PT-2026-43275

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description Multiple out-of-bounds reads exist in the BGP MP REACH NLRI IPv6 attribute decoder. The decode mp reach ipv6 function in src/bgp protocol.cpp casts raw pointers to structure typ...

PT-2026-43378

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

PT-2026-43196

Name of the Vulnerable Software and Affected Versions CODESYS Development System affected versions not specified Description The software creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary fil...

PT-2026-43286

Name of the Vulnerable Software and Affected Versions NVIDIA Isaac Launchable for Linux affected versions not specified Description Sensitive information is transmitted in clear text. This issue may lead to code execution, escalation of privileges, information disclosure, and data tampering...

PT-2026-47002

A flaw was found in gnutls. A use after free issue in client sending key share extension may lead to memory corruption and other consequences...

PT-2026-47114

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal3,2^31...

PT-2026-43285

Name of the Vulnerable Software and Affected Versions NVIDIA Transformers4Rec for Linux affected versions not specified Description Improper deserialization of untrusted data may occur, which is the process of converting data from a format like JSON or XML back into an object in a way that allows...

PT-2026-43277

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description IBM Db2 for Linux, UNIX, and Windows, including DB2 Connect Server, stores potentially sensitive information in log files. This data could be accessed an...

PT-2026-43314

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Insufficient state checks create a vector that allows the bypass of two-factor authentication 2FA checks. Recommendations At the moment, there is no information...

PT-2026-43307

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.2.0 Description Bugsink is a self-hosted error tracking tool that resolved sourcemaps and debug files by debug ID without scoping the lookup to the project that owned the uploaded metadata. An authenticated user wit...

PT-2026-47103

There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability...

PT-2026-43344

NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure...

PT-2026-43451

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access pages pages.access permission is disabled. This can be due to configuration in the user blueprints, via options in the model blueprints or via a combination of both settings. Kirby sites...

PT-2026-43288

Name of the Vulnerable Software and Affected Versions Joomla CMS affected versions not specified Description Lack of output escaping in the multilingual associations component allows for a Cross-Site Scripting XSS vector. XSS is a flaw where an attacker injects malicious scripts into content...

PT-2026-43251

gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An attacker can inject arbitrary shell commands vi...

PT-2026-47001

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutl...

PT-2026-43334

Name of the Vulnerable Software and Affected Versions NVIDIA Display Driver for Windows affected versions not specified Description An issue exists where an attacker could cause a time-of-check time-of-use TOCTOU condition. TOCTOU is a race condition where a system checks a condition such as a...

PT-2026-43331

Name of the Vulnerable Software and Affected Versions NVIDIA Display Driver for Windows and Linux affected versions not specified Description A flaw exists in the kernel driver that allows a user to cause an incorrect permission assignment for a critical resource. This issue could lead to data...

PT-2026-43336

Name of the Vulnerable Software and Affected Versions NVIDIA Display Driver for Windows and Linux affected versions not specified Description An out-of-bounds write issue exists, which occurs when a program writes data past the end of the intended buffer. A successful exploit could result in deni...

PT-2026-43335

Name of the Vulnerable Software and Affected Versions NVIDIA Display Driver for Linux affected versions not specified Description An issue exists where an attacker could cause an incorrect conversion between numeric types, resulting in a heap buffer overflow. A heap buffer overflow occurs when a...

PT-2026-45148

Name of the Vulnerable Software and Affected Versions MariaDB versions 10.6.1 through 10.6.25 MariaDB versions 10.11.1 through 10.11.16 MariaDB versions 11.4.1 through 11.4.10 MariaDB versions 11.8.1 through 11.8.6 MariaDB version 12.3.1 Description On Windows, when the CONNECT engine is installe...

PT-2026-43256

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.22.10 Samba versions prior to 4.23.8 Samba versions prior to 4.24.3 Description A flaw exists in the Samba printing subsystem where the software passes a client-controlled job description string to the command...

PT-2026-43272

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp protocol.hpp, the parse raw bgp attribute function correctly identifies when extended length bit is set and sets length of...

PT-2026-43361

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition...

PT-2026-43405

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work flow template Import. Authenticated users can supply arbitrary URLs in work flow template.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed i...

PT-2026-43431

Name of the Vulnerable Software and Affected Versions GNU libredwg versions prior to 0.13.4.8161 Description A heap-based buffer overflow occurs in the Dwgbmp Utility component within the bit read RC function of the bits.c file. This flaw allows a remote attacker to trigger the overflow through...

PT-2026-43180

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522 Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted earl...

PT-2026-43386

Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5...

PT-2026-43161

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

PT-2026-43278

IBM webMethods Integration on prem -Integration Server 10.15 through IS 10.15 Core Fix2611.1 to IS 11.1 Core Fix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially...

PT-2026-43371

Name of the Vulnerable Software and Affected Versions OpenVPN Connect versions 3.5.1 through 3.8.1 Description A privilege escalation issue exists in the background service of OpenVPN Connect on macOS. This allows attackers to execute arbitrary commands with elevated privileges by utilizing a loc...

PT-2026-43325

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod fastcgi module...

PT-2026-43365

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...

PT-2026-43181

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/edit judge.php. The manipulation of the argument judge id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

PT-2026-43235

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...

PT-2026-43385

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

PT-2026-43319

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The getInstance function within the InputFilter class fails to include a security-sensitive parameter when generating the instance cache key. Recommendations At...

PT-2026-43341

NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of...

PT-2026-47118

singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaK exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...

PT-2026-43421

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data...

PT-2026-43273

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A stack-based buffer overflow exists in the BGP NLRI Network Layer Reachability Information decoder. The function decode bgp subnet encoding ipv4 raw in src/bgp protocol.cpp rea...

PT-2026-47102

A flaw was found in OpenJPEG’s encoder in the opj dwt calc explicit stepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability...

PT-2026-48581

Уязвимость обучающей платформы IQ SCHOOL связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации...

PT-2026-43443

Name of the Vulnerable Software and Affected Versions Fedify versions prior to 1.9.11 Fedify versions prior to 1.10.10 Fedify versions prior to 2.0.18 Fedify versions prior to 2.1.14 Fedify versions prior to 2.2.3 Description An attacker can utilize JSON-LD features to restructure a JSON-LD...

PT-2026-43287

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Lack of output escaping in the feed modules allows for a Cross-Site Scripting XSS vector. XSS is a flaw where an application includes untrusted data in a web pag...

PT-2026-43296

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper validation of the search parameter in the "com media files" API endpoint allows for path traversal, a condition where an attacker can access files and...

PT-2026-43445

Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA v.1.3.0-2706 that allows an unauthenticated remote attacker to achieve Full Remote Code Execution RCE as root. The exploit succeeds even when the platform is configured in its most secure state Secure Mode...

PT-2026-43351

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...

PT-2026-43313

Name of the Vulnerable Software and Affected Versions libsolv affected versions not specified Description A heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially...

PT-2026-43165

A security flaw has been discovered in stonith404 pingvin-share up to 1.13.0. This affects the function getServerSideProps of the file frontend/src/pages/auth/signIn.tsx of the component Sign-in Auto-Redirect. The manipulation of the argument redirect results in cross site scripting. The attack m...