184382 matches found
PT-2026-51737
The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in get directory by hash that allows any post to be used as a member directo...
PT-2026-51786
The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before...
PT-2026-51812
Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...
PT-2026-51800
A cross-site request forgery CSRF vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b 84449 and earlier allows attackers to overwrite the global job priority configuration...
PT-2026-51803
An incorrect permission check in Jenkins Gitee Plugin 1288.v18b deb c9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...
PT-2026-51808
A cross-site request forgery CSRF vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key...
PT-2026-51811
Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...
PT-2026-52143
Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description An authentication bypass issue exists within the 'viewclient' webpage due to improper validation of user-supplied data. This allows remote attackers to inject arbitrary scripts,...
PT-2026-51802
A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18b deb c9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...
PT-2026-52124
Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue in the restoreDB function allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM. This occurs due to insufficient validation of a user-supplied...
PT-2026-51778
Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limited to orgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, image url, role, and is tmp...
PT-2026-51981
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the bcmgenet network driver where free bds buffer descriptors are leaked. During the reclamation of the tx queue, the write pointer is fast-forwarded to drop data in...
PT-2026-52087
Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw exists in the safepath package used by virt-handler. The OpenAtNoFollow function utilizes O PATH|O NOFOLLOW to obtain a file descriptor for a path leaf; however, subsequent operations...
PT-2026-52088
Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw exists in the KubeVirt virt-handler domain notify server. The gRPC handlers HandleDomainEvent and HandleK8SEvent determine the VMI identity namespace/name based only on the request...
PT-2026-51654
Name of the Vulnerable Software and Affected Versions GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default on UDP port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes a UDP message and performs an unsafe...
PT-2026-51656
Name of the Vulnerable Software and Affected Versions GeoVision GV-VMS V20 version 20.0.2 Description Memory corruption occurs within the GV-Cloud functionality. A remote attacker can trigger a denial of service by sending a specially crafted network request while impersonating the legitimate...
PT-2026-55714
Root has patched GHSA-cj63-jhhr-wcxv in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
PT-2026-51905
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the advance sched function within the taprio component. When should change schedules returns true, the switch schedules function is called to promote the...
PT-2026-51661
Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description OS command injection flaws exist in the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending a specially...
PT-2026-51889
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where the functions rds for each conn info and rds walk conn path info pass a caller-allocated on-stack u64 buffer to a per-connection visitor. The...
PT-2026-51826
Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the frappe.get avatar function during image rendering. Stored XSS is a type of...
PT-2026-52034
Name of the Vulnerable Software and Affected Versions Warp versions 0.2021.04.25.23.05.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp accepts state-mutating terminal lifecycle hooks from the PTY Pseudo-Terminal stream without verifying if the hooks were emitted by the shell...
PT-2026-51692
Name of the Vulnerable Software and Affected Versions WP Forms Connector versions prior to 1.9 Description The plugin contains an information exposure flaw via the REST route 'wp/v3/user/list/' which uses the userDetail function. The authentication mechanism only checks if the Username HTTP heade...
PT-2026-51612
Name of the Vulnerable Software and Affected Versions Style Dictionary versions 4.3.0 through 5.4.3 Description Style Dictionary contains a prototype pollution issue within the convertTokenData function. Prototype pollution occurs when an attacker manipulates the proto property of a JavaScript...
PT-2026-51894
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component of the Linux kernel, specifically within the Network Address Translation NAT subsystem. The issue stems from improper memory management when...
PT-2026-51837
Name of the Vulnerable Software and Affected Versions Feast versions prior to 0.63.0 Description An unsafe deserialization issue exists in the registry server that allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a crafted gRPC request, an attacker can...
PT-2026-52151
Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDashboard JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from insufficien...
PT-2026-51945
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A CBB Control Backbone timeout occurs in the tegra194 PCI implementation when PERST is deasserted twice. This issue arises because the functions pci epc deinit notify and dw pcie ep...
