184298 matches found
PT-2026-22558
Name of the Vulnerable Software and Affected Versions Linksys Wlan AP affected versions not specified Description The WLAN AP firmware contains a flaw where an incorrect bounds check can lead to an out-of-bounds write. This condition could allow for remote proximal/adjacent escalation of privileg...
PT-2026-22642
Name of the Vulnerable Software and Affected Versions affected versions not specified Description A memory corruption issue exists when processing IOCTL calls. This occurs due to accessing a buffer after it has been freed. The issue involves a memory corruption vulnerability that could potentiall...
PT-2026-22389
Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.0.18 Description The WebAuthn prepare endpoint, /api/webauthn/prepare, in versions prior to 4.0.18 lacks authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to...
PT-2026-22107
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.8.0 Description Langflow is a tool for building and deploying AI-powered agents and workflows. In the CSV Agent node, the variable allow dangerous code is hardcoded to True, which automatically exposes LangChain's...
PT-2026-21554
Name of the Vulnerable Software and Affected Versions ElementsKit Lite WordPress plugin versions prior to 3.7.9 Description The ElementsKit Lite WordPress plugin versions prior to 3.7.9 exposes the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoi...
PT-2026-21506
A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user avatar upload controller of the file /backend/app/api/v1/module system/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launch...
PT-2026-21442
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information...
PT-2026-20209
Name of the Vulnerable Software and Affected Versions IBM Cloud Pak System versions 2.3.3.6 through 2.3.5.0 Description The software contains improper access controls, potentially allowing an authenticated user to perform unauthorized tasks. Recommendations IBM Cloud Pak System version 2.3.3.6...
PT-2026-8246
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough networks parameter in vpn ipsec settings.php. Attackers can craft POST requests with JavaScript payloads in the passthrough networks parameter to...
PT-2026-8047
The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulk save' AJAX action. This makes it possible for...
PT-2026-7260
Name of the Vulnerable Software and Affected Versions Artifex MuPDF versions up to 1.26.1 Description A flaw exists in Artifex MuPDF up to version 1.26.1 on Windows. The issue is related to uncontrolled search path manipulation caused by the get system dpi function within the platform/x11/win...
PT-2026-7389
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that...
PT-2026-6988
Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A security issue exists in D-Link DIR-823X version 250416. The sub 4175CC function within the /goform/set static route table file is susceptible to OS command injection. Manipulation of the interface,...
PT-2026-6910
Name of the Vulnerable Software and Affected Versions SourceCodester Online Class Record System version 1.0 Description A flaw exists in SourceCodester Online Class Record System 1.0 that allows for SQL injection. The issue is located in the file /admin/subject/controller.php. Manipulating the ID...
PT-2026-6559
Name of the Vulnerable Software and Affected Versions phpMyChat Plus version 1.98 Description The software contains a SQL injection issue in the 'deluser.php' page. This allows manipulation of database queries through the pmc username parameter. Attackers can use boolean-based, error-based, and...
PT-2026-6267
Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.1.0 Description apko is a tool that enables users to build and publish OCI container images from apk packages. A path traversal issue exists in apko’s dirFS filesystem abstraction between versions 0.14.8 and 1.1....
PT-2026-5617
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product...
PT-2026-6281
Name of the Vulnerable Software and Affected Versions Fastify versions prior to 5.7.2 Description Fastify is a web framework for Node.js. A validation bypass exists where request body validation schemas specified by Content-Type can be circumvented. Appending a tab character t followed by arbitra...
PT-2026-4605
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...
PT-2026-4321
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automator discord user mapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and...
PT-2026-4608
CVE-2023-32719 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2023-32719 Published : Jan. 22, 2026, 10:16 a.m. | 50 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. Severity: 0.0 | NA Visit the link for more details, such as CVSS...
PT-2026-3947
A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...
PT-2026-3701
Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft versions 8.60 through 8.62 Description A flaw exists in the Integration Broker component of Oracle PeopleSoft Enterprise PeopleTools. An unauthenticated attacker with network access via HTTP can compromise the system...
PT-2026-3582
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...
PT-2026-2837
The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'set stopwords for comments' and 'delete stopwords for comments' functions. This makes it possible for...
PT-2026-2103
Name of the Vulnerable Software and Affected Versions Tarkov Data Manager versions prior to 02 January 2025 Description The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting XSS vulnerability exists in the toast notification...
PT-2026-1932
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.2-rc2 Description LibreChat, a ChatGPT clone, does not properly control access when uploading files to an agent's file context or during file searches in version 0.8.1-rc2. An authenticated attacker who knows an...
