PT-2026-42524

Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT SSL VERIFYPEER to false and not setting CURLOPT SSL VERIFYHOST when issuing outbound HTTPS requests for Google Maps Directions API lookups during incident report generation. An attacker...

PT-2026-42454

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the udlfb component of the fbdev subsystem. The dlfb ops mmap function uses remap pfn range to map vmalloc framebuffer pages to userspace without setting...

PT-2026-42577

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/backend/file' endpoint within the approveVersion function. CSRF is a flaw that allows an attacker to induce a user to perfo...

PT-2026-42476

Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the check template.cpp, check template function, tokenize cleanup function,...

PT-2026-42461

Name of the Vulnerable Software and Affected Versions Request Tracker versions 5.0.4 through 5.0.9 Request Tracker versions 6.0.0 through 6.0.2 Description Reflected cross-site scripting XSS occurs via the Page parameter in GET requests. This allows an attacker to craft a URL that executes...

PT-2026-42399

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A use-after-free issue exists where a file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that descriptor. Since the blocked thread does not ho...

PT-2026-42453

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel panic can occur in the Linux kernel when a Random Early Detection RED queueing discipline qdisc has children, such as a Fair Queueing FQ qdisc, whose peek callback is qdisc peek...

PT-2026-42438

A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT ATTNQUANT switch case to fall through into DSIOPT SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI...

PT-2026-42468

Name of the Vulnerable Software and Affected Versions Trend Micro TrendAI Apex One affected versions not specified TrendAI Apex One as a Service affected versions not specified Description An origin validation issue in the Apex One/SEP agent allows a local attacker to escalate privileges. This fl...

PT-2026-42051

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description An authorization bypass exists in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR...

PT-2026-42052

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description An integer overflow exists in the compressed-token decoder due to a 32-bit signed counter that is not checked for overflow. A malicious sender can trigger this overflow, causing the receiver process to...

PT-2026-42055

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description An off-by-one out-of-bounds stack write exists in the establish proxy connection function within socket.c. Network attackers can corrupt stack memory by sending a malformed HTTP proxy response. This...

PT-2026-42054

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description A receiver-side out-of-bounds array read exists in the recv files function within receiver.c. A malicious rsync server can trigger a deterministic SIGSEGV crash of the rsync client process by setting C...

PT-2026-42053

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description A symlink race condition exists in path-based system calls, including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat. Local attackers with filesystem access can...

PT-2026-42066

Name of the Vulnerable Software and Affected Versions Anomify AI – Anomaly Detection and Alerting plugin for WordPress versions prior to 0.3.7 Description The plugin is subject to Stored Cross-Site Scripting, a condition where malicious scripts are permanently stored on the target server. The iss...

PT-2026-42067

Name of the Vulnerable Software and Affected Versions Bigfishgames Syndicate versions prior to 1.3 Description The Bigfishgames Syndicate plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because the bigfishgames syndicate submenu function lacks proper nonce...

PT-2026-42063

Name of the Vulnerable Software and Affected Versions General Options versions prior to 1.1.1 Description The General Options plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the sanitize text field function is used for output escaping in the Contact Number a...

PT-2026-42078

Name of the Vulnerable Software and Affected Versions BLOGCHAT Chat System versions prior to 1.3.6.4 Description The BLOGCHAT Chat System plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs due to missing or incorrect nonce validation—a security token used to ensure...

PT-2026-42083

Name of the Vulnerable Software and Affected Versions SponsorMe versions prior to 0.5.3 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. This occurs when a user is tricked into clicking a crafted link. The...

PT-2026-42062

Name of the Vulnerable Software and Affected Versions Sticky versions prior to 2.5.7 Description The Sticky plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the cvmh sticky front render function fails to properly sanitize input and escape output for the...

PT-2026-42057

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

PT-2026-42075

Name of the Vulnerable Software and Affected Versions Faces of Users versions prior to 0.0.4 Description The Faces of Users plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the default attribute of the...

PT-2026-42074

Name of the Vulnerable Software and Affected Versions Read More & Accordion versions prior to 3.5.8 Description The Read More & Accordion plugin for WordPress contains a time-based blind SQL Injection. This occurs because the orderby parameter is processed using esc attr and esc sql but is...

PT-2026-42072

Name of the Vulnerable Software and Affected Versions VatanSMS WP SMS versions prior to 1.02 Description The VatanSMS WP SMS plugin for WordPress contains a Reflected Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to...

