184269 matches found
PT-2026-50827
Name of the Vulnerable Software and Affected Versions User Admin Simplifier versions prior to 3.0.1 Description The User Admin Simplifier plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a type of attack where an unauthorized user tricks a victim into performing actions they di...
PT-2026-50970
Summary The agent sandbox gates shell commands behind an allowlist SandboxPolicy.isCommandAllowed, which THREAT MODEL.md calls the main control against a compromised agent Adversary 3.2. The allowlist glob-matches the whole command string, but ShellExecutor runs that string through /bin/sh -c. So...
PT-2026-50929
Name of the Vulnerable Software and Affected Versions Joomla NextGen Editor version 2.1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL commands. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com nge and...
PT-2026-50936
Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com osdownloads&view=item&id=SQL to extract...
PT-2026-50901
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description Insecure default credentials exist when TLS configuration is absent and the server is bound beyond the loopback interface. This allows an unauthenticated user on the local network to gain...
PT-2026-50892
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description A memory leak exists in the BeginSidebandStream function, which can lead to a denial of service condition caused by memory exhaustion. Recommendations Update to a version later than 2.17.0. A...
PT-2026-50939
Name of the Vulnerable Software and Affected Versions Joomla! Component Ajax Quiz version 1.8 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the cid parameter. Attackers can send GET requests to...
PT-2026-50917
Name of the Vulnerable Software and Affected Versions Realtek Audio Service version 1.0.0.55 Description An unquoted service path issue exists in RtkAudioService64.exe. This allows local attackers to escalate privileges by placing malicious executable files in the unquoted service path directory,...
PT-2026-50894
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description An open redirect issue exists where an attacker can manipulate client headers, specifically the Host header in the cas-auth plugin, to influence the CAS service URL. This can lead to the...
PT-2026-51017
Name of the Vulnerable Software and Affected Versions ProxySQL versions 3.0.0 through 3.0.8 Description The GenAI/MCP run sql readonly tool violates its read-only contract for MySQL targets. The tool validates input using a substring blacklist and a first-keyword allowlist, but executes the SQL...
PT-2026-50968
Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack buffer overflow occurs in the '/goform/AdvSetMacMtuWan' endpoint through the mac parameter. A stack buffer overflow is a condition where a program writes more data to a buffer located on the...
PT-2026-50995
Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. This is achieved by submitting POST requests to the...
PT-2026-50831
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where the software lacks handler call depth tracking for calls to the XML ResumeParser function when called from within handlers during a policy violation. This can lead to a...
PT-2026-51048
Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description A maliciously crafted image can cause a Denial of...
PT-2026-50677
Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agent id value into outgoing gRPC metadata. The server correct...
PT-2026-50709
Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.468 Description An issue exists in the unauthenticated 'POST /api/onboarding/oauth/start' endpoint that allows for unbounded accumulation of in-memory flow state and daemon threads. This can lead to resource...
PT-2026-50735
Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 3.0.4 through 3.0.6 http-proxy-middleware versions prior to 4.1.1 Description An issue exists in the fixRequestBody helper function when the outgoing Content-Type is set to multipart/form-data. The function uses...
PT-2026-50803
Name of the Vulnerable Software and Affected Versions Chef 360 versions prior to 1.7.1 Description Improper handling of URL-encoded paths during request processing can allow unauthorized access to protected API endpoints. An authenticated request may bypass standard access controls to gain...
PT-2026-50620
Name of the Vulnerable Software and Affected Versions Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress versions prior to 1.3.13.2 Description Sensitive information exposure occurs via the get events function. This allows unauthenticated attackers to extra...
PT-2026-50649
The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...
PT-2026-50797
Name of the Vulnerable Software and Affected Versions Hashgraph Guardian versions prior to 3.5.0 commit ba8c566 Description A stored cross-site scripting issue exists where authenticated users with the STANDARD REGISTRY role can inject malicious scripts. This occurs by submitting a crafted...
PT-2026-50773
Истекает время жизни сертификата, которым заверен загрузчик для UEFI Secure Boot в дистрибутивах Linux Срок действия сертификата Microsoft, используемого для заверения загрузчика Shim в дистрибутивах Linux для UEFI Secure Boot, истекает в конце июня. Это событие не повлияет на загрузку существующ...
PT-2026-50821
Name of the Vulnerable Software and Affected Versions Apollo Pharmacy Blood Glucose Monitoring System APG-01 affected versions not specified Description An attacker within Bluetooth Low Energy BLE communication range can passively intercept wireless traffic to obtain sensitive health-related...
PT-2026-50784
Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description A symlink race condition exists in the creation of per-device and per-user pad directories. The software employs a check-then-act pattern, where it calls lstat to verify existence and subsequently...
PT-2026-50665
A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...
PT-2026-50713
Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.641 Description Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header. This behavior allows the bypass of additional multi-factor authentication MFA...
PT-2026-50799
Name of the Vulnerable Software and Affected Versions Cost Management Interactive Experiences affected versions not specified Description Exposure of sensitive information in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...
PT-2026-50699
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...
PT-2026-50739
Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.15.1 ZITADEL versions 3.0.0 through 3.4.11 Description A flaw in user lifecycle enforcement allows deleted users to retain their original organization or tenant association. When a user is deleted, the historic...
PT-2026-50255
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the edit posts...
PT-2026-50513
Name of the Vulnerable Software and Affected Versions undici versions 7.23.0 through 8.1.0 Description When using Socks5ProxyAgent, the software reuses a single connection pool across different origins without verifying if the pool's origin matches the requested origin. This leads to cross-origin...
PT-2026-50297
Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...
PT-2026-50395
Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...
PT-2026-50426
Cross-site request forgery CSRF in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection...
PT-2026-50237
A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server...
PT-2026-50266
Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...
PT-2026-50230
In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-50459
Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Cisco ISE-PIC affected versions not specified Description Improper authorization checks when accessing a resource could allow an unauthenticated, remote attacker to view sensitive information on an...
PT-2026-50394
Name of the Vulnerable Software and Affected Versions Zephyr versions 1.7 through 4.4.0 Description The Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser in subsys/bluetooth/host/classic/hfp hf.c contains an out-of-bounds write. During Service Level Connection setup, the Hands-Free ...
PT-2026-50204
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A race condition in the Safe Browsing component of Google Chrome on Mac allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escap...
PT-2026-50463
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description An improper neutralization of special elements used in an SQL command, known as SQL Injection, allows a low privileged attacker with adjacent network access to potentially caus...
PT-2026-50320
Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...
PT-2026-50329
Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...
PT-2026-50441
DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed accoun...
PT-2026-50330
Name of the Vulnerable Software and Affected Versions JetSmartFilters versions prior to 3.8.2 Description An unauthenticated SQL Injection allows an attacker to interfere with the queries that an application makes to its database. This occurs in the JetSmartFilters WordPress plugin. Recommendatio...
PT-2026-50249
Name of the Vulnerable Software and Affected Versions snes9x version 1.63 Description An out-of-bounds write occurs when loading a ROM alongside a crafted .ups patch file, which can lead to a denial of service and cause the emulator to crash. Recommendations At the moment, there is no information...
PT-2026-50369
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1...
PT-2026-50239
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in the transfer function of the PackageInstaller.Session class within frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java allows for a memory...
PT-2026-50247
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...
PT-2026-50568
Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Encryption versions 4.0.0 through 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where configuring the encrypt:rsa:algorithm variable with...