184315 matches found
PT-2026-23162
Name of the Vulnerable Software and Affected Versions Mikado-Themes Eona versions through 1.3 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion...
PT-2026-4581
The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...
PT-2026-2228
Name of the Vulnerable Software and Affected Versions Fickling versions prior to 0.1.7 Description Fickling, a Python pickling decompiler and static analyzer, does not explicitly block the ctypes and pydoc modules in versions prior to 0.1.7. Combining these modules can lead to Remote Code Executi...
PT-2026-34072
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481 and 8u481-b50 Oracle GraalVM Enterprise Edition version 21.3.17 Description An issue in the Hotspot component allows a low privileged attacker with logon access to the infrastructure to compromise the system...
PT-2025-33818 · Unknown · Screenshot-Desktop
Name of the Vulnerable Software and Affected Versions: screenshot-desktop versions prior to 1.15.2 Description: screenshot-desktop is susceptible to a command injection issue. User-controlled input provided to the format option of the screenshot function is interpolated into a shell command witho...
PT-2025-7475 · WordPress · Modal Window
Name of the Vulnerable Software and Affected Versions: The Modal Window plugin for WordPress versions up to, and including, 6.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode due to insufficient input sanitization and output escaping on...
PT-2025-8806
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential crash in the Linux kernel has been identified. The issue occurs when setting up a bsg queue fails, causing the bsg queue to be assigned a non-NULL value. As a result, the...
PT-2025-2989 · Lwip · Lwip
Name of the Vulnerable Software and Affected Versions: lwip affected versions not specified Description: The issue is related to a possible out of bounds write due to an integer overflow in the prepare response function of lwis periodic io.c. This could lead to local escalation of privilege with ...
PT-2024-41495
Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.1 Description A permissions issue allowed a malicious application with root privileges to access private information. This was addressed with additional restrictions. Recommendations Update to macOS version 15.1 or...
PT-2024-30780
Name of the Vulnerable Software and Affected Versions Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress versions up to, and including, 13.3.1 Description The issue is related to Stored Cross-Site Scripting via the plugin's wpvideo shortcode due to insufficient input sanitization...
PT-2024-22733 · Woocommerce · Woocommerce Google Feed Manager
Name of the Vulnerable Software and Affected Versions: WooCommerce Google Feed Manager versions n/a through 2.2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...
PT-2024-40: Readout protection level bypass in GigaDevice Semiconductor products
The vulnerability was identified in in series GD32E23x, GD32F20x, GD32F1x0, GD32F4xx, GD32F30x, GD32C10x, GD32E10x, GD32E50x of GigaDevice Semiconductor products. The vulnerability can be exploited by an attacker to run arbitrary shell code in SRAM. Vulnerability status: Confirmed by research Dat...
PT-2021-2559 · Linux +9 · Linux Kernel +9
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11.3 Description: An issue was discovered in the Linux kernel when a webcam device exists, related to a memory leak in the video usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c for large arguments...
PT-2026-52933
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox-test component where a double-free occurs during the process of freeing channels. This happens because the RX channel can be aliased to the TX channel if i...
PT-2026-52445
Name of the Vulnerable Software and Affected Versions Remote Keyless Entry System RKES using 433 MHz key fob FCC ID CWTR53R0 affected versions not specified Description The system is susceptible to a roll-back attack targeting its rolling-code authentication. An attacker within radio frequency...
PT-2026-51308
Name of the Vulnerable Software and Affected Versions MISP core affected versions not specified Description Broken access-control flaws exist where authorization checks are performed against incorrect entities or ownership and editability checks are missing on write paths. This allows a...
PT-2026-51135
Name of the Vulnerable Software and Affected Versions SP Page Builder extension for Joomla versions 1.0.0 through 6.6.1 Description A flaw allows unauthenticated users to upload arbitrary files, which can lead to the upload and execution of PHP code. This issue has been actively exploited in...
PT-2026-50899
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description Improper Authentication occurs when the cas-auth plugin is used in a route, potentially allowing an attacker to authenticate using credentials from a different source. Recommendations...
PT-2026-50933
Name of the Vulnerable Software and Affected Versions Joomla Survey Force Deluxe version 3.2.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the component containing crafted S...
PT-2026-51031
Name of the Vulnerable Software and Affected Versions Azure Active Directory affected versions not specified Description Improper authentication allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...
PT-2026-50990
Name of the Vulnerable Software and Affected Versions Joomla Component vRestaurant version 1.9.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'menu-listing-layout' endpoint with malicious code...
PT-2026-50138
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.1 Description In the Git Smart HTTP path, the system fails to enforce repository-scoped access-token permissions when tokens are provided via Bearer authentication. While the CheckRepoScopedToken function is design...