PT-2026-42079

Name of the Vulnerable Software and Affected Versions JaviBola Custom Theme Test versions prior to 2.0.6 Description The JaviBola Custom Theme Test plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw, which occurs when a web application allows an attacker to induce a user to...

PT-2026-42069

Name of the Vulnerable Software and Affected Versions Logo Manager For Enamad versions prior to 0.7.5 Description The Logo Manager For Enamad plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user-supplied...

PT-2026-42077

Name of the Vulnerable Software and Affected Versions Amazon Scraper versions prior to 1.2 Description The Amazon Scraper plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because of missing or incorrect nonce validation—a security token used to ensure requests are...

PT-2026-42080

Name of the Vulnerable Software and Affected Versions Remove Yellow BGBOX versions prior to 1.1 Description The Remove Yellow BGBOX plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to do...

PT-2026-42064

Name of the Vulnerable Software and Affected Versions Child Height Predictor by Ostheimer versions prior to 1.4 Description The plugin is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a user into performing actions they did not intend to. This occurs because the...

PT-2026-42076

Name of the Vulnerable Software and Affected Versions Games Catalog versions prior to 1.2.1 Description The Games Catalog plugin for WordPress is susceptible to Cross-Site Request Forgery, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs because...

PT-2026-42068

Name of the Vulnerable Software and Affected Versions Account Switcher versions prior to 1.0.3 Description The Account Switcher plugin for WordPress allows authenticated attackers with Subscriber-level access or higher to escalate privileges to any user account, including Administrator. This occu...

PT-2026-42082

Name of the Vulnerable Software and Affected Versions LJ comments import: reloaded versions prior to 0.97.2 Description The LJ comments import: reloaded plugin for WordPress contains a Reflected Cross-Site Scripting issue caused by insufficient input sanitization and output escaping...

PT-2026-42073

Name of the Vulnerable Software and Affected Versions Read More & Accordion versions prior to 3.5.8 Description The plugin is subject to privilege escalation because the RadMoreAjax::importData function fails to restrict which database tables can be written to during import and does not properly...

PT-2026-42058

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliver pos rest authentication...

PT-2026-42084

Name of the Vulnerable Software and Affected Versions Correct Prices versions prior to 1.1 Description The Correct Prices plugin for WordPress is subject to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation, allowing an...

PT-2026-42071

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyel handle register' function not restricting what user roles a user can register with...

PT-2026-42081

Name of the Vulnerable Software and Affected Versions TypeSquare Webfonts for ConoHa versions prior to 2.0.5 Description The plugin fails to properly verify if a user is authorized to perform specific actions, leading to an authorization bypass. Authenticated attackers with subscriber-level acces...

PT-2026-42056

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout uuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of sufficient...

PT-2026-42059

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the create admin page function. This makes it possible for unauthenticated attacke...

PT-2026-42070

Name of the Vulnerable Software and Affected Versions ProSolution WP Client versions prior to 2.0.1 Description The ProSolution WP Client plugin for WordPress allows unauthenticated attackers to upload malicious PHP files, potentially leading to remote code execution. This occurs due to an array...

PT-2026-42065

Name of the Vulnerable Software and Affected Versions Bottom Bar versions prior to 0.1.8 Description The Bottom Bar plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to do. The issue exists ...

PT-2026-42061

Name of the Vulnerable Software and Affected Versions Word 2 Cash versions prior to 0.9.3 Description The Word 2 Cash plugin for WordPress is subject to Cross-Site Request Forgery CSRF which can lead to Stored Cross-Site Scripting XSS. This occurs because the w2c admin function lacks nonce...

PT-2026-42085

Name of the Vulnerable Software and Affected Versions Infility Global versions prior to 2.15.17 Description The Infility Global plugin for WordPress contains a flaw allowing authenticated attackers with Subscriber-level access and above to extract sensitive information from the database. This...

PT-2026-42089

Name of the Vulnerable Software and Affected Versions NVIDIA TRT-LLM affected versions not specified Description An issue exists where an unchecked return value can lead to a null pointer dereference, which occurs when a program attempts to read or write to a memory location using a pointer that ...

PT-2026-42091

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure...

PT-2026-42093

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service...

PT-2026-42098

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service...

PT-2026-42095

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service...

PT-2026-42097

Name of the Vulnerable Software and Affected Versions NVIDIA Triton Inference Server affected versions not specified Description An integer overflow exists in the DALI backend. This issue could allow an attacker to achieve code execution, tamper with data, or cause a denial of service...

PT-2026-42102

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current url' and 'user name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes...