184873 matches found
PT-2026-50992
Name of the Vulnerable Software and Affected Versions Joomla! Component vAccount version 2.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the 'vaccount-dashboard/expense'...
PT-2026-50995
Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. This is achieved by submitting POST requests to the...
PT-2026-50890
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description A NULL pointer dereference occurs in the data moniker service of NI grpc-device. A NULL pointer dereference is a condition where a program attempts to read or write to a memory address that i...
PT-2026-50925
Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The AbstractGenerator::$temporaryFiles public array allows any code with a reference to a generator instance to...
PT-2026-50972
Summary In affected versions, the OAuth2 token request sends app id, app secret, refresh token and code as URL query parameters of the POST request to https://oauth./oauth/api/oauth2/token. Request URLs are commonly recorded in access logs, proxy logs and APM traces, so the application secret and...
PT-2026-50830
Name of the Vulnerable Software and Affected Versions Classified Listing – Classified ads & Business Directory versions prior to 5.4.3 Description The plugin contains a missing authorization flaw in the gallery image update as feature AJAX handler action: rtcl fb gallery image update as feature...
PT-2026-50848
Name of the Vulnerable Software and Affected Versions WP Hotel Booking versions prior to 2.3.1 Description Several AJAX handlers do not enforce capability checks, which allows authenticated users with Subscriber-level access to read booking line items of other users, enumerate active coupons, and...
PT-2026-50906
Name of the Vulnerable Software and Affected Versions Comodo Chromodo Browser version 52.15.25.664 Description The ChromodoUpdater service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker to place a malicious executable within the service path to...
PT-2026-50913
Name of the Vulnerable Software and Affected Versions Matrix42 Remote Control Host version 3.20.0031 Description An unquoted service path issue exists in the FastViewerRemoteService and FastViewerRemoteProxy services. This allows local users to execute arbitrary code with SYSTEM privileges by...
PT-2026-50948
Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description The GridTime 3000 GNSS Time Server contains an open redirect issue within the password change form submission. An open redirect occurs when an application takes a user-provided URL an...
PT-2026-51204
CVE ID :CVE-2026-6716 Published : June 18, 2026, 10:19 p.m. | 3 hours, 52 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-53768
Summary The Order::setPaymentAmount method accepts any float value without enforcing a minimum positive amount. The PaymentsController casts the user-supplied 'paymentAmount' parameter directly to float with no lower-bound check. Details When the store has 'Allow Partial Payment on Checkout'...
PT-2026-53764
Summary EnvironmentManager.restoreenv, backupId computes the backup path with joinenvDir, '.backups', backupId and only checks that this path exists. It does not resolve the result or verify that it remains under data//.backups. A caller can pass a traversal backup ID such as...
PT-2026-53795
Hugo's default code-block renderer wrote the Markdown code-fence language / info-string into the wrapper without HTML escaping. A fence info-string containing a quote and a payload breaks out of the attribute and injects a live script element. This is not an issue if you fully trust every file...
PT-2026-53796
Impact The default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals e.g. http://127.0.0.1/, http://169.254.169.254/. The deny rule only matched dotted-decimal notation, so alternate IPv4 encodings of the same addresses — integer, hex, or octal, whi...
PT-2026-53800
Summary ChatterBot's UbuntuCorpusTrainer.extract uses a predictable, home-rooted output directory /ubuntu data/ubuntu dialogs with a check-then-create pattern if not os.path.exists: os.makedirs followed by tar.extractallpath=self.data path. A local attacker who pre-plants a symlink at the...
PT-2026-53803
Unbounded Response Body Read Bypasses URL Size Limit in web url read Summary The web url read MCP tool in mcp-searxng enforces its 5 MiB response-size limit exclusively by inspecting the Content-Length header of a preliminary HEAD request. When a server omits Content-Length — a standard HTTP...
PT-2026-53784
Arbitrary Cloudinary API Parameter Signing in @jhb.software/payload-cloudinary-plugin Summary @jhb.software/payload-cloudinary-plugin v0.3.4 exposes a server-side signing endpoint POST /api/cloudinary-generate-signature that passes attacker-supplied paramsToSign directly to cloudinary.utils.api...