PT-2026-49988
Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. This flaw allows an unauthenticated attacker with network access via JDENET ...
PT-2026-49952
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description A flaw in the Security Framework component of Oracle WebCenter Portal allows a low privileged attacker with network access via HTTPS to compromis...
PT-2026-49933
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Sites version 12.2.1.4.0 Oracle WebCenter Sites version 14.1.2.0.0 Description An issue in the Oracle WebCenter Sites component of Oracle Fusion Middleware allows an unauthenticated attacker with network access via HTTP to...
PT-2026-49228
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7...
PT-2026-49561
Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description An issue exists in @angular/common when Server-Side Rendering SSR and hydration are enabled...
PT-2026-48954
Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...
PT-2026-48352
Name of the Vulnerable Software and Affected Versions ESF-IDF version 5.2.6 ESF-IDF version 5.3.5 ESF-IDF version 5.4.4 ESF-IDF version 5.5.4 ESF-IDF version 6.0 Description A NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esp http server component. During th...
PT-2026-48542
Overview Litestar instances which use a template engine in conjunction with CSRF protection are vulnerable to HTML Injection which can be escalated to Cross Site Scripting due to the contents of the CSRF cookie being excluded from automatic escaping by the template engine when configured inline...
PT-2026-47905
Name of the Vulnerable Software and Affected Versions Windows Push Notifications affected versions not specified Description A race condition occurs in Windows Push Notifications due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges...
PT-2026-47678
The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rc options page function. This makes it possible for unauthenticated attackers to modify plugin settin...
PT-2026-47606
Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.5 Description An issue exists in the File::prohibitWrappers function where the use of parse url to detect stream wrappers can be bypassed. When an input contains three or more slashes after the scheme e.g....
PT-2026-47608
Name of the Vulnerable Software and Affected Versions Netty affected versions not specified Description A file descriptor leak occurs in the netty unix socket recvFd function when a peer sends two file descriptors simultaneously via an SCM RIGHTS control message. The system allocates a control...
PT-2026-46130
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...
PT-2026-46010
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A crash occurs when determining the GFX3D clock rate. This is caused by the passed parent map failing to provide the expected best parent hw clock after the removal of round rate in favo...
PT-2026-45548
A NULL pointer dereference in the ext4 dir en get name len function in include/ext4 dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validat...
PT-2026-45271
A vulnerability has been found in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file add user check.php of the component User Creation Handler. The manipulation of the argument role leads to sql...
PT-2026-45515
Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions prior to 3.2.16 Spring Cloud Function versions prior to 4.1.10 Spring Cloud Function versions prior to 4.2.6 Spring Cloud Function versions prior to 4.3.3 Spring Cloud Function versions prior to 5.0.2 Spring Clou...
PT-2026-45526
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...
PT-2026-44218
The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue block assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...
PT-2026-44280
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A data race exists in the ALSA PCM OSS component when accessing the runtime.oss.trigger field. Because this field is a bit field, concurrent access without protection can cause writes to...
PT-2026-44298
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An inconsistency occurs in the f2fs file system during Foreground Garbage Collection FGGC node block migration. The Garbage Collection process fails to clear the dentry and fsync marks...
PT-2026-44236
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the KVM x86 shadow paging mechanism. The shadow MMU calculates Guest Frame Numbers GFNs for direct shadow pages by adding the SPTE index to sp-gfn. This...
PT-2026-44289
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-use-after-free error exists in the mac80211 wireless subsystem. The issue occurs during radar detect work when the ieee80211 dfs cac cancel function is called, which can cause the...
PT-2026-44249
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the RDMA mana component where the mana destroy wq obj cleanup process in mana ib create qp rss is handled...
PT-2026-43792
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak occurs in the thermal of cm lookup function. The tr np variable is obtained through of parse phandle but is not released, leading to a memory leak. Recommendations At th...
PT-2026-43786
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Real-Time RT load balancing mechanism where a CPU can enter an infinite self-Inter-Processor Interrupt IPI loop, leading to a CPU hardlockup. This occurs when a CP...
PT-2026-43291
Name of the Vulnerable Software and Affected Versions com users affected versions not specified Description Lack of Cross-Site Request Forgery CSRF token validation—a mechanism used to prevent unauthorized commands from being transmitted from a user the web application trusts—leads to a CSRF atta...
PT-2026-45146
Name of the Vulnerable Software and Affected Versions MariaDB server versions 10.6.1 through 10.6.25 MariaDB server versions 10.11.1 through 10.11.16 MariaDB server versions 11.4.1 through 11.4.10 MariaDB server versions 11.8.1 through 11.8.6 MariaDB server version 12.3.1 Description During the...