175415 matches found
PT-2026-43264
An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...
PT-2026-43372
A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...
PT-2026-43178
A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/std smart ptr.h. Such manipulation leads to improper validation of specified type of input. It is possible to launch the attack remotely. The...
PT-2026-43373
A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom intern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the...
PT-2026-43395
Name of the Vulnerable Software and Affected Versions PbootCMS version 3.2.11 Description Code injection is possible within the site configuration functionality. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-2026-43298
Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...
PT-2026-43424
Name of the Vulnerable Software and Affected Versions Vanetza versions 26.02 and earlier Description A denial-of-service issue exists in the ASN.1/OER parsing pipeline. When the system processes malformed network packets containing corrupted ASN.1/OER structures, such as invalid length fields or...
PT-2026-46875
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516319578 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv 422sp to 420p ihevcd fmt conv ihevcd decode...
PT-2026-43300
Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python checks.yml embeds $ github.event.pull request.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script run tests model gen...
PT-2026-43192
A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...
PT-2026-43306
Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.2.0 Description Bugsink is a self-hosted error tracking tool. A project-boundary authorization issue exists in the issue list view, which supports bulk actions such as resolving or muting selected issues. The system...
PT-2026-43379
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
PT-2026-43441
Name of the Vulnerable Software and Affected Versions netty incubator codec.bhttp versions prior to 0.0.21.Final Description The HKDF expand function returns a non-NULL byte array filled with zeros upon failure, making it impossible to distinguish between a successful operation and a failure. Thi...
PT-2026-43311
Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A local symlink attack is possible due to predictable file paths in the /tmp directory. The software uses a default statistics file path at '/tmp/fastnetmon.dat'. The print scre...
PT-2026-43186
A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match BLOCK HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. The attack requires a local approach. The exploit has been...
PT-2026-43193
A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...
PT-2026-43201
Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121...
PT-2026-43449
TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. This vulnerability is of high severity for affected sites and has a high real-world impact. ---- Introduction Arbitrary method call is a type of arbitrary code execution...
PT-2026-43324
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod ibm upload...
PT-2026-43333
Name of the Vulnerable Software and Affected Versions NVIDIA Display Driver for Windows and Linux affected versions not specified Description A flaw exists in the kernel mode layer that allows a user to gain improper access to GPU resources. This could result in denial of service, escalation of...
PT-2026-43437
Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the vfs worm module, which is designed to provide write-once, read-many WORM protections by preventing file modifications after a specific grace period. Due to insufficient...
PT-2026-43243
Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery CSRF. This issue affects Zoho Mail wordpress plugin versions before 1.6.2...
PT-2026-43177
A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...
PT-2026-43302
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A null pointer dereference exists in the Bluetooth L2CAP component. This occurs within the l2cap sock state change cb...
PT-2026-43453
Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the io.katacontainers.config.hypervisor.virtio fs extra args pod annotation. By injecting -o source=/ along with --no-announce-submount...
PT-2026-43352
Name of the Vulnerable Software and Affected Versions Twenty CRM versions 1.7.7 through 1.16.7 Description A Remote Code Execution RCE issue exists via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If the Postgres user is a superuser, any authenticated user can execute arbitrary ...
PT-2026-43407
Missing Authorization vulnerability in oban-bg oban web 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handle event"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...
PT-2026-43394
Name of the Vulnerable Software and Affected Versions AppLockZ App Lock and Fingerprint Lock version 4.2.11 Description A local attacker with physical access can bypass the PIN lock because the lock is implemented as an overlay instead of using Android's secure authentication APIs. By navigating...
PT-2026-43381
SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...
PT-2026-43377
Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description An off-by-one heap-based buffer overflow exists in the dynamic binary buffer t class within the src/dynamic binary buffer.hpp file. The issue stems from an incorrect bounds chec...
PT-2026-43376
Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Management versions 7.0.3 through Interim Fix 021 IBM Engineering Lifecycle Management versions 7.1.0 through Interim Fix 009 IBM Engineering Lifecycle Management versions 7.2.0 through Interim Fix 001 Description An...
PT-2026-43393
Name of the Vulnerable Software and Affected Versions SailingLab AppLock version 4.3.8 Description An issue in the application allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay instead of utilizing Android's secure authentication APIs. By...
PT-2026-43249
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...
PT-2026-43401
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPathfullPath call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly into the smbclient -c script without validation...
PT-2026-43411
A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...
PT-2026-43260
A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...
PT-2026-43261
A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack...
PT-2026-43202
Name of the Vulnerable Software and Affected Versions MediaArea MediaInfoLib affected versions not specified Description A heap-based buffer overflow occurs during the parsing of LXF files. A heap overflow is a memory corruption issue that happens when a program writes more data to a heap-allocat...
PT-2026-43197
Name of the Vulnerable Software and Affected Versions CODESYS Development System affected versions not specified Description The software extracts installation files to a temporary directory using incorrect default permissions during administrative installation. This allows a low-privileged local...
PT-2026-43190
Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silently dropped from the execution chain when the router prefix contains path parameters. Depending on what the skipped middleware was supposed to protect, an...
PT-2026-43432
A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage user.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be...
PT-2026-43389
A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit h...
PT-2026-43398
Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description Broken access control exists in the OSS file service URL fetch API endpoint "chat/api/oss/get url". The system uses the application id variable from the URL path without validating ownership, which...
PT-2026-43397
Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description An issue exists in the OSS file service URL fetch functionality where inconsistent DNS resolution occurs between the validation phase and the actual request execution. This allows for a server-side...
PT-2026-43248
A vulnerability has been found in Totolink N300RH 6.1c.1353 B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely...
PT-2026-43362
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...
PT-2026-43312
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute web request secure function in src/fast library.cpp creates a boost::asio::ssl::context with tls client mode and calls set default verify paths to load CA certificates, but never...
PT-2026-43275
Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description Multiple out-of-bounds reads exist in the BGP MP REACH NLRI IPv6 attribute decoder. The decode mp reach ipv6 function in src/bgp protocol.cpp casts raw pointers to structure typ...
PT-2026-43378
code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...
PT-2026-43196
Name of the Vulnerable Software and Affected Versions CODESYS Development System affected versions not specified Description The software creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary fil...