184873 matches found
PT-2026-51025
Name of the Vulnerable Software and Affected Versions Authelia versions 4.36.0 through 4.39.19 Description Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO. A lack of domain canonicalization in specific edge cases can...
PT-2026-50989
Name of the Vulnerable Software and Affected Versions Joomla! Component VMap version 1.9.6 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. This is achieved by sending GET requests to the...
PT-2026-51103
Summary A Stored Cross-Site Scripting XSS issue previously existed in the Text Widget in Board of Outerbase Studio where unsanitized HTML could be rendered using dangerouslySetInnerHTML Steps to Reproduce 1. Create a new dashboard. 2. Add a Text widget. 3. Insert the following payload: html...
PT-2026-51121
Name of the Vulnerable Software and Affected Versions SpiceDB versions prior to 1.54.0 Description Under concurrency, the CheckPermission and CheckBulkPermissions functions can incorrectly return PERMISSIONSHIP HAS PERMISSION instead of PERMISSIONSHIP CONDITIONAL PERMISSION for a specific resourc...
PT-2026-51018
gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...
PT-2026-51108
Name of the Vulnerable Software and Affected Versions OpenBao affected versions not specified Description An issue exists in the shared LDAP utility library sdk/helper/ldaputil/client.go used by the LDAP authentication backend and OpenLDAP secrets engine. The GetUserDN function incorrectly uses...
PT-2026-50964
Name of the Vulnerable Software and Affected Versions JHotelReservation version 6.0.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'search-hotels' endpoint with malicious code injected into the roo...
PT-2026-51118
Summary The ansi.js Handlebars helper in allure-generator passes user-controlled statusMessage and statusTrace values from test result files through the ansi-to-html library and wraps the output in Handlebars SafeString without HTML escaping. Since ansi-to-html does not escape HTML entities by...
PT-2026-51110
Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.5 Description Users granted namespace management capabilities within a non-root namespace can abuse the canonicalization of the literal path "root" to manage the containing namespace itself. Several endpoints unde...
PT-2026-51101
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.0.19 Description An unauthenticated attacker can cause a denial of service by sending a request to the '/api/v1/files/upload/' endpoint without authentication tokens or cookies. By abusing a very long multipart for...
PT-2026-51095
Name of the Vulnerable Software and Affected Versions miniflux-v2 affected versions not specified Description URL restrictions can be bypassed, leading to an open redirect. The application uses the IsRelativePath function to validate redirect URLs by requiring relative paths and prohibiting host ...
PT-2026-51005
Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.23 Statamic versions prior to 6.20.0 Description An authenticated Control Panel user can view metadata and content for resources they lack permission to access. This includes entries, assets, users, roles, group...
PT-2026-51167
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.27.1 Description When clients are launched with the non-default /cache:codec:rfx option, the software passes the desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data. However, in the gdi Bitmap...
PT-2026-51112
Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description The default fileUpload.fileExtensions blocklist can be bypassed by uploading files with non-standard or compound extensions combined with a dangerous content type. This allows the upload...
PT-2026-51164
These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-51056
Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description A bug in the CRI plugin allows the propagation of labe...
PT-2026-51023
Name of the Vulnerable Software and Affected Versions Lima versions prior to 2.1.3 Description An unprivileged user within a Lima QEMU guest can escalate privileges to root. The issue stems from the guest-agent socket located at /run/lima-guestagent.sock being world-writable permissions 0o777 and...
PT-2026-51066
Name of the Vulnerable Software and Affected Versions jupyterlab-git versions prior to 0.54.0 Description An authenticated user on a case-insensitive filesystem such as macOS APFS or Windows NTFS can bypass the excluded paths security control. The issue occurs because the GitHandler.prepare...
PT-2026-51093
Name of the Vulnerable Software and Affected Versions UltraJSON versions prior to 5.13.0 Description The functions ujson.dumps, ujson.dump, and ujson.encode contain an issue when the reject bytes variable is set to False. In this configuration, the software may accept malformed or truncated UTF-8...
PT-2026-51098
Name of the Vulnerable Software and Affected Versions py7zr versions prior to 1.1.3 Description A denial of service issue exists where a crafted .7z archive with a large numstreams value causes excessive CPU consumption. This occurs because the PackInfo. read function in archiveinfo.py uses an On...
PT-2026-50978
Name of the Vulnerable Software and Affected Versions Tilt versions 0.19.5 through 0.37.3 Description The Tilt HUD server mounts Go's net/http/pprof handlers under the '/debug' endpoint without access control. When the HUD is network-exposed, an unauthenticated caller can read process memory via...
PT-2026-51162
These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-51166
These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-51065
Name of the Vulnerable Software and Affected Versions jupyterlab-git affected versions not specified Description A stored cross-site scripting XSS issue exists in the PlainTextDiff.ts component of the jupyterlab-git extension. The createHeader function passes Git filenames directly to innerHTML...
PT-2026-51099
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An Insecure Direct Object Reference IDOR issue exists in the /api/v1/responses endpoint. This occurs because the get flow by id or endpoint name function in src/backend/base/langflow/helpers/flow.py...
PT-2026-50864
The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fx file close even when the file was never successfully opened. Multiple error branches jump to...
PT-2026-50839
Name of the Vulnerable Software and Affected Versions ts-deepmerge versions prior to 8.0.0 Description An uncaught exception occurs due to improper handling of built-in Object.prototype methods, such as toString and valueOf. When user-controlled input contains these keys with non-function values,...
PT-2026-50875
Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...
PT-2026-51021
Name of the Vulnerable Software and Affected Versions Mercator versions prior to 2025.05.19 Description A Server-Side Request Forgery SSRF exists in the CVE configuration panel at the '/admin/config/parameters' endpoint. The testProvider method in ConfigurationController passes user-supplied inpu...
PT-2026-50937
Name of the Vulnerable Software and Affected Versions Joomla! Component Price Alert version 3.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending requests to the 'subscribeajax' view with crafted payloads in the product id parameter,...
PT-2026-50990
Name of the Vulnerable Software and Affected Versions Joomla Component vRestaurant version 1.9.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'menu-listing-layout' endpoint with malicious code...
PT-2026-51024
Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.3.19 Kestra versions prior to 1.2.19 Kestra versions prior to 1.1.19 Kestra versions prior to 1.0.43 Description Kestra is an open-source, event-driven orchestration platform. The inputFiles task writes rendered file...
PT-2026-50977
Summary tract the tract-onnx crate resolves an ONNX tensor's external-data location by joining it onto the model directory without any sanitization. Because location comes from the untrusted .onnx file, a malicious model can make tract open and read an arbitrary local file at load time, with the...
PT-2026-50896
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.5.0 through 3.16.0 Description An authentication bypass issue exists in the opa plugin. An attacker can relay spoofed identity headers to upstream services by exploiting non-default configurations in the opa plugin,...
PT-2026-50993
Name of the Vulnerable Software and Affected Versions Joomla vWishlist version 1.0.1 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the component using crafted payloads in the...
PT-2026-50931
Name of the Vulnerable Software and Affected Versions Joomla! Component User Bench version 1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. This is achieved by sending GET requests to the...
PT-2026-51030
Name of the Vulnerable Software and Affected Versions Microsoft Copilot affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to perform tampering over a network. Recommendations At th...
PT-2026-51038
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A flaw exists in the Enforce Password Policy feature. When a Super Admin enables this policy and updates their password to a compliant one, the backend fails to update the password-compliance state...
PT-2026-50838
Name of the Vulnerable Software and Affected Versions Blocksy Companion versions prior to 2.1.46 Description The Blocksy Companion plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings caused by insufficient input sanitization and output escaping. This allows...
PT-2026-50958
Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.4 Description The JoomRecipe component for Joomla contains a blind SQL injection flaw. This allows attackers to inject SQL code via POST requests to the search endpoint using the search author parameter. This can be used...
PT-2026-50845
Name of the Vulnerable Software and Affected Versions The Royal Addons for Elementor – Addons and Templates Kit for Elementor versions 1.7.1058 through 1.7.1059 Description An arbitrary file read issue exists due to the wpr get csv handle helper function. When the settings.table upload csv.url...
PT-2026-51109
Summary OpenBao users with access to the sys/leases/revoke/:lease id endpoint in any namespace can revoke leases in any other namespace as long as the lease identifier is known to them, bypassing ACLs that should apply for cross-namespace revocations. Impact OpenBao's namespaces provide...
PT-2026-55487
Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...
PT-2026-50929
Name of the Vulnerable Software and Affected Versions Joomla NextGen Editor version 2.1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL commands. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com nge and...
PT-2026-51029
Name of the Vulnerable Software and Affected Versions Quarkus versions prior to 3.37.0 Quarkus versions prior to 3.36.3 Quarkus versions prior to 3.33.3 Quarkus versions prior to 3.33.2.1 Quarkus versions prior to 3.27.5 Quarkus versions prior to 3.27.4.1 Quarkus versions prior to 3.20.6.2...
PT-2026-53780
Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...
PT-2026-50956
Name of the Vulnerable Software and Affected Versions Joomla! Component PHP-Bridge version 1.2.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending GET requests to the 'index.php' endpoint with the parameters option=com phpbridge and...
PT-2026-50880
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.2 through 3.16.0 Description An authentication bypass by spoofing exists in the jwt-auth plugin. This flaw allows an attacker to completely bypass authentication by using a spoofed token when certain configurations of...
PT-2026-50920
Name of the Vulnerable Software and Affected Versions Brother SAPSprint version 7.60 Description An unquoted service path issue exists in the SAPSprint service binary. This allows local attackers to escalate privileges by placing a malicious executable in the Program Files directory path, which i...
PT-2026-51114
Summary The CartController defines a RateLimiter behavior that is only activated when the 'number' POST/GET parameter is explicitly provided. Details When an attacker submits coupon codes against the session-based cart without passing a 'number' parameter, no rate limiting is applied. This allows...