184315 matches found
PT-2026-36902
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description The '/mcp-oauth/register' endpoint allows OAuth client registrations without authentication, which permits the registration of arbitrary...
PT-2026-36744
Name of the Vulnerable Software and Affected Versions Gym Management System In PHP and Windows NT 1.0 affected versions not specified Description A remote SQL injection can be triggered through the manipulation of the day argument in the '/index.php' endpoint. SQL injection is a type of flaw that...
PT-2026-37160
Name of the Vulnerable Software and Affected Versions CI4MS versions 0.31.1.0 through 0.31.7.0 Description The deleteProcess function in the /backend/themes/delete-process/slug endpoint fails to validate the tables POST parameter. An authenticated administrator can send a crafted request containi...
PT-2026-36684
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...
PT-2026-36671
Name of the Vulnerable Software and Affected Versions Apache Polaris versions prior to 1.4.1 Description Changing the write.metadata.path table property via an ALTER TABLE settings change allows a user to bypass the commit-time branch intended to revalidate storage locations. This defect enables...
PT-2026-36608
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object ids' and 'exclude object ids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the...
PT-2026-36670
Name of the Vulnerable Software and Affected Versions Apache Polaris version 1.4.0 Description Apache Polaris fails to properly escape namespace and table identifiers when constructing Common Expression Language CEL strings for Google Cloud Storage GCS Credential Access Boundaries CAB. This allow...
PT-2026-36603
Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP versions prior to 1.12B01 Description An issue exists in the Firmware Update Handler component within the cameo dev.sh file. Specifically, the platform do upgrade cameo dev function fails to sufficiently verify data...
PT-2026-36674
Name of the Vulnerable Software and Affected Versions Edimax BR-6428nC versions prior to 1.17 Description A buffer overflow can be triggered remotely via an unknown function within the '/goform/setWAN' endpoint. This occurs through the manipulation of the pptpDfGateway argument. Recommendations A...
PT-2026-36393
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free error exists in the usbtmc release function. This occurs because pending anchored URBs USB Request Blocks are not properly flushed or killed, which can lead to memory...
PT-2026-38413
Name of the Vulnerable Software and Affected Versions FileBrowser Quantum versions prior to 1.3.1-stable FileBrowser Quantum versions prior to 1.3.9-beta Description Attacker-controlled path input is joined with a trusted base path before sanitization, enabling the use of traversal sequences such...
PT-2026-38392
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description A sandbox escape allows sandboxed code to crash the host Node.js process. This occurs when a Promise constructor triggers an unhandled rejection that propagates to the host. Specifically, when sandboxed...
PT-2026-36356
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the USB gadget HID function where list and spinlock initializations were performed during the bind process. Specifically, queues registered via poll wait were...
PT-2026-36822
Name of the Vulnerable Software and Affected Versions n8n-MCP versions 2.47.4 through 2.47.13 Description The synchronous URL validator in SSRFProtection.validateUrlSync lacks IPv6 checks within the SDK embedder path, specifically affecting the N8NDocumentationMCPServer constructor,...
PT-2026-36176
Name of the Vulnerable Software and Affected Versions Secure Access Windows client versions prior to 14.50 Description A buffer overflow occurs in the software, which allows attackers with local control of the Windows client to cause a system crash, resulting in a blue screen. Recommendations...
PT-2026-37105
Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.4 PhpSpreadsheet versions prior to 2.1.16 PhpSpreadsheet versions prior to 2.4.5 PhpSpreadsheet versions prior to 3.10.5 PhpSpreadsheet versions prior to 5.7.0 Description The SpreadsheetML XML reader...
PT-2026-46739
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Reading Mode allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML...
PT-2026-35873
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow exists in the drivers/xen/sys-hypervisor.c file. The build ID returned by the HYPERVISOR xen versionXENVER build id function is not a string and lacks NUL termination...
PT-2026-35380
A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...
PT-2026-35518
Name of the Vulnerable Software and Affected Versions Pimcore version 12.3.3 Description An authenticated administrative user with permissions to import or save DataObject class definitions can inject malicious composite index metadata. This action allows the execution of unintended SQL commands ...
PT-2026-35352
A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The...
PT-2026-34977
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the alps raw event function within the hid-alps driver. This occurs because the driver fails to properly check if it has been claimed correctly befor...
PT-2026-34851
The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate openai content callback function, which relies solely on a nonce rather than verifying user permissions. This makes it...
PT-2026-34780
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An agentic consent bypass allows LLM agents to silently disable execution approval. Remote attackers can exploit this by using the config.patch parameter to bypass security controls and execute...
PT-2026-34377
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Add validation of the inner IPv4 packet tot len and ihl fields parsed from decrypted IPTFS payloads in input process payload. A crafted ESP packet containing an inne...
PT-2026-34348
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A crash occurs in the dmaengine idxd driver when the event log is disabled. If the hardware does not support reporting errors to the event log and an error triggering a Function Level...
PT-2026-43136
Name of the Vulnerable Software and Affected Versions GNU LibreDWG versions prior to 0.15 Description A weakness in the Dwggrep Utility component allows an out-of-bounds read, which occurs when the system accesses memory outside the intended boundary of a buffer. This issue is located in the bit...
PT-2026-34263
CVE-2026-6840 Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0. https://t.co/DGJUzFs4hC...
PT-2026-34180
Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.x Description The git resolver fails to validate the revision parameter, which is passed directly as a positional argument to the git fetch command. This allows an attacker to inject arbitrary flags...
PT-2026-34008
Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.0 Description The git resolver in API mode sends the system-configured Git API token to a user-controlled 'serverURL' when the token parameter is omitted. A tenant with TaskRun or PipelineRun create...
PT-2026-34150
Vulnerability in Oracle Fusion Middleware component: Dynamic Monitoring Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful...
PT-2026-34012
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...
PT-2026-33828
Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by first...
PT-2026-33872
OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...
PT-2026-33847
Name of the Vulnerable Software and Affected Versions LMDeploy versions prior to 0.12.3 Description A Server-Side Request Forgery SSRF issue exists in the vision-language module of LMDeploy, a toolkit for compressing, deploying, and serving large language models. The load image and encode image...
PT-2026-37121
Name of the Vulnerable Software and Affected Versions praisonai versions prior to 4.6.9 praisonaiagents versions prior to 1.6.9 Description Multiple backends in the multi-agent teams system fail to validate input, leading to arbitrary SQL execution. Specifically, nine backends—MySQL, PostgreSQL,...
PT-2026-33517
Name of the Vulnerable Software and Affected Versions HomeBox versions prior to 0.25.0 Description An issue exists where the defaultGroup ID remains permanently assigned to a user after their access to a group is revoked. Although the web interface enforces this revocation, the API does not...
PT-2026-36721
Name of the Vulnerable Software and Affected Versions Totolink N300RH version 3.2.4-B20220812 Description A security flaw in the Parameter Handler component allows a remote attacker to cause a buffer overflow. This occurs through the manipulation of the Password argument within the loginauth...
PT-2026-37029
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.12 Description An improper authorization issue exists in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. This logic flaw allows attackers to resol...
PT-2026-32383
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800...
PT-2026-32236
Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...
PT-2026-32279
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...
PT-2026-31891
Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway versions prior to 4.2.1 and versions 5.0.0 and 5.1.0. Description When configuring SSL bundles in Spring Cloud Gateway using the spring.ssl.bundle configuration property, the configuration was silently ignored, and the...
PT-2026-31314
Name of the Vulnerable Software and Affected Versions ProSolution WP Client plugin for WordPress versions up to and including 1.9.9 Description The ProSolution WP Client plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the proSol...
PT-2026-30787
A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /borrowedtool.php. Executing a manipulation of the argument code can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may b...
PT-2026-29756
Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands through the DATE parameter in the '/cgi-bin/logs openvpn.cgi' endpoint. The DATE...
PT-2026-29392
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior UB condition in IccUtil.cpp can be triggered by a crafted ICC profile when running iccDumpProfile. This issue has been patched in version 2.3.1.6...
PT-2026-28193
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'post content' of admin form posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybe unserialize function without class restrictions on...
PT-2026-28195
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment post title in all versions up to, and including, 6.4.3. This is due to insufficient output escaping in the getEditorPopup function and its corresponding media-popup.php template...
PT-2026-28102
What are the limits of AI-assisted vulnerability hunting? I obtained 23 CVEs in one month. BentoML 8.2k CVE-2026-27905 HIGH SillyTavern 24.6k CVE-2026-26286 HIGH Plane 28.2k CVE-2026-27705 MEDIUM NocoDB 46.4k CVE-2026-28399 MEDIUM Mautic 8.4k CVE-2026-3105 HIGH File Browser 27.9k CVE-2026-28492...