PT-2026-46496

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description A use after free issue exists in SurfaceCapture. A remote attacker who has compromised the renderer process can potentially perform a sandbox escape by using a crafted HTML...

PT-2026-46882

Summary This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ...

PT-2026-46205

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

PT-2026-46376

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

PT-2026-46850

Summary There is a Proof of Concept which is able to enumerate the usernames of administrator users. This was possible by performing a timing attack. Details The faulty code exists in src/Core/Framework/Api/OAuth/UserRepository.php: public function getUserEntityByUserCredentials string $username,...

PT-2026-46336

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

PT-2026-46373

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

PT-2026-46379

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

PT-2026-46374

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

PT-2026-46134

Name of the Vulnerable Software and Affected Versions BOSH versions prior to 282.1.9 Description An issue in BOSH allows a local attacker to perform Man-in-the-Middle MITM attacks to steal Basic-auth credentials or redirect UAA token requests. This occurs because the create async endpoint and sen...

PT-2026-46787

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46822

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in WebView allows a remote attacker to perform privilege escalation through the use of a crafted HTML page. Recommendations Update to version...

PT-2026-46513

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in the Accessibility component allows a remote attacker to perform UI spoofing via a crafted HTML page. UI spoofing is a technique where an...

PT-2026-46641

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.53 Description A use after free issue exists in Device Trust. A remote attacker who has compromised the renderer process can potentially perform a sandbox escape by using a crafted HTML page. U...

PT-2026-46602

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.53 Description A use after free issue in WebRTC allows a remote attacker to execute arbitrary code through a specially crafted HTML page. Use after free is a memory corruption flaw that occur...

PT-2026-46843

Summary app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byte...

PT-2026-46646

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in the GPU allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML...

PT-2026-46396

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This...

PT-2026-45943

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

PT-2026-46116

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.7 Description The 'DomainZones.add' API endpoint fails to sanitize newline characters within TXT record content. An authenticated customer with DNS editing permissions can inject newlines into TXT record values,...

PT-2026-45941

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat x0b, x0c, x1c, x1d, x1e, or x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

PT-2026-45918

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

PT-2026-46101

Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...

PT-2026-46048

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP using the Fetch API. This represents an inconsistent implementation of Transport...

PT-2026-45903

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

PT-2026-45925

A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root...

PT-2026-46066

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description An issue allows Boot Script Injection of an iPXE script, which is a network boot firmware used to boot computers from a network. This occurs if an attacker is able to set the node.driver in...

PT-2026-46084

Impact The LaTeX backend's handling of includegraphics, input, and include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences e.g., ../../../etc/passwd to: - Read arbitrary files from the file system accessible to the process...

PT-2026-46069

Name of the Vulnerable Software and Affected Versions Active IQ OneCollect version 2.7.3 Description Hard-coded credentials exist within the software, which could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. Recommendations At the moment, the...

PT-2026-46105

Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity XXE attacks to read local files or cause denial of service - Decompression bombs zip bombs to exhaust memory and disk space - Unbounded archive extraction...

PT-2026-46115

Name of the Vulnerable Software and Affected Versions quic-go affected versions not specified Description An attacker can trigger excessive memory allocation in the HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame. This frame decodes into a large trailer field...

PT-2026-46107

USN-8363-1 fixed several vulnerabilities in MySQL. This update provides the corresponding fixes for MySQL on Ubuntu 20.04 LTS. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been...

PT-2026-46070

Name of the Vulnerable Software and Affected Versions SGLang versions prior to 0.5.12 Description A flaw exists in the data hash function of the Cache Handler component. This issue allows for a denial of service through manipulation, although the attack is restricted to local execution and requir...

PT-2026-46100

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

PT-2026-46103

Impact In versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An...

PT-2026-45897

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible...

PT-2026-46010

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 "clk: divider: remove round rate in favor of determine rate" determining GFX3D clock rate crashes, because the passed parent map doesn't provide the...

PT-2026-46091

Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. Details The server interpolates...

PT-2026-46056

Name of the Vulnerable Software and Affected Versions mlrun versions prior to 1.12.0-rc3 Description The DataFrame Hash Handler component contains an issue in the calculate dataframe hash function within the mlrun/utils/helpers.py file. This allows for the use of a weak hash, which can be...

PT-2026-46114

This module provides spam protection using the CleanTalk cloud service. The module doesn't sufficiently sanitize API response messages before rendering them in HTML output. The cleantalk die and ct die functions output the CleanTalk API response message directly into HTML without proper...

PT-2026-46113

The module doesn't sufficiently sanitize customer comments in the order receipt email template; this could be exploited to achieve Cross-site Scripting XSS. This vulnerability is mitigated by the fact that it only affects installations with Checkout commerce checkout enabled, and the "Comments"...

PT-2026-46030

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF condition exists in the Linux kernel's NFC HCI SHDLC implementation. The function llc shdlc deinit purges SHDLC skb queues and frees the llc shdlc structure while...

PT-2026-46022

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real parent in do task stat When reading /proc/pid/stat, do task stat accesses task-real parent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- do task stat v...

PT-2026-46000

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

PT-2026-46036

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Certain physical adapters on Power systems fail to support segmentation offload when the Maximum Segment Size MSS is less than 224 bytes. When the hardware attempts to perform segmentati...

PT-2026-45946

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trust remote code parameter, intended to prevent remote code execution, ...

PT-2026-46062

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The Redirect module fails to validate the URL scheme of destination URLs configured by administrators before they are stored or issued. This allows the configuration of arbitrary external URLs as...

PT-2026-46023

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6 add rt2node. syzbot reported out-of-bound read in fib6 add rt2node. 0 When IPv6 route is created with RTA NH ID, struct fib6 info does not have the trailing struct fib6 nh. The cited commit...

PT-2026-45960

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

PT-2026-45948

Name of the Vulnerable Software and Affected Versions Django versions prior to 6.0.6 Django versions prior to 5.2.15 Description An issue exists in django.core.mail.backends.smtp.EmailBackend where the system fails to prevent the reuse of a partially-initialized connection following a failed...