175406 matches found
PT-2026-44011
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...
PT-2026-44053
Name of the Vulnerable Software and Affected Versions FileRise versions prior to 3.12.0 Description FileRise is a self-hosted web-based file manager. The endpoint '/api/totp setup.php' can be accessed by a session that has only completed the password verification state pending login user. If the...
PT-2026-43499
Name of the Vulnerable Software and Affected Versions My Email Shortcode versions prior to 0.92 Description The plugin is subject to Stored Cross-Site Scripting, a flaw where malicious scripts are permanently stored on the target server. This occurs due to insufficient input sanitization and outp...
PT-2026-44088
pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny remote=false in pam usb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAM RHO...
PT-2026-43572
The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hb country iso', 'hb usa state iso', and 'hb canada province iso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-43731
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the fs/ntfs3 component where processing the valid range valid : pos can trigger an infinite loop if the retrieved valid value remains constant. This can lead to system...
PT-2026-43725
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 file system when allocating initialized blocks from a large unwritten extent or splitting an unwritten extent during end I/O. A potential for stale data occur...
PT-2026-43718
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The reserve unaccepted function incorrectly calculates the size of the memblock reservation for the unaccepted memory table. It aligns the table size but fails to account for instances...
PT-2026-43755
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the raid1 run function. This function calls setup conf, which registers a thread using md register thread. If the raid1 set limits function fails, the registered...
PT-2026-43749
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the pm8916 bms vm component. The problem occurs because the devm variant for requesting an IRQ is used before the devm variant for allocating or...
PT-2026-43740
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter component within the nft set rbtree function. The partial overlap detection logic for anonymous sets incorrectly skips checks on start elements due to an...
PT-2026-44081
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal...
PT-2026-44087
pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...
PT-2026-44748
CVE-2026-8680 - Apache HTTP Server Remote Code Execution CVE ID :CVE-2026-8680 Published : May 26, 2026, 11:16 p.m. | 54 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details, such as...
PT-2026-44073
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...
PT-2026-43587
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...
PT-2026-47161
Root has patched GHSA-q4gf-8mx6-v5v3 in the @rootio/next package for Root:npm. Multiple fixed versions available...
PT-2026-43670
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...
PT-2026-43637
Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Files Upload for WooCommerce: from n/a through =...
PT-2026-48582
Уязвимость обучающей платформы IQ SCHOOL связана с недостатками процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации...
PT-2026-43792
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference leak occurs in the thermal of cm lookup function. The tr np variable is obtained through of parse phandle but is not released, leading to a memory leak. Recommendations At th...
PT-2026-43813
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the ab8500 power supply driver. When the devm variant is used to request an IRQ before allocating or registering the power supply handle, the handle is...
PT-2026-43617
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability...
PT-2026-43653
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...
PT-2026-43722
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libata-scsi SAT implementation where non-NCQ Native Command Queuing commands can suffer from starvation. When a non-NCQ command is issued while NCQ commands are...
PT-2026-43794
In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpf map get info by fd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPF OBJ GET IN...
PT-2026-44020
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs or views...
PT-2026-43557
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
PT-2026-43514
The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes userid, albumid, authkey, imgmax,...
PT-2026-43660
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through = 2.1.18...
PT-2026-43602
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...
PT-2026-44045
Name of the Vulnerable Software and Affected Versions The Post Grid versions prior to 7.9.3 Description A missing authorization issue allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a version newer than 7.9.2...
PT-2026-43814
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the amdgpu acpi enumerate xcc function. When the amdgpu acpi dev init function returns a -ENOMEM error, the system returns immediately without releasing the...
PT-2026-43802
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-out-of-bounds read exists in the do action function during the 'DeleteIndexEntryRoot' case. The issue occurs because the entry size esize is retrieved from the log record without...
PT-2026-43850
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the nfsd component where certain operations, such as SETATTR, can trigger idmap lookup upcalls during v4 request compound argument decoding. If these upcall responses...
PT-2026-43811
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iommu/vt-d component where tearing down a context entry involves zeroing a 128-bit entry using multiple 64-bit writes. This process can create a window where...
PT-2026-43459
Summary The renderLimit option — documented in docs/source/tutorials/dos.md as the mechanism that "mitigates this by limiting the time consumed by each render call" — can be fully bypassed by a % for % or % tablerow % tag whose body is empty. The per-iteration time check is reached only when the...
PT-2026-43626
Summary Context.spawn in liquidjs creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value. The new context re-derives ownPropertyOnly from opts.ownPropertyOnly the instance-level option, silently discarding any...
PT-2026-44145
Name of the Vulnerable Software and Affected Versions symfony/monolog-bridge versions prior to 5.4.52 symfony/monolog-bridge versions prior to 6.4.40 symfony/monolog-bridge versions prior to 7.4.12 symfony/monolog-bridge versions prior to 8.0.12 symfony/symfony versions prior to 5.4.52...
PT-2026-44140
Description symfony/dom-crawler provides the Crawler class for navigating HTML/XML documents with CSS/XPath selectors; symfony/browser-kit's HttpBrowser uses it to parse fetched pages. Crawler::addXmlContent sets DOMDocument::$validateOnParse = true before calling loadXML. Setting validateOnParse...
PT-2026-43646
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a through = 1.13.19...
PT-2026-44128
Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.63.0 Description SQLChatAgent executes SQL produced by a Large Language Model LLM, which can be influenced by prompt injection. When configured with a database role possessing privileges for code execution or...
PT-2026-44689
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An inappropriate implementation in Skia allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update to...
PT-2026-44144
Description Symfony's IsGranted'...', IsSignatureValid, and IsCsrfTokenValid... attributes allow you to define a methods: ... argument to only enforce these checks for the listed HTTP methods and skip them otherwise. E.g. an attribute defining methods: 'GET' would be ignored for a HEAD request. O...
PT-2026-43487
Name of the Vulnerable Software and Affected Versions IO::Compress versions 2.207 through 2.219 Description The bundled zipdetails CLI tool crashes when processing an Info-ZIP Unix Extra Field tag 0x7875 where the UID Size or GID Size is set to 8. This occurs because the decode ux function trigge...
PT-2026-44123
Name of the Vulnerable Software and Affected Versions Toolbox affected versions not specified Description The software is susceptible to DNS rebinding attacks when using Server-Sent Events SSE under specification v2024-11-05. This occurs because the SSE initialization handler retains a hardcoded...
PT-2026-43865
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the rxrpc component. If the skb unshare function fails to unshare a packet due to an allocation failure within rxrpc input packet, the skb pointer in...
PT-2026-44084
pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc, xrealloc, and xstrdup using assertdata != NULL. The C standard specifies that all assert expressions are compiled out when NDEBUG is defined a...
PT-2026-43560
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountByID function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
PT-2026-43860
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the LoongArch architecture, the syscall number is directly controlled by userspace. The system lacks an array index nospec boundary, which is a mechanism used to prevent speculative...