184298 matches found
PT-2026-49803
Name of the Vulnerable Software and Affected Versions Keymint affected versions not specified Description A logic error in the code allows for a permission bypass. This issue can result in local information disclosure without requiring additional execution privileges or user interaction...
PT-2026-50053
Vulnerability in the Oracle HRMS UK product of Oracle E-Business Suite component: UK Payroll. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HRMS UK. Successful attacks of...
PT-2026-49874
Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 Oracle Fusion Middleware WebLogic Server versions 14.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. A low privileged attacker with network acces...
PT-2026-49834
we found two new critical vulnerabilities in SAIL, the image decoding library: - CVE-2026-54626 TGA decoder - CVE-2026-54627 PSD decoder both heap out-of-bounds writes CVSS 9.8. responsibly disclosed and now fixed, thanks to the quick reaction of the maintainers...
PT-2026-50010
Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Business Logic Infrastructure Security component of JD Edwards EnterpriseOne Tools. A low privileged attacker with network access via HTTP can...
PT-2026-49811
In Write of msg to host buffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-50041
Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Cost Management versions 12.2.3 through 12.2.15 Description An issue exists in the Cost Planning component of the Oracle Cost Management product. A high privileged attacker with network access via HTTP can exploi...
PT-2026-49819
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption may occur in the ParsePayloads function of AudioSdpParser.cpp due to type confusion, which is a situation where a program accesses a resource...
PT-2026-49752
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...
PT-2026-50180
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description The Compression node's Decompress operation expands attacker-controlled archives into memory without enforcing limits on the decompressed output size. An unauthenticated attacker can send a small...
PT-2026-49797
In lwis io buffer write of lwis io buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
PT-2026-50001
Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite iSupplier Portal versions 12.2.3 through 12.2.15 Description An issue exists in the Home Page component of the Oracle iSupplier Portal. A low privileged attacker with network access via HTTPS can compromise the system,...
PT-2026-49941
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue in the Content Server component of Oracle Fusion Middleware allows a low privileged attacker with network access via HTTP to compromise the system. The attack requires human...
PT-2026-50080
Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...
PT-2026-49957
Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise CS Student Financials version 9.2.38 Description An issue in the PeopleSoft Enterprise CS Student Financials product allows a low privileged attacker with network access via HTTP to compromise the system. Successful...
PT-2026-49858
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture version 12.2.1.4.0 Oracle WebCenter Enterprise Capture version 14.1.2.0.0 Description A flaw in the Client Bundle component allows a low privileged attacker with network access via T3 and IIOP protocols to...
PT-2026-49962
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Target Management component of the Oracle Enterprise Manager Base Platform. A low privileged attacker...
PT-2026-49945
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
PT-2026-50066
Vulnerability in the Oracle Public Sector Financials International product of Oracle E-Business Suite component: Authorization. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracl...
PT-2026-49963
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Metadata Plugin component of the Oracle Enterprise Manager Base Platform. A low privileged attacker wi...
PT-2026-50051
Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Quality versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Quality product. A low privileged attacker with network access via HTTP can exploit this flaw...
PT-2026-50110
Unauthenticated PHP Object Injection in Laurits = 1.5.1 versions...
PT-2026-50031
Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Receivables versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of Oracle Receivables. An unauthenticated attacker with network access via SOAP Simple Object Access...
PT-2026-49900
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. An unauthenticated...
PT-2026-49837
Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Oracle Fusion Middleware WebLogic Server versions 15.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. A low privileged attacker with network acces...
PT-2026-50172
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description A prototype pollution issue allows a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. Prototype polluti...
PT-2026-49777
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description A sender policy bypass exists in BlueBubbles where participants can match allowlist entries using conversation metadata instead of a stable sender identity. Attackers capable of influencing...
PT-2026-49925
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Generic Unix Connector. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
PT-2026-50112
Unauthenticated PHP Object Injection in Ashtanga = 1.2 versions...
PT-2026-50101
Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...
PT-2026-49857
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture version 12.2.1.4.0 Oracle WebCenter Enterprise Capture version 14.1.2.0.0 Description A flaw in the Client Bundle component of Oracle WebCenter Enterprise Capture allows a low privileged attacker with networ...
PT-2026-49899
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description An issue exists in the Composer component of the Oracle WebCenter Portal product of Oracle Fusion Middleware. A low privileged attacker with...
PT-2026-49934
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
PT-2026-49977
Name of the Vulnerable Software and Affected Versions MySQL Shell versions 8.4.0 through 8.4.9 MySQL Shell versions 9.0.0 through 9.7.0 Description An issue exists in the Shell: Dump and Load component of Oracle MySQL. An unauthenticated attacker with network access via multiple protocols can...
PT-2026-49804
In mfc core get dec metadata sei nal of mfc core reg api.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-50061
Name of the Vulnerable Software and Affected Versions Oracle Project Portfolio Analysis versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Project Portfolio Analysis product within Oracle E-Business Suite. A low privileged attacker with...
PT-2026-49863
Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Oracle Fusion Middleware WebLogic Server versions 15.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. A high privileged attacker with network acce...
PT-2026-49647
Unauthenticated Cross Site Scripting XSS in Pods = 3.3.8 versions...
PT-2026-49764
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description Insufficient scope validation in the Active Memory write scope allows Gateway operators with operator.write access to modify global configuration. This privilege escalation enables users to apply...
PT-2026-49657
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes DoS. All versions are believed to be vulnerable. This project is unmaintained at...
PT-2026-49613
The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get submission content AJAX endpoint lacking a capability check to verify that a user has permission to access the requested form submission data. This makes it...
PT-2026-49668
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Firefox ESR versions prior to 140.12 Firefox ESR versions prior to 115.37 Thunderbird versions prior to 152 Thunderbird versions prior to 140.12 Description JIT miscompilation occurs in the DOM: Core & HTML...
PT-2026-49559
If the HTML you give it contains a element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly skips over the shadow contents. Whatever the attacker put in there - an image with an onerror handler, a link with a javascript: URL, even a full script -...
PT-2026-49243
Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions prior to 6.1 Mattermost Desktop App version 5.5.13.0 Description The application fails to properly handle attempts to open extremely long URLs. A malicious server owner can cause the application to crash by...
PT-2026-49209
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...
PT-2026-49409
Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...
PT-2026-49368
Name of the Vulnerable Software and Affected Versions WooCommerce Product Table Lite versions prior to 4.6.4 Description Unauthenticated stored Cross Site Scripting XSS, a flaw that allows an attacker to inject malicious scripts into web pages viewed by other users, exists in the software...
PT-2026-49182
Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U version 108.86.0.118 Description Command injection is possible in the Web FastCGI Service via the mod webd.TFTPUploadIperf function within the '/api/inner/tftpuploadiperf' endpoint. This occurs when the ip/port argument is...
PT-2026-49221
WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...
PT-2026-49201
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...