175406 matches found
PT-2026-43582
Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 Description The IPSpeaker component contains insufficiently protected credentials. This allows remote authenticated users wi...
PT-2026-43756
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcp rcvbuf grow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcp rcvbuf...
PT-2026-43810
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the erofs component where compressed folios for ztailpacking pclusters are not validated before being added to I/O chains. This can lead to a NULL pointer dereference...
PT-2026-43665
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through 4.08.253...
PT-2026-43654
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
PT-2026-43710
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv 10 scripter.ino, fetch jpg, jpg task.boundary40, strcpy function...
PT-2026-43707
Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skk set.cgi endpoint. The password and new pwd confirm POST parameters are passed directly to the underlying OS shell without sanitization. An attacker can inject arbitrary shell commands by...
PT-2026-43805
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the pm8916 lbc power supply component. The problem occurs because the devm variant for requesting an IRQ is used before the devm variant for allocating o...
PT-2026-43988
Name of the Vulnerable Software and Affected Versions IBM Aspera High-Speed Transfer Endpoint versions 3.7.4 through 4.4.7 Fix Pack 1 IBM Aspera High-Speed Transfer Server versions 3.7.4 through 4.4.7 Fix Pack 1 Description A buffer overflow exists in the asperahttpd component. This issue allows ...
PT-2026-43684
Name of the Vulnerable Software and Affected Versions IBM Operations Analytics - Log Analysis versions 1.3.5.0 through 1.3.5.3 IBM Operations Analytics - Log Analysis versions 1.3.6.0 through 1.3.6.1 IBM Operations Analytics - Log Analysis versions 1.3.7.0 through 1.3.7.2 IBM Operations Analytics...
PT-2026-47219
Unknown description...
PT-2026-44068
Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.8 through 18.10.6 GitLab EE versions 18.11 through 18.11.3 GitLab EE versions 19.0 through 19.0.0 Description An issue exists where improper user identity resolution when triggering Duo AI workflow runners could allow an...
PT-2026-43612
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
PT-2026-43622
Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...
PT-2026-43562
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...
PT-2026-43611
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices configuration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
PT-2026-43573
The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capability type or capability...
PT-2026-43747
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the PCI/P2PDMA component where the p2pmem alloc mmap function fails to invoke percpu ref put to release the per-CPU reference of pgmap acquired after gen pool alloc...
PT-2026-43526
The Listen Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'listen' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes src, start, end in the listenEmbedJS function,...
PT-2026-43728
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-use-after-free issue exists in the gfs2 component. During filesystem shutdown, quota data objects were freed synchronously without being removed from the Least Recently Used LRU...
PT-2026-43711
An issue in fetch jpg in xdrv 10 scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16 t variable; values above 65535 wrap around, causing allocation of a smaller buffer than the data actually...
PT-2026-43664
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ludwig You QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly: from n...
PT-2026-43955
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server - Liberty versions 19.0.0.7 through 26.0.0.5 IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 WebSphere Application Server Liberty affected versions not specified...
PT-2026-43566
Name of the Vulnerable Software and Affected Versions BOSH Director versions prior to v282.1.12 Description When the director sends a long-running request, such as compile package, the agent's reply JSON is processed by AgentClient. The functions inject compile log and format exception read the...
PT-2026-43997
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...
PT-2026-43975
Name of the Vulnerable Software and Affected Versions IBM Controller versions 11.0.1 through 11.1.2 Description IBM Controller contains hard-coded credentials, such as passwords or cryptographic keys. These credentials are used for inbound authentication, outbound communication to external...
PT-2026-43476
Name of the Vulnerable Software and Affected Versions OpenStack Swift versions 2.36.0 through 2.36.1 OpenStack Swift versions 2.37.0 through 2.37.1 Description The s3api middleware contains a flaw where the StreamingInput class enters an infinite loop when processing a truncated aws-chunked PUT...
PT-2026-44602
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after free is...
PT-2026-44642
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in Aura allows a remote attacker to execute arbitrary code via a crafted HTML page, provided they can convince a user to perform specific UI gestures. Use after...
PT-2026-44606
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in the Document Object Model DOM allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free...
PT-2026-44662
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in the TabStrip component. A remote attacker can exploit heap corruption by convincing a user to perform specific UI gestures while interacting with a...
PT-2026-44675
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds write in the GPU allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique used to break out of a...
PT-2026-44666
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in PDFium allows a remote attacker to potentially exploit heap corruption through a crafted PDF file. Use after free occurs when an application continues to use ...
PT-2026-44622
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An inappropriate implementation in ANGLE Almost Native Graphics Layer Engine, an abstraction layer that allows OpenGL ES calls to be translated to other graphics APIs allows a remote...
PT-2026-44624
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A heap buffer overflow exists in ANGLE. This issue allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a speciall...
PT-2026-44563
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in the Scalable Vector Graphics SVG component, which is an XML-based format for describing two-dimensional graphics. This flaw allows a remote attacker to...
PT-2026-44643
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An uninitialized use in ANGLE Almost Native Graphics Layer Engine, a compatibility layer between OpenGL ES and native graphics APIs, allows a remote attacker to leak cross-origin data...
PT-2026-44583
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in Dawn allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occurs whe...
PT-2026-44560
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in the Passwords component allows a remote attacker to perform UI spoofing by using a crafted HTML page. Recommendations Update to version...
PT-2026-44631
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in Skia allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free occurs when an application continues to use a...
PT-2026-44661
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds read occurs in ANGLE, which is a compatibility layer between OpenGL ES and other graphics APIs. This issue allows a remote attacker to obtain potentially sensitive...
PT-2026-44705
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in the Input component. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a...
PT-2026-43841
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the btrfs component where the btrfs quota enable function may perform an invalid leaf access. This occurs when the btrfs search slot for read function returns 1,...
PT-2026-43790
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The catc probe function fills three USB Request Blocks URBs with hardcoded endpoint pipes without verifying the endpoint descriptors. Specifically, it uses usb sndbulkpipeusbdev, 1 and u...
PT-2026-43736
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the probe function where request irq is called before the power supply handle is allocated or registered. If an interrupt occurs between these two calls, the...
PT-2026-43738
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the TPM st33zp24 driver where the get burstcount function can return -EBUSY upon a timeout. In such instances, the st33zp24 send function returns immediately without...
PT-2026-43545
The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgrade jquery version function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...
PT-2026-43766
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 file system where a failure during the split extent process may cause the system to return an error immediately while some extents are still being processed...
PT-2026-43787
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 file system where a double decrement of the dirty clusters counter occurs during file system shutdown. This happens in the error path between the ext4 mb mark...
PT-2026-44108
Name of the Vulnerable Software and Affected Versions HCL BigFix Remote Control Server WebUI versions prior to 10.1.0.0443 Description A misconfigured Content Security Policy CSP, which is a security layer used to detect and mitigate certain types of attacks including Cross-Site Scripting XSS and...