184508 matches found
PT-2026-51523
Name of the Vulnerable Software and Affected Versions NetComm NF20MESH versions prior to R6B032 Description An authentication bypass exists in the web management interface due to a hardcoded AES-256 key used to encrypt session cookies. An unauthenticated attacker can use this shared key to forge ...
PT-2026-51497
Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...
PT-2026-51593
Name of the Vulnerable Software and Affected Versions Spring Statemachine versions 4.0.0 through 4.0.1 Spring Statemachine versions 3.2.0 through 3.2.4 Description Kryo-based persistence backends, including JPA, MongoDB, Redis, and ZooKeeper, deserialize persisted state-machine contexts without...
PT-2026-51475
The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the import list, url detail, and file detail admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-leve...
PT-2026-51640
Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.6.4 Description A flaw in the trust mechanism allows arbitrary command execution when a directory contains task-include directories such as mise-tasks/, .mise/tasks/, etc. but lacks a configuration file. In this...
PT-2026-51546
Name of the Vulnerable Software and Affected Versions Python tarfile affected versions not specified Description A flaw exists in the extractall function when using the 'data' or 'tar' filters. A specially crafted archive containing a hardlink that references a symlink stored at a deeper path can...
PT-2026-51627
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Password-reset tokens are generated using the account-activation lifetime conf.Auth.ActivateCodeLives instead of the intended password-reset lifetime conf.Auth.ResetPasswordCodeLives. Because the token...
PT-2026-51527
Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs...
PT-2026-51615
Summary Description An Information Exposure Through Sent Data CWE-201 issue in OpenAM's Cross-Domain Single Sign-On CDSSO servlet allows a logged-in user's raw OpenAM session token to be POSTed to an attacker-controlled URL. This impacts OpenAM Community Edition through version 16.0.6. This issue...
PT-2026-55572
This update for rekor rebuilds it against the current go security release...
PT-2026-55573
This update for podman rebuilds it against the current go security release...
PT-2026-51589
Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description A flaw in the H.266 parser occurs when processing a malformed H.266/VVC video stream containing a crafted aspect ratio indicator value. This leads to an out-of-bounds read o...
PT-2026-55664
Summary A multi‑stage chain in motionEye leads to remote code execution. The chain combines: 1. Arbitrary file read LFI via the picture download endpoint for local motion cameras using absolute paths. 2. Pass‑the‑hash admin auth due to accepting request signatures computed with password hashes. 3...
PT-2026-51501
Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers get/put/delete/post. API keys created with mode=all but restricted to a single app via limited to apps are only checked for limited to orgs and not for limited to apps, so an app-scoped...
PT-2026-51493
picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported tensor ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...
PT-2026-51603
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The tarfile module fails to properly handle the End of File EOF when a file is opened in streaming mode mode="r|". This can lead to a situation where an archive is parsed in an infinite loop...
PT-2026-51555
Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorised access and exploit API‑level vulnerabilities. The session context web/API is now...
PT-2026-51517
OpenRemote Manager before 1.24.2 contains an insecure direct object reference vulnerability in the removeAlarms method that allows authenticated users to delete alarms from other tenants by supplying arbitrary alarm IDs. The bulk deletion endpoint fails to validate that targeted alarm IDs belong ...
PT-2026-54573
Уязвимость функции ipv6 get data primitive файла libnetutil/netutil.cc утилиты для сканирования сети Nmap связана с целочисленной потерей значимости. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании...
PT-2026-51525
Name of the Vulnerable Software and Affected Versions HCL Connections affected versions not specified Description Broken access control may allow an unauthorized user to view data in a single specific scenario. Recommendations At the moment, there is no information about a newer version that...
PT-2026-51552
A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...
PT-2026-51644
Name of the Vulnerable Software and Affected Versions motionEye versions prior to 0.44.0 Description An absolute path traversal issue exists in multiple media file handlers within the media playback and download functionality. The affected handlers accept a user-controlled filename parameter and...
PT-2026-51531
NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create agent to create arbitrary agent groups, container...
PT-2026-51508
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description A server-side request forgery SSRF issue exists in the Execute Flow node. This occurs due to missing secureFetch verification in httpSecurity.ts, allowing attackers to bypass security validation by...
