184569 matches found
PT-2026-50990
Name of the Vulnerable Software and Affected Versions Joomla Component vRestaurant version 1.9.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'menu-listing-layout' endpoint with malicious code...
PT-2026-51024
Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.3.19 Kestra versions prior to 1.2.19 Kestra versions prior to 1.1.19 Kestra versions prior to 1.0.43 Description Kestra is an open-source, event-driven orchestration platform. The inputFiles task writes rendered file...
PT-2026-50977
Summary tract the tract-onnx crate resolves an ONNX tensor's external-data location by joining it onto the model directory without any sanitization. Because location comes from the untrusted .onnx file, a malicious model can make tract open and read an arbitrary local file at load time, with the...
PT-2026-50896
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.5.0 through 3.16.0 Description An authentication bypass issue exists in the opa plugin. An attacker can relay spoofed identity headers to upstream services by exploiting non-default configurations in the opa plugin,...
PT-2026-51010
Name of the Vulnerable Software and Affected Versions AWX affected versions not specified Description A flaw exists in the GitHub webhook integration where the controller stores the pull request.statuses url value from a pull request webhook payload without validating if it points to a trusted...
PT-2026-50993
Name of the Vulnerable Software and Affected Versions Joomla vWishlist version 1.0.1 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the component using crafted payloads in the...
PT-2026-50931
Name of the Vulnerable Software and Affected Versions Joomla! Component User Bench version 1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. This is achieved by sending GET requests to the...
PT-2026-51030
Name of the Vulnerable Software and Affected Versions Microsoft Copilot affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to perform tampering over a network. Recommendations At th...
PT-2026-51038
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A flaw exists in the Enforce Password Policy feature. When a Super Admin enables this policy and updates their password to a compliant one, the backend fails to update the password-compliance state...
PT-2026-50838
Name of the Vulnerable Software and Affected Versions Blocksy Companion versions prior to 2.1.46 Description The Blocksy Companion plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings caused by insufficient input sanitization and output escaping. This allows...
PT-2026-50958
Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.4 Description The JoomRecipe component for Joomla contains a blind SQL injection flaw. This allows attackers to inject SQL code via POST requests to the search endpoint using the search author parameter. This can be used...
PT-2026-50955
Name of the Vulnerable Software and Affected Versions Joomla LMS King Professional version 3.2.4.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...
PT-2026-51101
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.0.19 Description An unauthenticated attacker can cause a denial of service by sending a request to the '/api/v1/files/upload/' endpoint without authentication tokens or cookies. By abusing a very long multipart for...
PT-2026-55980
Name of the Vulnerable Software and Affected Versions Hugo versions 0.123.0 through 0.163.0 Description A regression in the virtual filesystem allows a symlink placed within a theme or local mount to read arbitrary files accessible to the user running the application. This occurs because the...
PT-2026-53776
EverOS versions 1.0.0 and earlier are vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint. The per-message sender id field was not validated as a path-safe identifier unlike app id / project id, which already enforced this. During user-memory extraction, sender id is us...
PT-2026-53800
Summary ChatterBot's UbuntuCorpusTrainer.extract uses a predictable, home-rooted output directory /ubuntu data/ubuntu dialogs with a check-then-create pattern if not os.path.exists: os.makedirs followed by tar.extractallpath=self.data path. A local attacker who pre-plants a symlink at the...
PT-2026-50845
Name of the Vulnerable Software and Affected Versions The Royal Addons for Elementor – Addons and Templates Kit for Elementor versions 1.7.1058 through 1.7.1059 Description An arbitrary file read issue exists due to the wpr get csv handle helper function. When the settings.table upload csv.url...
PT-2026-51109
Summary OpenBao users with access to the sys/leases/revoke/:lease id endpoint in any namespace can revoke leases in any other namespace as long as the lease identifier is known to them, bypassing ACLs that should apply for cross-namespace revocations. Impact OpenBao's namespaces provide...
PT-2026-51104
Name of the Vulnerable Software and Affected Versions @tinacms/app versions prior to 2.5.6 tinacms versions prior to 3.9.3 Description Cross-origin postMessage handlers allow for stored XSS and session takeover. The software registers window message listeners—specifically the useTina overlay...
PT-2026-53789
Impact The HmacSha256 class contained two functions: - hashpayload — a plain unkeyed SHA-256 digest. The Hmac prefix in the class name was misleading; this function has no key parameter, so it could never have been an HMAC. - hmacSHA256key, data — a properly keyed HMAC-SHA256. A reader who didn't...
PT-2026-50880
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.2 through 3.16.0 Description An authentication bypass by spoofing exists in the jwt-auth plugin. This flaw allows an attacker to completely bypass authentication by using a spoofed token when certain configurations of...
PT-2026-50920
Name of the Vulnerable Software and Affected Versions Brother SAPSprint version 7.60 Description An unquoted service path issue exists in the SAPSprint service binary. This allows local attackers to escalate privileges by placing a malicious executable in the Program Files directory path, which i...
PT-2026-53803
Unbounded Response Body Read Bypasses URL Size Limit in web url read Summary The web url read MCP tool in mcp-searxng enforces its 5 MiB response-size limit exclusively by inspecting the Content-Length header of a preliminary HEAD request. When a server omits Content-Length — a standard HTTP...
PT-2026-51118
Summary The ansi.js Handlebars helper in allure-generator passes user-controlled statusMessage and statusTrace values from test result files through the ansi-to-html library and wraps the output in Handlebars SafeString without HTML escaping. Since ansi-to-html does not escape HTML entities by...
