versions not specified Description A stack-based buffer overflow exists in the UPnP service of certain DD-WRT router firmware. The issue occurs when the service incorrectly handles large ST:uuid values within crafted M-SEARCH...
PT-2026-46035
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Coresight TMC-ETR component of the Linux kernel when sysfs and perf modes are operated simultaneously. The issue occurs because the enablement of sysfs mod...
PT-2026-46834
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in PDFium allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted PDF file. Use after free is a memory corruption flaw th...
PT-2026-46038
Name of the Vulnerable Software and Affected Versions MariaDB server versions 10.6.1 through 10.6.26 MariaDB server versions 10.11.1 through 10.11.17 MariaDB server versions 11.4.1 through 11.4.11 MariaDB server versions 11.8.1 through 11.8.7 MariaDB server version 12.3.1 Description A...
PT-2026-46648
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page. Recommendatio...
PT-2026-46616
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow exists in ANGLE, which is a compatibility layer that allows OpenGL ES to run on various graphics APIs. This issue allows a remote attacker who has already compromise...
PT-2026-45800
NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level view other topics authorization. As a result, in forums where users may enter the for...
PT-2026-45710
Name of the Vulnerable Software and Affected Versions DeMomentSomTres Shortcodes versions prior to 1.1.2 Description The DeMomentSomTres Shortcodes plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the st callout function fails to properly sanitize input and...
PT-2026-45877
Name of the Vulnerable Software and Affected Versions openSeaChest version 25.05.3 Description An out-of-bounds write exists in the --showSupportedFormats command. This occurs when a maliciously crafted NVMe device provides a bogus value in the namespace FLBAS byte, allowing one extra byte to be...
PT-2026-45786
Name of the Vulnerable Software and Affected Versions mint versions 0.1.0 through 1.8.x Description An inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, allows attacker-controlled HTTP/1 servers to desynchronize response framing on shared connections. The iss...
PT-2026-45720
Missing Authorization vulnerability in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3...
PT-2026-45840
Name of the Vulnerable Software and Affected Versions tesla versions 1.3.0 through 1.18.2 Description An issue in Tesla.Adapter.Mint allows for a denial of service via atom table exhaustion. The function open conn/2 converts the URL scheme of outgoing requests into a BEAM atom using String.to...
PT-2026-46761
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Web Bluetooth allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A...
PT-2026-45691
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate...
PT-2026-46629
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Isolated Web Apps allows a remote attacker to execute arbitrary code inside a sandbox by using a malicious file. Recommendations Update to version...
PT-2026-46700
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds write occurs in V8, the JavaScript and WebAssembly engine. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code with...
PT-2026-45745
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
PT-2026-46474
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in the PDF component. This allows a remote attacker to execute arbitrary code within a sandbox if a user is convinced to perform specific UI gestures while...
PT-2026-45735
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...
PT-2026-46534
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds read occurs in ANGLE on Windows. This allows a remote attacker who has already compromised the renderer process to access potentially sensitive information from the...
PT-2026-46571
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in Views, where a remote attacker could potentially exploit heap corruption—a condition where memory allocation on the heap is corrupted—via a crafted HTML...
PT-2026-46585
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An uninitialized use in Skia allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory by using a crafted HTML...
PT-2026-51421
Уязвимость программного обеспечения Blitz Identity Provider связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить межсайтовые сценарные атаки XSS...
PT-2026-46619
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Dawn allows a remote attacker to potentially perform out of bounds memory access, which occurs when a program reads or writes data outside the intende...
PT-2026-45851
Name of the Vulnerable Software and Affected Versions sayan365 student-management-system versions prior to 7f3c9ce7d410332335c2affac93a385485051800 Description An issue in multiple endpoints allows for remote manipulation resulting in improper authentication. This occurs within an unknown functio...
PT-2026-45844
Name of the Vulnerable Software and Affected Versions ARMember Premium versions prior to 7.3.2 Description An issue exists where unauthenticated attackers can append additional SQL queries to existing ones to extract sensitive information from the database. This occurs due to insufficient escapin...
PT-2026-45855
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description An issue exists in the Simple Flow Executor SFE, which is a component used to manage the sequence of steps in an authentication flow. Due to the...
PT-2026-45711
Name of the Vulnerable Software and Affected Versions JTL-Connector for WooCommerce versions prior to 2.4.2 Description The plugin contains missing authorization due to a lack of capability checks and nonce verification. This allows authenticated attackers with Subscriber-level access or higher t...
PT-2026-46441
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Extensions allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanis...
PT-2026-46828
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the LiveCaption feature allows a remote attacker to potentially perform out of bounds memory access, which occurs when a program reads or writes data...
PT-2026-45522
Name of the Vulnerable Software and Affected Versions Nextcloud versions prior to 2.7.2 Description Authenticated users can verify if arbitrary files are linked to specific approval workflows used for requesting approval. Recommendations Update to version 2.7.2...
PT-2026-45422
A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...
PT-2026-45264
An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...
PT-2026-45634
Memory corruption in diagnostic services due to absence of input validation...
PT-2026-45633
Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...
PT-2026-45424
A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to th...
PT-2026-45267
A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function scan memory content of the file tools/memory tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the public and could be use...