PT-2026-51831
Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the MultiSelectDialog component. Stored XSS is a type of vulnerability where a...
PT-2026-51814
Name of the Vulnerable Software and Affected Versions Jenkins Assembla Plugin versions prior to 1.5 Description A missing permission check allows users with Overall/Read permission to force the system to connect to an arbitrary URL using a specified username and password. Recommendations Update...
PT-2026-51649
Name of the Vulnerable Software and Affected Versions Xpro Addons — 140+ Widgets for Elementor versions prior to 1.7.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with author-level access and above can inject...
PT-2026-51829
Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the File View breadcrumb renderer. Stored XSS is a type of vulnerability where a...
PT-2026-51685
Name of the Vulnerable Software and Affected Versions RentMy Real-Time Rental Management Plugin versions prior to 4.0.4.2 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attacke...
PT-2026-52045
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the FileSystem component. This flaw allows a remote attacker to potentially exploit heap corruption, which occurs when a program continues to use a...
PT-2026-52049
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue in Blink allows a remote attacker to execute arbitrary code within a sandbox by inducing the victim to open a specially crafted HTML page. Use after free is a...
PT-2026-52053
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Bluetooth component on Mac. This occurs when the system continues to use a memory location after it has been freed, which can be triggered by a...
PT-2026-51832
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...
PT-2026-51694
Name of the Vulnerable Software and Affected Versions 24liveblog versions prior to 2.3 Description The 24liveblog plugin for WordPress allows authenticated users with contributor-level access or higher to extract sensitive third-party account credentials. The issue occurs because the lb24 block...
PT-2026-51810
A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb 2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...
PT-2026-52123
Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description A directory traversal flaw exists in the writeFileToHttpServletResponse function. The issue is caused by insufficient validation of a user-supplied path before it is used in file...
PT-2026-51978
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lock ordering problem exists in the BPF subsystem when using the task vma iterator. Holding the per-VMA lock across the BPF program body can lead to a deadlock when helpers attempt to...
PT-2026-51912
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the f2fs file system where the kernel may incorrectly initiate I/O to read pages that have already been updated during Garbage Collection GC. This occurs when a page i...
PT-2026-52031
Warp is an agentic development environment. From 0.2023.03.21.08.02.stable 00 until 0.2026.05.06.15.42.stable 01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...
PT-2026-51998
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the mt76 WiFi driver during device destruction. All MT76 rx queues possess an associated page pool, including those not linked to a NAPI, such as WED RRO queues...
PT-2026-51787
Name of the Vulnerable Software and Affected Versions Mailerup versions prior to 1.0.0 Description An open redirect issue exists in the safe redirect function of the click-tracking endpoint '/c//'. Remote unauthenticated attackers can redirect users to arbitrary external sites to perform phishing...
PT-2026-52101
Name of the Vulnerable Software and Affected Versions Zephyr versions 4.1.0 through 4.4.0 Description The PL011 UART driver in drivers/serial/uart pl011.c contains an unbounded software loop within the pl011 irq tx enable function. This loop repeatedly invokes the interrupt-driven application...
PT-2026-51942
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs during the unmount process in the gfs2 file system. When flushing outstanding glock work, the function gfs2 log flush may be called after sdp-sd jdesc h...
PT-2026-51902
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the ice free tx tstamp ring and ice tx map functions. The ice free tx tstamp ring function clears the ICE TX FLAGS TXTIME flag after setting the tstamp ri...
PT-2026-51881
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free flaw exists in the drm/amdgpu component within the userq validate function. The issue occurs when amdgpu userq vm validate calls the drm exec fini function on an execution...
PT-2026-51858
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The USB MIDI 2.0 endpoint parser in the ALSA usb-audio component fails to validate bLength against the remaining bytes in the endpoint-extra scan before reading baAssoGrpTrmBlkID. This...