PT-2026-53782
Impact A stored cross-site scripting XSS vulnerability affected the Markdown/RichText field preview renderer in Sveltia CMS. The DOMPurify sanitization configuration used for Markdown previews explicitly permitted iframe elements without enforcing a sandbox attribute or restricting iframe sources...
PT-2026-53647
Root has patched GHSA-458j-xx4x-4375 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
PT-2026-53775
Summary A GitHub Actions workflow is vulnerable to command injection through the issue title. The workflow is triggered when an issue is opened or closed, and it directly inserts github.event.issue.title into a Bash variable assignment. If an issue title contains command substitution syntax, Bash...
PT-2026-53774
Affected versions: v0.123.0 through v0.163.0. Earlier versions are not affected. Fixed in: v0.163.1. Severity: Medium. Requires the attacker to be able to place or convince a site author to place a symlink inside a mounted directory — for example, inside a locally-vendored theme under themes/...
PT-2026-53798
Impact Uni-CLI versions before 0.225.2 exposed the legacy JSON-RPC-over-HTTP MCP transport on loopback without validating browser Origin headers before routing requests. A malicious web page could send a CORS simple POST request, such as text/plain, to the local /mcp endpoint and deliver a JSON-R...
PT-2026-53797
Summary vcrpy deserializes YAML cassette files with PyYAML's object-constructing loader yaml.CLoader / yaml.Loader instead of the safe loader yaml.CSafeLoader / yaml.SafeLoader. A cassette containing a !!python/object/apply: or similar tag therefore executes arbitrary Python code the moment the...
PT-2026-53791
DNS-resolved Private Hostname SSRF in web url read Summary The web url read MCP tool in mcp-searxng is vulnerable to Server-Side Request Forgery SSRF via DNS rebinding bypass. The assertUrlAllowed function at src/url-reader.ts:85-93 validates only the syntactic hostname string against a private...
PT-2026-53804
Summary On a multi-tenant stigmem node, a tenant administrator could list, read, and admit or reject quarantined facts belonging to other tenants. The list/count queries and get quarantined fact in routes/quarantine.py lacked an f.tenant id = identity.tenant id predicate, and the garden lookup wa...
PT-2026-51106
Summary The user supplied class value is fed directly into the sprintf call that creates HTML. You can add a quote to escape the class and then inject arbitrary html/javascript to the final output. Details The template here adds a figure with a class that is substituted in. This value is provided...
PT-2026-51107
Summary With $wgEmbedVideoRequireConsent enabled the default, the urls for videos are stored in a json-ified data attributedata-mw-iframeconfig. When given a malformed url or id, the data-mw-iframeconfig attribute can be escaped via single quotes, allowing for html/javascript injection. Details T...
PT-2026-51051
Name of the Vulnerable Software and Affected Versions Symfony UX LiveComponent versions prior to 2.x Symfony UX LiveComponent versions prior to 3.x Description The createHtml function in SymfonyUXLiveComponentUtilChildComponentPartialRenderer interpolates the $childTag variable directly into the...
PT-2026-51011
Name of the Vulnerable Software and Affected Versions Grafana Tempo affected versions not specified Description A TraceQL query containing a large exemplars hint value can lead to excessive memory allocation within the Tempo instance. This condition may result in an out-of-memory crash, allowing ...
PT-2026-53651
This update for xwayland fixes the following issues: - CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 - Font Alias Stack-based Buffer Overflow. bsc1266294 - GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write. bsc1266300 - XKB Key Types Stack-based Buffer Overflow. bsc12662...
PT-2026-53772
PathFilter's deny-list glob patterns are anchored, so .git, .obsidian, and node modules were only blocked at the vault root. Nested copies inside the vault e.g. tools/cli/node modules/..., tools/somerepo/.git/config, a nested .obsidian/ were fully traversable via isAllowed/isAllowedForListing...
PT-2026-53788
Summary AgentRuntime promises scoped file access under a configured sandbox basePath, but its path containment checks use raw string prefix tests. A sandbox base such as /tmp/network-ai-sandbox also matches a sibling path such as /tmp/network-ai-sandbox evil/secret.txt. An agent/user that can cal...