PT-2026-1213
Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A security issue has been identified in the software. The strcpy function within the /goform/formUser file is susceptible to a buffer overflow when handling the passwd1 argument. This manipulation c...
PT-2026-4318
Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description An error in QEMU’s KVM Xen guest support allows a malicious guest to cause out-of-bounds heap accesses within the QEMU process. This is triggered through the emulated Xen physdev hypercall...
PT-2026-50454
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.33 Description The software fails to block the ctypes module, which is a foreign function interface library used to call C functions directly, load DLLs, and manipulate raw memory pointers. This allows attacker...
PT-2025-52932
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a potential memory leak within the vdpa sim module, specifically in the vdpasim net init and vdpasim blk init functions. The issue arises when a device...
PT-2025-49671
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The irdma driver within the Linux kernel could use a number of MSIX vectors exceeding the number of online CPUs plus one. This resulted in a kernel warning when attempting to update the...
PT-2025-50139
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the AddressesTo parameter of the ''/Mondo/lang/sys/Forms/AddressBook.aspx'' endpoint. The AddressesTo value...
PT-2025-47041
Name of the Vulnerable Software and Affected Versions All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic versions prior to 4.8.10 Description The All in One SEO plugin for WordPress has a flaw that allows unauthorized deletion of media attachments. The issue stems from ...
PT-2025-46861
MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue...
PT-2025-44487
Name of the Vulnerable Software and Affected Versions Nagios Fusion versions prior to 4.2.0 Description Nagios Fusion versions prior to 4.2.0 have a reflected cross-site scripting XSS issue in the license key configuration process. This allows an attacker to execute scripts in a user's browser by...
PT-2025-41408
Name of the Vulnerable Software and Affected Versions Juniper Security Director versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation issue exists in Juniper Security Director, allowing an attacker to inject malicious scripts into the application. The...
PT-2025-39631
Name of the Vulnerable Software and Affected Versions libucl versions up to 0.9.2 Description A flaw exists in the ucl include common function within the /src/ucl util.c file. This can lead to a heap-based buffer overflow. Local access is needed for exploitation. The exploit details have been...
PT-2025-44111
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to insufficient input validation in the NFC Near Field Communication subsystem. Specifically, the nci init req function had limited validation,...
PT-2025-39261
Name of the Vulnerable Software and Affected Versions NVIDIA Megatron-LM affected versions not specified Description The software contains a flaw in the tasks/orqa/unsupervised/nq.py component that could allow an attacker to inject code. Exploitation of this issue may result in code execution,...
PT-2025-44117
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the Squashfs file system related to uninitialized values in the squashfs get parent function. This issue arises when open by handle at is invoked...
PT-2025-38510
Name of the Vulnerable Software and Affected Versions Service Finder SMS System plugin for WordPress versions prior to 2.1.0 Description The Service Finder SMS System plugin for WordPress does not verify a user's phone number before logging them in, leading to authentication bypass. This allows...
PT-2025-36731
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An open database issue exists due to an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and...
PT-2025-36458
Name of the Vulnerable Software and Affected Versions: WebWork affected versions not specified Description: A Reflected Cross-Site Scripting XSS issue exists in WebWork, potentially enabling remote attackers to execute arbitrary code. The vulnerability is triggered through the q and engine reques...
PT-2025-33675 · Genealogy · Genealogy
Name of the Vulnerable Software and Affected Versions: Genealogy versions prior to 4.4.0 Description: Genealogy is a family tree PHP application susceptible to an authenticated reflected cross-site scripting XSS issue. An attacker with valid credentials can execute arbitrary JavaScript code withi...
PT-2025-32605 · Sap · Sap Gui For Windows
Name of the Vulnerable Software and Affected Versions: SAP GUI for Windows affected versions not specified Description: SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. A successful attack requires developer authorization in a...
PT-2025-32406 · Unknown · Simple Web Server
Name of the Vulnerable Software and Affected Versions: Simple Web Server version 2.2 rc2 Description: Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, th...
PT-2025-32410
Name of the Vulnerable Software and Affected Versions 7-Zip versions prior to 25.01 Description An issue exists in 7-Zip where symbolic links are not always properly handled during the extraction of archives. This flaw allows a remote attacker to use a specially crafted archive to perform arbitra...
PT-2025-31150
Name of the Vulnerable Software and Affected Versions copyparty versions up to and including 1.18.4 Description copyparty is a portable file server susceptible to cross-site scripting XSS. An unauthenticated attacker can execute arbitrary JavaScript code in a victim’s browser due to improper...
PT-2025-30486
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 140.1 Description Setting a nameless cookie with an equals sign in the value shadowed other cookies. This occurre...