175406 matches found
PT-2026-44018
Name of the Vulnerable Software and Affected Versions Jenkins GitHub Integration Plugin versions prior to 0.7.4 Description A cross-site request forgery CSRF flaw allows attackers to trigger a build for a pull request. CSRF is a type of attack that tricks a victim into submitting a malicious...
PT-2026-43519
The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kinetic link' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', a...
PT-2026-44152
Name of the Vulnerable Software and Affected Versions Automad versions 2.0.0-alpha.1 through 2.0.0-beta.27 Description A broken access control issue allows an unauthenticated attacker to retrieve the bcrypt password hashes of all administrator accounts via a single POST request. The setup endpoin...
PT-2026-43435
A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel list.php. Performing a manipulation of the argument s results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public...
PT-2026-43763
In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting nregions The regions array is counted by nregions, but it's set only after accessing it: UBSAN: array-index-out-of-bounds in drivers/mtd/devices/mtd intel dg.c:750:15 index 0 is...
PT-2026-44013
Name of the Vulnerable Software and Affected Versions Jenkins Email Extension Plugin versions prior to 1933.v45cec755423f Description The plugin allows inlining images as base64 in email content by setting the data-inline attribute. Because there are no restrictions on the image URLs that can be...
PT-2026-43819
In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-fr...
PT-2026-43838
In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller than KMALLOC MAX CACHE SIZE Allowing larger sizes opens the door for abuse by passing excessive size values and forcing the kernel into...
PT-2026-45979
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/ internal/container/frontend/dockerfile/templates/base v2.j2 interpolates docker.base image raw with no escaping, newline filtering, or validation. A malicious...
PT-2026-43999
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, call user func array in function job type...
PT-2026-43702
@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smart enumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js chi...
PT-2026-43741
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the Linux kernel during the probe process. If the fsl,refclk-pad-mode property is not defined in the devicetree node, the refclk pad pointer is set t...
PT-2026-43695
Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description A denial of service can occur when autonomous transactions are enabled. This is triggered by the execution of a specially crafted query. Recommendations ...
PT-2026-43978
Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description An issue exists where the system may run out of memory when executing specific queries involving MDC Multi-Dimensional Clustering tables, which is a...
PT-2026-43798
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommu sva unbind device Some tests trigger a crash in iommu sva unbind device due to accessing iommu mm after the associated mm structure has been freed. Fix this by taking an explicit...
PT-2026-43822
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the md/md-llbitmap component where the llbitmap suspend timeout function returns -ETIMEDOUT upon timing out while waiting for percpu ref to reach zero, without...
PT-2026-43596
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...
PT-2026-43705
Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying...
PT-2026-43682
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in Keycloak, an open-source identity and access management solution, allows a remote attacker to manipulate the authentication process by crafting a special web address. This occurs...
PT-2026-43788
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the mtd parser tplink safeloader parse function. The function allocates a buffer buf using mtd parser tplink safeloader read table. If the allocation for...
PT-2026-43580
Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 Description The Export Key functionality contains a flaw that allows the cleartext transmission of sensitive information. Th...
PT-2026-43496
The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress customizer notify dismiss action AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-...
PT-2026-43846
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: clean up the amdgpu cs parser bos In low memory conditions, kmalloc can fail. In such conditions unlock the mutex for a clean exit. We do not need to amdgpu bo list put as it's been handled in the amdgpu cs parser fin...
PT-2026-43434
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.22 Description A server-side request forgery SSRF issue exists where an unauthenticated attacker can send crafted requests to internal services due to insufficient input validation in an upload...
PT-2026-43771
Name of the Vulnerable Software and Affected Versions Linux kernel version 6.18.0-rc3 Description An issue in the Enhanced Error Handling EEH driver for powerpc leads to recursive locking. The function eeh handle normal event acquires the pci lock rescan remove lock before calling eeh pe bus get,...
PT-2026-44640
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in ANGLE on Windows. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a...
PT-2026-44599
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in XR Extended Reality allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the us...
PT-2026-44568
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after free is...
PT-2026-44573
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds read in Headless allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through the use of a crafted HTML page. An o...
PT-2026-44686
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in Glic allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory corruption fla...
PT-2026-44683
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds read and write issue exists in ANGLE. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a...
PT-2026-44650
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An uninitialized use in ANGLE Almost Native Graphics Layer Engine allows a remote attacker who has already compromised the renderer process to bypass site isolation by using a speciall...
PT-2026-44575
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An integer overflow in ANGLE allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version 148.0.7778.216 or later...
PT-2026-44562
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A race condition in WebAudio allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. Recommendations Update to version 148.0.7778.21...
PT-2026-44692
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in the UI component on Windows allows a remote attacker to execute arbitrary code when a user opens a specially crafted HTML page. Use after free is a memory...
PT-2026-44673
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds write occurs in ANGLE, which is a compatibility layer between OpenGL ES and other graphics APIs. This issue allows a remote attacker to potentially exploit heap...
PT-2026-44653
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in the Media component allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory...
PT-2026-43703
picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...
PT-2026-44608
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in ANGLE. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially...
PT-2026-43486
Name of the Vulnerable Software and Affected Versions IO::Uncompress::Unzip versions prior to 2.220 Description An issue in the fastForward function allows CPU exhaustion. The function compares the length of the $offset variable the digit count of the offset, ranging from 1 to 19 against the chun...
PT-2026-43714
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the networking subsystem where the use of WARN ON ONCE when accessing the forward path array could be triggered. The introduction of support for IPIP tunnels a method ...
PT-2026-43455
Summary The IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core do not enforce the required SystemPrivilege.ControlAccess check. As a result, any authenticated user even those with low or no privileges can enumerate all user accounts in the system, including their...
PT-2026-44162
Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...
PT-2026-43630
Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...
PT-2026-44155
TL;DR This vulnerability affects all Kirby sites that allow the use of the link: … KirbyTag, the link: parameter of the image: … KirbyTag, the built-in image block with a link or the HTML importer for blocks, when content is authored by users who may not be fully trusted. The attack requires an...
PT-2026-44143
Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trusted hosts setting is not configured the default. An attacker who controls any other application registered with the same CAS serve...
PT-2026-44150
Description SymfonyComponentYamlParser::cleanup strips the optional %YAML directive header, leading comments, and document start/end markers before parsing. The original regexes contained overlapping quantifiers, most notably '^%YAML: d.+. u', whose d.+ and . overlap on the dot, that exhibit...
PT-2026-44134
Description Symfony routes can declare a requirements regex per path parameter, e.g. a route / locale/blog with requirements: locale: 'en|fr|de' . The Twig path / url helpers backed by UrlGenerator validate supplied parameter values against that regex before building the URL. UrlGenerator...
PT-2026-44136
Description SymfonyComponentMimeAddress is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...
PT-2026-44170
Found a vulnerability and got a CVE assigned CVE-2026-48747 The flaw is a Signature Algorithm Downgrade in the mailomat-mailer component, allowing an attacker to achieve complete Signature Forgery. https://t.co/NfV1wHdO9w CVE Symfony AppSec BugBounty...