175406 matches found
PT-2026-48432
A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc superior SUP field length is omitted from buffer size calculations in read schema dse and schema oc to string, but the field is still written via strcat. An attacker with Directory...
PT-2026-48602
internal/web/operators.go:251 — after handleOperatorCreateAPIKey mints a fresh 32-byte bearer token, the redirect points the operator's browser at: /ui/operators/?new key=&key name= The raw API key ends up: - in the browser's URL history - in the Referer header on every cross-origin asset the...
PT-2026-48516
Name of the Vulnerable Software and Affected Versions TP-Link Archer AX12 v1 TP-Link Archer AX17 v1 TP-Link Archer AX18 v1 TP-Link Archer AX1300 v1.6 Description An OS command injection issue exists in the VPN module. This occurs due to improper filtering of special characters, allowing an...
PT-2026-48443
A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...
PT-2026-48481
Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.0.13 Description A cross-site request forgery CSRF issue exists where a cross-site GET request can trigger stored cron commands on a victim's agents. The dashboard exposes a manual-trigger action via t...
PT-2026-48372
A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later...
PT-2026-48499
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit saved search owner could reassign...
PT-2026-48536
OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try honest pairing check function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a...
PT-2026-48576
Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.07 Description Improper Control of Generation of Code allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks. This can lead to Remote...
PT-2026-48501
CVE-2026-34908 is a CVSS 10.0 improper access control flaw in UniFi OS Server where nginx evaluates the raw request URI for authentication but routes using the normalized URI, allowing unauthenticated attackers to reach protected endpoints and chain into full root RCE...
PT-2026-48384
A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service...
PT-2026-48457
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/class models.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. It...
PT-2026-48435
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before request → @jwt required app/routes/install/routes.py:36-39. The individual endpoints install exporter, install waf, install geoip,...
PT-2026-48440
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/version,uptime,status,checks/ family of routes takes the URL path component verbatim into requests.getf'http://server ip:agent port/...'. The path component is...
PT-2026-48434
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywi common.check user group for flask — which validates that the caller has some group, not that the target chec...
PT-2026-48507
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous...
PT-2026-48431
During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode SMM...
PT-2026-48402
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...
PT-2026-48529
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...
PT-2026-48491
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.4 Splunk Enterprise versions prior to 10.0.7 Splunk Enterprise versions prior to 9.4.12 Splunk Enterprise versions prior to 9.3.13 Splunk Cloud Platform versions prior to 10.3.2512.12 Splunk Cloud...
PT-2026-48510
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the...
PT-2026-48449
A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...
PT-2026-48441
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the server ip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...
PT-2026-48549
Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...
PT-2026-48497
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrate...
PT-2026-48445
A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the source id claim within these tokens against the requested source ID. This oversight allows an...
PT-2026-48526
A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...
PT-2026-48366
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
PT-2026-48364
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...
PT-2026-48374
The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...
PT-2026-48392
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title tag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-48546
Name of the Vulnerable Software and Affected Versions russh versions 0.34.0-beta.1 through 0.60.0 Description russh did not strictly enforce SSH identification-string rules. The server-side identification reader used a permissive path that allowed clients to send pre-banner lines and did not...
PT-2026-48527
Name of the Vulnerable Software and Affected Versions CometD versions 5.0.x CometD versions 6.0.x CometD versions 8.0.x Description Improper handling of the acknowledgement extension allows malicious clients to cause a server outage. By consistently sending a fixed batch value in the ext paramete...
PT-2026-48353
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handle session command0 in...
PT-2026-48603
internal/pki/resolver.go:36-64 constructs a CAManager with the plaintext ed25519.PrivateKey after unwrapping via the master key; internal/pki/ca.go:13-16 stores it. Callers at internal/api/enroll.go:116, internal/api/updates.go:297, and internal/api/mobile bundle.go:40 use the manager for one Sig...
PT-2026-48474
Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-697 Incorrect Comparison Summary AWS IAM trust policies can list more than one federated identity provider — for example, a role that accepts BOTH GitHub Actions OIDC and Google's OIDC. The G OIDC 1 and G OIDC 2 policy rule...
PT-2026-48373
CVE-2026-48703 Warp Agent: Code Search Command Injection via Grep and FileGlob https://t.co/Li4h31dQjZ...
PT-2026-48539
Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...
PT-2026-48519
Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions allow mutiple metrics,separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the names...
PT-2026-48414
Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...
PT-2026-48412
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...
PT-2026-48464
Summary Sensitive Data Exposure vulnerability in Erlang OTP inets httpc response module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...
PT-2026-48467
Summary Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inet tls dist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inet tls dist:check ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls...
PT-2026-48450
libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfs zdr string in lib/libnfs-zdr.c...
PT-2026-48410
Name of the Vulnerable Software and Affected Versions Ghidra versions prior to 12.1 Description On Windows, improper escaping of cmd.exe metacharacters in URL annotation handling allows for command injection. This occurs when malicious URLs are embedded in program comments; if a user clicks these...
PT-2026-48486
Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description A memory corruption issue occurs during the processing of tunnel traffic. An authenticated user can trigger system reboots by sending a maliciously crafted packet. If these...
PT-2026-48487
A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface CLI to perform actions on the device with root privileges. The security risk posed by this issue is significantly minimized when CLI access i...
PT-2026-48503
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched...
PT-2026-48379
These are all security issues fixed in the python313-yt-dlp-2026.06.09-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-48380
These are all security issues fixed in the python313-yt-dlp-2026.06.09-1.1 package on the GA media of openSUSE Tumbleweed...