PT-2026-48855

The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information...

PT-2026-48991

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when prettyUrls: true is enabled on @apostrophecms/file a documented SEO feature for serving uploaded files at clean URLs, the public pretty-URL handler builds the upstream URL using the raw...

PT-2026-48877

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get blog list. This issue has been patched in versions 15.106.0 and 16.16.0...

PT-2026-48935

Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly...

PT-2026-49055

Summary A potential Cross-Site Scripting XSS vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the toSVG method. Specifically, the color field within the colorStops array of a fabric.Gradient object is not properly escaped when...

PT-2026-49008

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.68 Description A heap buffer out-of-bounds read occurs in the antivirus engine when scanning a malformed PDF file. This issue may lead to local execution of code or a denial-of-service of the engine...

PT-2026-48951

Name of the Vulnerable Software and Affected Versions Naxclow Smart Doorbell X3 affected versions not specified Naxclow devices affected versions not specified Description Naxclow devices utilize a uniform request-signing scheme that relies on a hard-coded, platform-wide salt embedded in every...

PT-2026-48866

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

PT-2026-48858

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

PT-2026-48943

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi search endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to...

PT-2026-48999

A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharing group id to a sharing group they were not authorized to use. When distribution was set to sharing group distribution, th...

PT-2026-48876

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

PT-2026-48962

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.80 Parse Server versions prior to 9.9.1-alpha.6 Description A relation query using the $relatedTo operator allows an unauthenticated client to read the membership of a Relation field. This occurs even if the...

PT-2026-48896

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions...

PT-2026-48964

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.5.0 Description Several endpoints in this open-source personal finance application are affected by path traversal, a condition where an attacker can access files and directories that are stored outside the web root...

PT-2026-48610

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum location notification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2026-48612

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Enterprise PeopleTools versions 8.61 through 8.62 Description An unauthenticated remote code execution flaw exists in the Environment Management Hub PSEMHUB component of Oracle PeopleSoft Enterprise PeopleTools. This issue...

PT-2026-48809

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description The HAProxy PROXY protocol v2 codec leaks native or heap memory on every connection when a client sends a syntactically valid header containing nested PP2...

PT-2026-48695

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

PT-2026-48661

Name of the Vulnerable Software and Affected Versions Check Point Identity Agent Full for Windows OS affected versions not specified Description A local privilege escalation issue exists where an authenticated local user can execute arbitrary code with SYSTEM privileges. This occurs due to improp...

PT-2026-48793

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched in version 5.5.3 - 1...

PT-2026-48613

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

PT-2026-48676

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import database rules or import roles rules functions, the malicious code is executed...

PT-2026-48616

Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4...

PT-2026-48400

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...

PT-2026-48409

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in...

PT-2026-48499

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit saved search owner could reassign...

PT-2026-48523

CVE-2026-49413 - FreeBSD LPE via Linuxulator AT SECURE Logic Bug A setuid exec ordering bug in the Linuxulator emits AT SECURE=0 in auxv, turning LD PRELOAD into euid=0 privilege escalation. https://t.co/waPg0ft2sf...

PT-2026-48488

Name of the Vulnerable Software and Affected Versions PAN-OS versions 10.2 affected versions not specified PAN-OS versions 11.1 affected versions not specified PAN-OS versions 11.2 affected versions not specified PAN-OS versions 12.1 affected versions not specified Description A command injection...

PT-2026-48497

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrate...

PT-2026-48363

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build...

PT-2026-48487

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface CLI to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access i...

PT-2026-48532

Name of the Vulnerable Software and Affected Versions UpdraftPlus versions prior to 1.26.5 UpdraftCentral versions prior to 0.8.32 Description An unauthenticated authentication bypass allows remote code execution on sites connected to UpdraftCentral, a remote management dashboard. The issue occur...

PT-2026-48554

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

PT-2026-48555

Simple Link Directory through 9.0.4 interpolates the sld no results found option into a JavaScript string literal without encoding. Because sanitize text field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...

PT-2026-48375

Name of the Vulnerable Software and Affected Versions ansible.posix affected versions not specified Description A local privilege escalation issue exists in the authorized key module. The keyfile function utilizes os.chown instead of os.lchown and opens files without the O NOFOLLOW flag when...

PT-2026-48469

Summary Stack-based Buffer Overflow vulnerability in Erlang OTP erl interface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl interface/src/misc/ei printterm.c and program routine ei s print term. The C function ei s print term uses an internal...

PT-2026-48391

Found a command injection in Warp CVE-2026-48719 A crafted Git branch name runs in the victim's shell when selected in the prompt branch selector. Responsibly disclosed and now patched. Update @warpdotdev to stay safe. https://t.co/j16vvGrYLa...

PT-2026-48389

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

PT-2026-48421

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description An open redirect issue exists where the software improperly validates redirect URLs after login. When a URL contains relative path segments such as ./ or ../, th...

PT-2026-48407

Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public...

PT-2026-48520

Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends...

PT-2026-48160

A NULL pointer dereference in the gf odf vvc cfg write bs function odf/descriptors.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-47653

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

PT-2026-47806

Name of the Vulnerable Software and Affected Versions Ivanti Sentry versions prior to R10.5.2 Ivanti Sentry versions prior to R10.6.2 Ivanti Sentry versions prior to R10.7.1 Description An OS command injection flaw allows a remote unauthenticated user to execute arbitrary code with root privilege...

PT-2026-48201

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48287

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

PT-2026-47996

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally...

PT-2026-47747

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description The cache frontend...

PT-2026-48097

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...