PT-2026-53799
Kozou compiles a PostgreSQL schema into an Admin UI, a REST API, and an MCP server. Several hardening gaps in the bundled HTTP surfaces and the scaffolded dev stack are fixed in 1.8.1. Issues 1. MCP HTTP server lacked DNS-rebinding protection. The Streamable HTTP transport is unauthenticated and...
PT-2026-53785
A record user could read field values hidden from them by field-level SELECT permissions by reaching the records through a graph-edge - or back-reference SELECT FROM knows, person:bobknows-SELECT FROM person — returned it intact. The root cause: the shared resolve record batch helper used by...
PT-2026-54449
This update for xwayland fixes the following issues: - CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 - Font Alias Stack-based Buffer Overflow. bsc1266294 - GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write. bsc1266300 - XKB Key Types Stack-based Buffer Overflow. bsc12662...
PT-2026-50867
AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...
PT-2026-50912
Name of the Vulnerable Software and Affected Versions AnyDesk version 2.5.0 Description An unquoted service path issue exists in the service installation, allowing local users to execute arbitrary code with SYSTEM privileges. This occurs when a service path contains spaces and is not enclosed in...
PT-2026-51003
Name of the Vulnerable Software and Affected Versions Joomla com booking component version 2.4.9 Description An information disclosure issue allows unauthenticated attackers to enumerate user accounts. By exploiting the getUserData function in the customer controller, attackers can send GET...
PT-2026-50829
Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP affected versions not specified Description An Expected Behavior Violation allows a remote attacker to cause a denial-of-service DoS condition. By continuously...
PT-2026-50881
Name of the Vulnerable Software and Affected Versions FlexNet Manager Suite 2025 R1 Description An issue exists where an authenticated user with read-only access to account settings can escalate their privileges to the Administrator level. Recommendations At the moment, there is no information...
PT-2026-51089
Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj is a JSON parser and Object marshaller for Ruby. The Oj.load function is susceptible to heap corruption when processing a JSON string exceeding 2 GB. An integer overflow occurs within the buf append...
PT-2026-50897
Name of the Vulnerable Software and Affected Versions Line Desktop MCP versions prior to 1.1.2 Description Line Desktop MCP allows users to operate the LINE Desktop application on Windows or Mac via Model Context Protocol MCP. When using the --http-mode Streamable HTTP transport, the server binds...
PT-2026-51054
Name of the Vulnerable Software and Affected Versions Symfony UX LiveComponent versions prior to 2.x Symfony UX LiveComponent versions prior to 3.x Description Methods annotated with LiveAction in symfony/ux-live-component are invokable from the browser to mutate server-side state via AJAX. The...
PT-2026-50933
Name of the Vulnerable Software and Affected Versions Joomla Survey Force Deluxe version 3.2.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the component containing crafted S...
PT-2026-50994
Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An unrestricted file upload issue allows authenticated attackers to upload arbitrary PHP files. This is achieved by submitting malicious files through the profile pic parameter via POST request...
PT-2026-50833
Name of the Vulnerable Software and Affected Versions Hitachi Virtual Storage Platform E990, E1090, E1090H versions prior to DKCMAIN Ver.93-07-21-80/00-05, CHBiSCSI Ver.88-01-02-04 Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H versions prior to DKCMAIN...
PT-2026-53765
Summary When parsing a WSDL or XSD document, python-zeep follows transitive references — xsd:import, xsd:include, wsdl:import, and lxml entity/DTD resolution — and will fetch http/https URLs found in those references. The Settings.forbid external option, intended to disable this transitive remote...
PT-2026-50973
Summary The public GraphQL resolvers getFormDefinitionByObjectenApiUrlurl and the deprecated getFormDefinitionByIdid fetch a caller-supplied URL using the privileged Objecten-API token. Because the /graphql endpoint is permitAll and these resolvers do not declare a CommonGroundAuthentication...
PT-2026-53331
Gradle Wrapper Execution During Dependency Discovery Enables Arbitrary Code Execution Summary agent-coderag unconditionally executes a repository-controlled gradlew script during its default sync dependency-discovery flow. An attacker who can induce a victim to index a malicious Gradle repository...