184382 matches found
PT-2026-56896
Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without...
PT-2026-56900
Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...
PT-2026-56902
Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4, Metabase instances with an H2 database connection, including the default sample database, deserialize arbitrary Java objects returned in H2 native query result columns ...
PT-2026-56897
Name of the Vulnerable Software and Affected Versions Hoppscotch versions prior to 2026.6.0 Description The updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER SMTP URL value. Additionally, the validateSMTPUrl function in utils.ts permits path,...
PT-2026-56898
Name of the Vulnerable Software and Affected Versions Ruflo versions prior to 3.16.3 Description The default docker-compose deployment exposes the MCP bridge endpoints 'POST /mcp' and 'POST /mcp/:group' without authentication. This allows an unauthenticated network attacker to invoke the terminal...
PT-2026-56985
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...
PT-2026-56986
An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...
PT-2026-56987
A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable. If an MX Series device is...
PT-2026-56999
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description Insufficient SVG sanitization during the handling of uploads and user avatars can...
PT-2026-57000
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description A stored cross-site scripting issue exists where a malicious second factor name on ...
PT-2026-56998
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...
PT-2026-56978
A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon iked of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On an MX with SPC3 and SRX devices configured for VPN service,...
PT-2026-56975
Name of the Vulnerable Software and Affected Versions Junos OS on SRX Series versions prior to 23.2R2-S7 Junos OS on SRX Series versions prior to 23.4R2-S8 Junos OS on SRX Series versions prior to 24.2R2-S4 Junos OS on SRX Series versions prior to 24.4R2-S4 Junos OS on SRX Series versions prior t...
PT-2026-56984
A Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. As part of the stateful...
PT-2026-56980
Name of the Vulnerable Software and Affected Versions Junos OS on MX Series with SPC3 and SRX Series versions prior to 23.2R2-S7 Junos OS on MX Series with SPC3 and SRX Series versions 23.4 prior to 23.4R2-S8 Junos OS on MX Series with SPC3 and SRX Series versions 24.2 prior to 24.2R2-S5 Junos OS...
PT-2026-56981
A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX Series devices allows an unauthenticated adjacent attacker to cause a Denial-of-Service DoS.When sFlow is configured in a Virtual Chassis VC scenario...
PT-2026-56903
LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0...
PT-2026-56904
The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov exposes an API endpoint that returns court reminder records containing potentially sensitive information without authentication...
PT-2026-56818
An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharing group id without triggering the corresponding sharing group authorization check, as long as the attribute distribution value was not explicitly...
PT-2026-56806
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized...
PT-2026-56882
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, get event call delivered execute:python and execute:tool Socket.IO events to a client-supplied session id after checking only that the session was connected, allowing authenticated users who...
PT-2026-57009
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An unauthenticated publish visitor can perform a UNION SELECT injection via the block search endpoint 'POST /api/search/fullTextSearchBlock'. The issue occurs because the endpoint concatenates...
PT-2026-57004
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description Post revisions intended to be hidden from regular users may be leaked through visib...
PT-2026-57011
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An authenticated administrator or API-token user can exfiltrate sensitive files from the host system. The 'POST /api/file/globalCopyFiles' endpoint accepts absolute source paths and uses the...
PT-2026-57012
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description In the Asset.render function within app/src/asset/index.ts, the unsanitized this.path variable is interpolated into HTML assigned to innerHTML. A crafted asset link containing a double quote can break...
PT-2026-56996
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...
PT-2026-56901
Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...
PT-2026-56700
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner identified by email address to read, reply to, and close that person's support tickets...
PT-2026-56702
The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated media-proxying endpoint, allowing anonymous users to make the site fetch arbitrary URLs, including internal and private-network addresses, and read back...
PT-2026-56703
The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...
PT-2026-56698
The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via...
PT-2026-56701
The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check is only applied when an attacker-controllable request header holds a specific value, so it can be bypassed by omitting or...
PT-2026-56699
The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...
PT-2026-56811
Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg tls server recv hello, which uses an attacker-controlled session id len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote,...
PT-2026-56821
A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request...
PT-2026-57243
These are all security issues fixed in the rclone-1.74.4-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-56921
Name of the Vulnerable Software and Affected Versions OpenPLC Runtime version 3 Description An authenticated arbitrary file write exists in the legacy web UI program-upload workflow. The application stores an attacker-supplied filename prog file into the Programs.File database field and uses this...
PT-2026-56697
The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the update user function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...
PT-2026-56939
Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...
PT-2026-56881
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parent id to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose...
PT-2026-56944
Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...
PT-2026-56770
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new event type background color' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it...
PT-2026-56977
An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service DoS. When TCP proxy is engaged in a flow session,...
PT-2026-56891
A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415 B20250515/9.1.0cu.2350 B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched...
PT-2026-57022
Impact What kind of vulnerability is it? Who is impacted? A verifier configured with WithTransparencyLogN1 or WithSignedCertificateTimestampsN1 expected defense-in-depth against the compromise of a single log instance. However, threshold counting counted verified witnesses per-entry or...
PT-2026-56982
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internall...
PT-2026-56928
An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS.Micro-BFD session flaps generate respective up/down events which are queued by PFEMAN for...
PT-2026-57342
Name of the Vulnerable Software and Affected Versions RoundCube versions prior to 1.7 Description A stored cross-site scripting XSS flaw exists where an unescaped attachment MIME type is displayed on the attachment-validation warning page. An attacker can craft a malicious MIME type string that,...
PT-2026-56798
A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub read idx of the file /src/media tools/vobsub.c of the component MP4Box. Executing a manipulation of the argument num langs can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has be...
PT-2026-56807
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...