184321 matches found
PT-2026-57011
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An authenticated administrator or API-token user can exfiltrate sensitive files from the host system. The 'POST /api/file/globalCopyFiles' endpoint accepts absolute source paths and uses the...
PT-2026-57012
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description In the Asset.render function within app/src/asset/index.ts, the unsanitized this.path variable is interpolated into HTML assigned to innerHTML. A crafted asset link containing a double quote can break...
PT-2026-56996
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...
PT-2026-56901
Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...
PT-2026-56700
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner identified by email address to read, reply to, and close that person's support tickets...
PT-2026-56702
The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated media-proxying endpoint, allowing anonymous users to make the site fetch arbitrary URLs, including internal and private-network addresses, and read back...
PT-2026-56703
The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...
PT-2026-56698
The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...
PT-2026-56701
The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check is only applied when an attacker-controllable request header holds a specific value, so it can be bypassed by omitting or...
PT-2026-56699
The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...
PT-2026-56811
Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg tls server recv hello, which uses an attacker-controlled session id len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote,...
PT-2026-56798
A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub read idx of the file /src/media tools/vobsub.c of the component MP4Box. Executing a manipulation of the argument num langs can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has be...
PT-2026-56769
Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...
PT-2026-56784
A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an...
PT-2026-56931
An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component...
PT-2026-56821
A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request...
PT-2026-57242
These are all security issues fixed in the rclone-1.74.4-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-57243
These are all security issues fixed in the rclone-1.74.4-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-57342
Name of the Vulnerable Software and Affected Versions RoundCube versions prior to 1.7 Description A stored cross-site scripting XSS flaw exists where an unescaped attachment MIME type is displayed on the attachment-validation warning page. An attacker can craft a malicious MIME type string that,...
PT-2026-57234
These are all security issues fixed in the rclone-1.74.4-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-56951
Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...
PT-2026-56723
The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up to, and including, 0.9.78.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
PT-2026-56712
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.7. This is due to the plugin not properly verifying that a user is authorized to perform an...
PT-2026-56720
The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the um reset password process hook function performing no server-side...
PT-2026-56706
Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affecte...
PT-2026-56727
A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...
PT-2026-56890
A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function get url of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTP HOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...
PT-2026-56889
A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts the function Refs.set/Pointer.set in the library lib/pointer.ts. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched...
PT-2026-56869
A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...
PT-2026-56870
A security flaw has been discovered in Open5GS 2.7.7. This affects the function amf context final of the file src/amf/context.c of the component AMF. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit has been released to the public and...
PT-2026-56965
A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege...
PT-2026-56990
A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pull parser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public a...
PT-2026-56966
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service DoS. On EX2300, EX4000, EX4100, EX4300-MP Multigigabit and EX4400 switches, an authenticated, local attacker with no specific permissions ...
PT-2026-56795
The implementation of an internal and undocumented Dashboard API endpoint POST /api/users//user/tokens forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user with more...
PT-2026-56768
The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get all values function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permission callback only verifies the...
PT-2026-56967
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...
PT-2026-56794
A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...
PT-2026-56868
A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...
PT-2026-56824
The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...
PT-2026-56974
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. On all QFX10000 platforms in an EVPN-VxLAN scenario, if an...
PT-2026-56976
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When an affected device initiates a TCP...
PT-2026-56973
An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...
PT-2026-56808
Name of the Vulnerable Software and Affected Versions AcyMailing versions prior to 10.11.1 Description An unauthenticated SQL injection flaw exists in the AcyMailing component for Joomla. This issue allows a remote attacker to execute crafted SQL queries to gain unauthorized access to the databas...
PT-2026-56807
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...
PT-2026-56803
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored XSS. This issue affects OKRs & Goals: from 28220 before 28398...
PT-2026-56894
Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...
PT-2026-56933
Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 2025.4.6 Pimcore versions prior to 2026.1.6 Description An unauthenticated attacker who knows a valid admin username can take over an admin account by sending a password reset request containing an attacker-controlled...
PT-2026-56934
Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 2026.1.6, an authenticated user can extract the admin password hash and other database content through time-based blind SQL injection in the DateFilter column key parameter. The POST...
PT-2026-56907
Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath embeds request data is confined by getSafeFilePath in packages/commons-server/src/libs/server/server.ts with resolvedPath.startsWithstaticBaseDir. That prefix test has no path-separator boundary, so a...
PT-2026-56815
n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...