184424 matches found
PT-2026-51677
Name of the Vulnerable Software and Affected Versions Welcome Software Publishing versions prior to 0.0.32 Description The plugin is subject to an Arbitrary Options Update issue caused by a missing capability check in the nc setOption function, which is exposed through the 'nc.setOption' XML-RPC...
PT-2026-52025
‼️ Erlang Plug: disponibile in rete PoC per lo sfruttamento della CVE-2026-54982 Rischio: 🟠 Tipologia: 🔸 Denial of Service 🔗 https://www.acn.gov.it/portale/w/rilevata-nuova-vulnerabilita-in-erlang-plug 🔄 Aggiornamenti disponibili 🔄...
PT-2026-51918
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the greybus raw component. If a user performs a write operation to the chardev after a disconnect has been initiated, the kernel may panic due to a NULL...
PT-2026-51985
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the handling of Generic Segmentation Offload GSO packet headers. The qdisc pkt len segs init function fails to properly pull headers into the expected memory location,...
PT-2026-51707
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the running payload length for queued fragments can be truncated during updates. This allows malformed fragment chains to bypass validation...
PT-2026-52097
Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Description The ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. While the LinkSpan component utilizes sanitizeUrl t...
PT-2026-52112
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description Lute's HTML sanitizer fails to remove elements. When combined with the permissive security configuration of the SiYuan Electron client, this allows an attacker to embed a malicious within a Bazaar...
PT-2026-52079
Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description When using Ruby versions older than 3.4, the PrivateAddressCheck.private address? function incorrectly returns false for...
PT-2026-51809
Name of the Vulnerable Software and Affected Versions Jenkins Contrast Continuous Application Security Plugin versions prior to 3.12 Description Missing permission checks allow users with Overall/Read permission to enumerate the names of configured Contrast metadata. Recommendations Update Jenkin...
PT-2026-51833
Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs in the Number Card component when user-controlled data is unsafely evaluated. This happens specifically within the filters config variable, where th...
PT-2026-51977
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-13195-g967e8def1100 Description An issue exists in the Linux kernel where the bpf fd array map clear function fails to yield the processor during its execution loop. For PROG ARRAY maps containing a large...
PT-2026-51672
Name of the Vulnerable Software and Affected Versions Kargo Takip versions prior to 1.3 Description The Kargo Takip plugin for WordPress contains a Server-Side Request Forgery SSRF issue. This allows unauthenticated attackers to initiate web requests to arbitrary locations from the web applicatio...
PT-2026-52177
Name of the Vulnerable Software and Affected Versions Tealium iQ Tag Management versions 0.0.0 through 2.4.0 Description Improperly controlled modification of dynamically-determined object attributes in the Tealium iQ Tag Management module allows for Object Injection. This occurs because the...
PT-2026-52168
Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description A missing authorization issue allows forceful browsing. Certain Drupal core actions exposed as agent tools lack...
PT-2026-52167
Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS. The module and...
PT-2026-52164
Name of the Vulnerable Software and Affected Versions Drupal Advanced Content Feedback versions 0.0.0 through 2.8.0 Description Stored Cross-site Scripting XSS occurs when the module fails to sufficiently sanitize administrator-configured response messages. Specifically, the "Yes response", "No...
PT-2026-52170
Name of the Vulnerable Software and Affected Versions Drupal AI Agents versions 0.0.0 through 1.1.4 Drupal AI Agents versions 1.2.0 through 1.2.5 Drupal AI Agents versions 1.3.0 through 1.3.1 Description An incorrect authorization issue allows forceful browsing. Under certain conditions, the agen...
PT-2026-52166
Name of the Vulnerable Software and Affected Versions Drupal OpenAI Provider versions 0.0.0 through 1.1.1 Drupal OpenAI Provider versions 1.2.0 through 1.2.2 Description Insufficient sanitization of user-supplied URLs leads to a Server-Side Request Forgery SSRF, a flaw where an attacker can induc...
PT-2026-52174
Name of the Vulnerable Software and Affected Versions Drupal Paragraphs versions 0.0.0 through 1.21.0 Description A missing authorization issue in the Paragraphs Library module allows forceful browsing. The module fails to sufficiently restrict access to direct child paragraphs of library items...
PT-2026-52175
Name of the Vulnerable Software and Affected Versions Drupal Geolocation Field versions 0.0.0 through 3.15.0 Description An SQL injection issue exists in the Drupal Geolocation Field module, which provides functionality to store coordinates and supports views and other modules. The problem occurs...
PT-2026-52169
Name of the Vulnerable Software and Affected Versions Drupal AI Agents versions 0.0.0 through 1.1.4 Drupal AI Agents versions 1.2.0 through 1.2.5 Drupal AI Agents versions 1.3.0 through 1.3.1 Description Missing authorization allows forceful browsing within the module that provides the entity typ...
PT-2026-52173
Name of the Vulnerable Software and Affected Versions Drupal Paragraphs versions 0.0.0 through 1.21.0 Description A missing authorization issue in the Paragraphs Library module allows forceful browsing. The module does not sufficiently restrict access to unpublished library items within lists. Th...
PT-2026-52165
Name of the Vulnerable Software and Affected Versions Drupal Advanced Content Feedback versions 0.0.0 through 2.8.0 Description An incorrect authorization issue in the Advanced Content Feedback module allows forceful browsing. The module fails to sufficiently verify authorization over the targete...
PT-2026-52171
Name of the Vulnerable Software and Affected Versions Drupal Commerce Realex / Global Payments versions 0.0.0 through 3.0.2 Description An incorrect authorization issue allows forceful browsing when the gateway is configured with the redirect payment method. The module fails to sufficiently verif...
PT-2026-52172
Name of the Vulnerable Software and Affected Versions WissKI versions 0.0.0 through 4.2.0 Description A missing authorization issue in the wisski mirador submodule allows forceful browsing and access bypass. The module fails to sufficiently validate parameters submitted via a route before writing...
PT-2026-52091
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a...
PT-2026-51794
Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...
PT-2026-51697
Name of the Vulnerable Software and Affected Versions Generate Security.txt plugin for WordPress versions prior to 1.0.13 Description The plugin fails to properly verify user authorization for specific actions. This allows authenticated attackers with subscriber-level access or higher to delete t...
PT-2026-51847
Content removed...
PT-2026-55748
This update for sg3 utils fixes the following issue - sg inq: --export output conformance for SCSI name string and ATA fields bsc1267823...
PT-2026-55690
Root has patched GHSA-64g7-mvw6-v9qj in the @rootio/shelljs package for Root:npm. Multiple fixed versions available...
PT-2026-55665
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=526758819 Crash type: Bad-cast Crash state: Bad-cast to Ogre::HardwareBuffer from invalid vptr Ogre::HardwareBuffer::unlockImpl Ogre::HardwareBuffer::unlock...
PT-2026-52873
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...
PT-2026-51830
Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Cross-Site Scripting XSS issue occurs due to improper neutralization of untrusted input within the Form Dashboard headline renderer. This allows for stored XSS, where malicious scripts are...
PT-2026-55715
Root has patched GHSA-cjmm-f4jc-qw8r in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
PT-2026-55713
Root has patched GHSA-39q2-94rc-95cp in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
PT-2026-55716
Root has patched GHSA-h8r8-wccr-v5f2 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
PT-2026-52998
CVE ID :CVE-2026-56119 Published : June 24, 2026, 3:12 p.m. | 1 hour, 27 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-51949
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the hisilicon/sec2 crypto component. Under heavy load during packet transmission, the hardware may complete packet processing and free the request memory...
PT-2026-51801
Missing permission checks in Jenkins Gitee Plugin 1288.v18b deb c9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...
PT-2026-52076
Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The Servicecustom Client API's call method accepts an order id parameter and retrieves the associated order without verifying if the authenticated client owns it. This allows an authenticated...
PT-2026-54578
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE связана с недостатками процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации...
PT-2026-52142
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Command Injection occurs due to insufficient sanitization in the escape command function located at lib/rrd.php, which acts as a no-op by returning the $command unchanged. The command line constructed...
PT-2026-51714
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter ipset component where specific hash set variants—hash:ip,mark, hash:ip,port, hash:ip,port,ip, and hash:ip,port,net—iterate IPv4 ranges using a 32-bit...
PT-2026-52037
Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid reconfigure task discard function located in /filter core/filter pid.c. A use-after-free occurs when a program continues to use a...
PT-2026-52056
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Autofill component on Windows. This occurs when a remote attacker induces the browser to process a specially crafted HTML page, which can lead to...
PT-2026-51901
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential NULL pointer dereference exists in the error path of the ice set ringparam function. The issue occurs because ice set ringparam nullifies the tstamp ring of temporary tx ring...
PT-2026-52038
Name of the Vulnerable Software and Affected Versions Tapo C200 v3 Description A denial-of-service DoS issue exists in the network packet handling logic due to improper processing of IPv4 fragmented packets. An unauthenticated adjacent attacker can send crafted packets to cause excessive resource...
PT-2026-51657
Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default and listens for UDP messages on port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes...
PT-2026-52136
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software contains an unauthenticated Local File Inclusion LFI, which occurs through the graph theme parameter and rrdtool IPC...