184427 matches found
PT-2026-52874
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...
PT-2026-51498
Name of the Vulnerable Software and Affected Versions ProfileGrid versions prior to 5.9.9.3 Description The ProfileGrid plugin for WordPress contains a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping. Authenticated attackers with Subscriber-level acces...
PT-2026-51481
Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time which is leaked via t...
PT-2026-55574
This update for podman rebuilds it against the current go security release...
PT-2026-51500
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the 'POST /private/role bindings' endpoint. The system fails to verify the ownership of the app id during the creation of app-scoped role bindings. This allows an...
PT-2026-51635
Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the FILE UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can b...
PT-2026-55662
Summary The Meet plugin stores the raw HTTP User-Agent header of every meeting participant and later renders it without output encoding in the meeting-management "Participants" panel that the meeting host and site administrators open. An anonymous, unauthenticated attacker can join any public...
PT-2026-51587
Name of the Vulnerable Software and Affected Versions Ansible affected versions not specified Description In the plugins/modules/nexmo.py module, the api key and api secret variables are marked as no log=True to prevent them from being logged. However, these credentials are URL-encoded and includ...
PT-2026-51493
picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported tensor ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...
PT-2026-51513
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description A heap use-after-free exists in the meta coder. This occurs when memory allocation fails and a single byte is written to a stale pointer. Remote attacke...
PT-2026-51511
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to enumerate private channels and leak version/config state. Unauthenticated attacke...
PT-2026-51642
Name of the Vulnerable Software and Affected Versions Snipe-IT affected versions not specified Description An authorization bypass exists in the BulkAssetsController::update function. The system accepts the company id variable directly from user input without utilizing the standard company-scopin...
PT-2026-51620
Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.5.0 Description A missing authorization issue allows a user with permissions to edit other users to reset the two-factor authentication 2FA of a superadmin. Recommendations Update to version 8.5.0...
PT-2026-51641
Name of the Vulnerable Software and Affected Versions mise versions 2026.3.15 through 2026.6.3 Description mise loads the github.credential command setting from local project configuration files before any trust decision is made. When resolving a GitHub token, the software executes the value of...
PT-2026-51634
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description The Jupyter Notebook ipynb sanitizer endpoint at 'POST /-/api/sanitize ipynb' allows arbitrary data: URIs without proper restrictions, which can lead to Cross-Site Scripting XSS. The endpoint utilizes...
PT-2026-51630
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Git LFS storage is content-addressed by OID Object Identifier alone, while per-repository authorization is managed in the lfs object table. The serveUpload function skips the re-upload process when an...
PT-2026-51458
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Organization team member management can be performed via GET requests without Cross-Site Request Forgery CSRF protection. CSRF is a security flaw where an attacker tricks a logged-in user into executin...
PT-2026-51632
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description The built-in Go SSH server in Gogs is subject to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to the ssh.NewServerConn...
PT-2026-51623
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A Server-Side Request Forgery SSRF issue exists in the repository migration functionality. The application validates the hostname of the initially submitted URL against a blocklist of local and...
PT-2026-51628
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description Gogs contains an authorization bypass in its Git Smart HTTP handler for repository RPCs. The system determines the authorization policy based on the client-supplied service query parameter rathe...
PT-2026-51624
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Authenticated users can achieve Remote Code Execution RCE on the server during the "Rebase before merging" operation in pull requests. The issue stems from improper argument handling where the base...
PT-2026-51459
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description An information disclosure issue exists in the Mirror Settings functionality, which allows authenticated users to import local repositories from the server filesystem. This occurs due to a lack o...
PT-2026-51520
Name of the Vulnerable Software and Affected Versions dnsmasq affected versions not specified Description An out-of-bounds read occurs in the find soa function within src/rfc1035.c. During the parsing of NS section records, the extract name function is called with extrabytes=0, which fails to...
PT-2026-51554
Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 6.0.7 Description Insufficient validation of user input during the process of saving delivery limitations allows a low-privileged user to inject malicious PHP code into the compiledlimitations database field v...
PT-2026-51551
A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent ownership...
PT-2026-51590
Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description A flaw in the gst-plugins-bad package occurs when processing a specially crafted H.264 video file containing malformed Multiview Video Coding MVC or Scalable Video Coding SV...
PT-2026-51470
Name of the Vulnerable Software and Affected Versions FAST/TOOLS versions R9.01 through R10.04 CI Server versions R1.01 through R1.04 Description The web server may return a response containing CI Server setting information, which could be exploited by an attacker to facilitate further attacks...
PT-2026-51478
Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.7 Description Insufficient sanitization and escaping of filenames submitted to the frontend file-rename endpoint allows a Stored Cross-Site Scripting XSS issue. This occurs when the filename is...
PT-2026-51614
Summary Description An insufficient authorization CWE-285 and information exposure CWE-200 issue in OpenAM's session management endpoint allows a low-privileged authenticated user to retrieve active session credentials belonging to other users, including those with higher privileges. This affects...
PT-2026-51572
Name of the Vulnerable Software and Affected Versions OpenStack Swift versions prior to 2.37.2 Description The proxy-server fails to strip internal update headers from client requests before forwarding them to object-servers. An authenticated user with write access can inject the headers...
PT-2026-51559
A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery...
PT-2026-51515
Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexml load string without disabling external entity loading, enabling attackers to inject XXE payloa...
PT-2026-51608
Name of the Vulnerable Software and Affected Versions FlatPress versions prior to commit 10be83c Description A stored cross-site scripting issue exists in comment and contact forms. The name, URL, and email fields are rendered without proper output encoding in Smarty templates. This allows...
PT-2026-51621
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description An open redirect issue exists where attacker-controlled redirect to parameters can bypass validation, allowing redirection to arbitrary external sites. This occurs in all redirects validated via the...
PT-2026-51647
Summary The ActionHandler.post method in motionEye has no authentication decorator, allowing any unauthenticated attacker to trigger camera actions including snapshots, recording start/stop, and configured action scripts PTZ controls, alarm triggers, etc.. Vulnerability Details File:...
PT-2026-51592
Name of the Vulnerable Software and Affected Versions foreman-mcp-server affected versions not specified Description Two distinct logging mechanisms in the software can expose sensitive session and authentication data. One mechanism logs session identifiers, which function as authentication...
PT-2026-51625
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Gitea affected versions not specified Description A stored DOM-based Cross-Site Scripting XSS issue exists where an attacker can store an HTML or JavaScript payload in a milestone name. When a user opens th...
PT-2026-51633
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Gogs contains an information disclosure issue where the 'GET /api/v1/orgs/:orgname/teams' endpoint returns all teams for any organization without requiring authentication. This occurs because the route...
PT-2026-51573
Name of the Vulnerable Software and Affected Versions GNU libidn versions prior to 1.44 Description An issue exists in the ToUnicode APIs due to mishandling in the idna to unicode internal function, which can lead to out-of-bounds reads of uninitialized memory. Recommendations Update to version...
PT-2026-51583
Name of the Vulnerable Software and Affected Versions rtk versions prior to 0.42.2 Description A flaw in the permission splitter logic fails to conservatively split or reject certain Bash shell constructs that create command-execution boundaries or nested execution. This improper input validation...
PT-2026-51557
A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...
PT-2026-51480
An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability...
PT-2026-51499
Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decode each/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...
PT-2026-51639
Summary The fix for CVE-2026-33482 GHSA-pmj8-r2j7-xg6c is incomplete. That advisory reported that sanitizeFFmpegCommand plugin/API/standAlone/functions.php failed to strip $... command substitution, allowing OS command injection at the execAsync sh -c sink. The fix commit 25c8ab90 added $, , , , ...
PT-2026-51617
Name of the Vulnerable Software and Affected Versions opentelemetry-ebpf-profiler versions prior to 0.0.202622 Description An unprivileged process can cause a denial of service on the ebpf-profiler agent by triggering the processPIDEvents goroutine to block indefinitely. This occurs when the...
PT-2026-51522
🚨 CVE-2026-35018 NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...
PT-2026-51563
Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description A one-byte stack out-of-bounds write exists in the dhcp6 makemessage function within src/dhcp6.c. Unauthenticated attackers on the same link can trigger this by serializing an oversized RFC6603 OPTIO...
PT-2026-51565
Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description An issue in the IPv6 Router Advertisement route information handling allows an unauthenticated attacker on the same link to cause a denial of service. By repeatedly sending crafted Router...
PT-2026-55562
This update for sg3 utils fixes the following issues: - sg inq: --export output conformance for SCSI name string and ATA fields bsc1267823 - rescan-scsi-bus.sh: quote $id serial in findmultipath call bsc1268201...
PT-2026-51477
The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors vi...