PT-2026-51502
Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validate password compliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate...
PT-2026-51594
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.13.0 through 2.13.x Description A potential Denial-of-Service exists when a service reads deeply nested JSON thousands of levels as a JsonNode using the readTree function of ObjectMapper and subsequently writes that...
PT-2026-51488
Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a maliciou...
PT-2026-51510
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 1.0.4 Description The software fails to block at least seven Python standard library modules, including uuid, osx support, aix support, pyrepl.pager, and imaplib. This oversight exposes eight functions that allow...
PT-2026-51613
Impact OctoPrint versions up to and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Suppressed Command notifications popups generated by the printer. An attacker who successfully convinces a victim to...
PT-2026-51574
Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.5.21 Description CMS Cryptographic Message Syntax parsing in gpgsm mishandles the CMS format for AES-GCM. The issue occurs because the aes-ICVlen is accepted as 4 bytes, whereas it is supposed to be 12 bytes...
PT-2026-51560
A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...
PT-2026-51582
Name of the Vulnerable Software and Affected Versions Pivotal CRM version 6.6.04.08 Description A remote attacker can execute arbitrary code through the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components. Recommendations At the moment, there is no information abo...
PT-2026-51585
Name of the Vulnerable Software and Affected Versions Event-Driven Ansible affected versions not specified Description A missing authorization issue exists in the websocket API. The '/api/eda/ws/ansible-rulebook' endpoint fails to verify user permissions when processing Worker messages. This allo...
PT-2026-51519
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...
PT-2026-51476
The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, leading to a SQL Injection vulnerability exploitable by authenticated users with Subscriber-level access and above...
PT-2026-51479
Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.7 Description An issue exists where the file download handler does not properly enforce its nonce check. A nonce number used once is a security token used to prevent cross-site request forgery...
PT-2026-51601
OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...
PT-2026-51566
Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description A heap use-after-free issue exists in the control socket handling within src/control.c. This occurs when privilege separation is disabled or initialization fails, leaving the control socket in mode...
PT-2026-52872
Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the output path parameter. Remote attackers can...
PT-2026-51567
Name of the Vulnerable Software and Affected Versions GNU SASL versions prior to 2.2.4 Description The NTLM client lacks sanitization of a short challenge within the gsasl ntlm client step function. This flaw allows a crafted server to cause memory disclosure. Recommendations Update to version...
PT-2026-51495
Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CafePlus: from 12.05.03 before 12.05.04...
PT-2026-51550
A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...
PT-2026-51575
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description When using the configparser module to write configuration files containing multi-line text values with carriage return characters r, the resulting file could be injected with unexpected keys a...
PT-2026-51645
Impact A vulnerability was identified in Snipe-IT v8.4.0 build 21280-g91a95dbc6 that allows any authenticated user with generic asset edit permissions to delete files attached to any asset in the system, regardless of ownership or company assignment. This constitutes an Insecure Direct Object...
PT-2026-51563
Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description A one-byte stack out-of-bounds write exists in the dhcp6 makemessage function within src/dhcp6.c. Unauthenticated attackers on the same link can trigger this by serializing an oversized RFC6603 OPTIO...
PT-2026-51622
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A repository admin collaborator can escalate their privileges to owner-level access due to an off-by-one error in the ChangeCollaborationAccessMode function. This occurs because the validation...
PT-2026-51606
Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.0 Description A user possessing users.edit and API permissions can escalate their privileges by sending a PATCH request to the '/api/v1/users/their own id' endpoint. This allows the user to grant themselves vario...
PT-2026-51591
Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A query-construction flaw in client list endpoints allows authenticated clients to bypass tenant scoping and retrieve data from other clients. The issue occurs in the getSearchQuery functions of...
PT-2026-51571
Name of the Vulnerable Software and Affected Versions MuPDF versions prior to 1.27.0-rc1 Description The EPUB CSS rendering engine contains an uncontrolled recursion issue. A remote attacker can trigger a denial of service by providing a specially crafted EPUB file featuring inline CSS styles and...
PT-2026-51524
Name of the Vulnerable Software and Affected Versions pwnlift versions prior to d7a9544 Description In a privileged deployment, the upload handler in 'Components/Pages/Home.razor' contains a symlink following issue. This occurs when the application follows symbolic links files that point to anoth...