PT-2026-51114
Summary The CartController defines a RateLimiter behavior that is only activated when the 'number' POST/GET parameter is explicitly provided. Details When an attacker submits coupon codes against the session-based cart without passing a 'number' parameter, no rate limiting is applied. This allows...
PT-2026-51117
Summary The built-in HTTP server started by allure serve and allure open is vulnerable to path traversal. The server resolves request URI paths directly against the report directory without normalizing or validating that the resolved path stays within the report directory. An attacker who can rea...
PT-2026-51204
CVE ID :CVE-2026-6716 Published : June 18, 2026, 10:19 p.m. | 3 hours, 52 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-53796
Impact The default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals e.g. http://127.0.0.1/, http://169.254.169.254/. The deny rule only matched dotted-decimal notation, so alternate IPv4 encodings of the same addresses — integer, hex, or octal, whi...
PT-2026-50992
Name of the Vulnerable Software and Affected Versions Joomla! Component vAccount version 2.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the 'vaccount-dashboard/expense'...
PT-2026-50984
Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to provide crafted video frame pixels that overlap with internal encoder layer...
PT-2026-53797
Summary vcrpy deserializes YAML cassette files with PyYAML's object-constructing loader yaml.CLoader / yaml.Loader instead of the safe loader yaml.CSafeLoader / yaml.SafeLoader. A cassette containing a !!python/object/apply: or similar tag therefore executes arbitrary Python code the moment the...
PT-2026-50995
Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. This is achieved by submitting POST requests to the...
PT-2026-50828
Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module versions 1.000 and prior Description An integer overflow or wraparound in the EtherNet/IP function allows a remote attacker to cause a denial-of-service DoS condition. By rapidl...
PT-2026-50890
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description A NULL pointer dereference occurs in the data moniker service of NI grpc-device. A NULL pointer dereference is a condition where a program attempts to read or write to a memory address that i...
PT-2026-51019
Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.44 Description YARD is a documentation generation tool for the Ruby programming language. The static cache lookup reads a request path before the router's path cleanup process occurs. When a server is configured with...
PT-2026-50925
Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The AbstractGenerator::$temporaryFiles public array allows any code with a reference to a generator instance to...
PT-2026-50972
Summary In affected versions, the OAuth2 token request sends app id, app secret, refresh token and code as URL query parameters of the POST request to https://oauth./oauth/api/oauth2/token. Request URLs are commonly recorded in access logs, proxy logs and APM traces, so the application secret and...
PT-2026-53775
Summary A GitHub Actions workflow is vulnerable to command injection through the issue title. The workflow is triggered when an issue is opened or closed, and it directly inserts github.event.issue.title into a Bash variable assignment. If an issue title contains command substitution syntax, Bash...
PT-2026-50830
Name of the Vulnerable Software and Affected Versions Classified Listing – Classified ads & Business Directory versions prior to 5.4.3 Description The plugin contains a missing authorization flaw in the gallery image update as feature AJAX handler action: rtcl fb gallery image update as feature...
PT-2026-50848
Name of the Vulnerable Software and Affected Versions WP Hotel Booking versions prior to 2.3.1 Description Several AJAX handlers do not enforce capability checks, which allows authenticated users with Subscriber-level access to read booking line items of other users, enumerate active coupons, and...
PT-2026-53768
Summary The Order::setPaymentAmount method accepts any float value without enforcing a minimum positive amount. The PaymentsController casts the user-supplied 'paymentAmount' parameter directly to float with no lower-bound check. Details When the store has 'Allow Partial Payment on Checkout'...
PT-2026-50906
Name of the Vulnerable Software and Affected Versions Comodo Chromodo Browser version 52.15.25.664 Description The ChromodoUpdater service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker to place a malicious executable within the service path to...
PT-2026-50892
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description A memory leak exists in the BeginSidebandStream function, which can lead to a denial of service condition caused by memory exhaustion. Recommendations Update to a version later than 2.17.0. A...
PT-2026-51035
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...
PT-2026-53798
Impact Uni-CLI versions before 0.225.2 exposed the legacy JSON-RPC-over-HTTP MCP transport on loopback without validating browser Origin headers before routing requests. A malicious web page could send a CORS simple POST request, such as text/plain, to the local /mcp endpoint and deliver a JSON-R...
PT-2026-50983
Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description A heap-buffer-overflow read occurs in the reference AV1 codec implementation due to a missing bounds check in the SVC Scalable Video Coding layer ID control function. This allows the spatial...
PT-2026-53782
Impact A stored cross-site scripting XSS vulnerability affected the Markdown/RichText field preview renderer in Sveltia CMS. The DOMPurify sanitization configuration used for Markdown previews explicitly permitted iframe elements without enforcing a sandbox attribute or restricting iframe sources...
PT-2026-50913
Name of the Vulnerable Software and Affected Versions Matrix42 Remote Control Host version 3.20.0031 Description An unquoted service path issue exists in the FastViewerRemoteService and FastViewerRemoteProxy services. This allows local users to execute arbitrary code with SYSTEM privileges by...
PT-2026-50948
Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description The GridTime 3000 GNSS Time Server contains an open redirect issue within the password change form submission. An open redirect occurs when an application takes a user-provided URL an...
PT-2026-55981
Name of the Vulnerable Software and Affected Versions Hugo versions 0.162.0 through 0.163.0 Description The default security.http.urls policy fails to properly block requests to loopback, internal, and cloud-metadata IPv4 literals because the deny rule only matches dotted-decimal notation...