PT-2026-42215

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 18.1.0-rc-1 XWiki Platform versions prior to 17.10.3 XWiki Platform versions prior to 17.4.9 XWiki Platform versions prior to 16.10.17 Description Path Traversal allows unauthorized access to read configuration...

PT-2026-42253

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm call GET parameter directly into page output. Attackers can craft a malicious URL...

PT-2026-42255

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in street view.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

PT-2026-42250

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into an HTML attribute. Attackers can craft a...

PT-2026-42247

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.38 Description An issue exists in the ShadowAttribute proposal creation workflow where the add action accepts user-controlled request data without removing the id field before saving the record. Since the underlying...

PT-2026-42251

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into a hidden input field VALUE attribute...

PT-2026-42259

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.105.0 Frappe versions prior to 16.15.0 Description Frappe is a full-stack web application framework. A path traversal issue allows unauthenticated arbitrary file read on internet-facing surfaces, such as ERPNext. Ov...

PT-2026-42249

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id GET parameter directly into an HTML attribute. Attackers can craft a malicio...

PT-2026-42227

TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...

PT-2026-42260

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

PT-2026-42237

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux and ChromeOS versions prior to 148.0.7778.179 Description A type confusion issue exists in the GFX component. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbo...

PT-2026-42246

A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path such as an encode...

PT-2026-42243

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.179 Google Chrome on Linux versions prior to 148.0.7778.179 Google Chrome on ChromeOS versions prior to 148.0.7778.179 Description A heap buffer overflow in the Chromecast component allows ...

PT-2026-42242

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.179 Description An out of bounds read in the GPU allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. An out of bounds read...

PT-2026-42258

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm query POST parameter directly into an HTML input field VALUE attribute. Attacker...

PT-2026-42264

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

PT-2026-42233

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.179 Description An out of bounds read in the GPU allows a remote attacker to perform an out of bounds memory read by using a crafted HTML page. An out of bounds read occurs when a program reads...

PT-2026-42229

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended...

PT-2026-42218

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

PT-2026-42231

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description A use after free issue in WebRTC allows a remote attacker to execute arbitrary code via a crafted HTML page. Use after free is a memory corruption flaw that occurs when an application...

PT-2026-42216

Name of the Vulnerable Software and Affected Versions NVIDIA TensorRT affected versions not specified Description An issue exists where an attacker could cause an out-of-bounds write, which is a condition where data is written outside the boundaries of a pre-allocated fixed-length block of memory...

PT-2026-42219

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

PT-2026-42226

Name of the Vulnerable Software and Affected Versions Gift Cards For WooCommerce Pro versions prior to 4.2.7 Description An unrestricted file upload issue allows the use of malicious files with dangerous types. This flaw has been confirmed to be exploited in the wild. Recommendations Update to a...

PT-2026-42270

Name of the Vulnerable Software and Affected Versions Crypt::SaltedHash versions prior to 0.10 Description Crypt::SaltedHash for Perl generates insecure random values for salts because it utilizes the built-in rand function, which is predictable and unsuitable for cryptographic purposes...

PT-2026-42265

Name of the Vulnerable Software and Affected Versions Crypt::SaltedHash versions prior to 0.110.0 Description Crypt::SaltedHash for Perl is susceptible to timing attacks because it uses Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying hash...

PT-2026-42269

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

PT-2026-42268

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A PeerContact can...

PT-2026-42271

Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...

PT-2026-42272

Name of the Vulnerable Software and Affected Versions libsolv affected versions not specified Description A stack-based buffer overflow occurs in the Debian metadata parser of libsolv when processing specially crafted Debian repository metadata. An attacker can trigger this by providing malicious...

PT-2026-42274

Name of the Vulnerable Software and Affected Versions libsolv affected versions not specified Description A heap buffer overflow occurs when processing a specially crafted .solv file containing negative size values in the repo add solv function. This results in an undersized memory allocation and...

PT-2026-42392

Name of the Vulnerable Software and Affected Versions NVIDIA RTX 50, 40, 30, and 20 series cards affected versions not specified NVIDIA GTX 16, 10, 900, and some GTX 700 cards affected versions not specified Description A use-after-free issue exists on Linux systems that could allow attackers to...

PT-2026-42385

Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia...

PT-2026-42390

It was discovered that GStreamer Good Plugins incorrectly handled certain MOV/MP4 media files. A remote attacker could use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code...

PT-2026-42372

CoreDNS' DoQ worker pool does not bound stream backlog in github.com/coredns/coredns...

PT-2026-42376

Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change in github.com/daptin/daptin...

PT-2026-42386

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

PT-2026-42384

MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry...

PT-2026-42374

DevGuard has an unauthenticated identity assertion via X-Admin-Token header in github.com/l3montree-dev/devguard...

PT-2026-42369

Nuclei: Local File Read via require Module Loader Bypass in github.com/projectdiscovery/nuclei...

PT-2026-42375

Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes in github.com/gotenberg/gotenberg...

PT-2026-42370

monetr: Server-side request forgery in Lunch Flow link creation and refresh in github.com/monetr/monetr...

PT-2026-42371

NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb...

PT-2026-42381

Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor...

PT-2026-42367

openvpn-auth-oauth2 returns FUNC SUCCESS on client-deny, allowing unauthenticated VPN access in github.com/jkroepke/openvpn-auth-oauth2...

PT-2026-42366

goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...

PT-2026-42365

Vikunja vulnerable to Privilege Escalation via Project Reparenting in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

PT-2026-42377

SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE in github.com/siyuan-note/siyuan/kernel...

PT-2026-42373

ydb-go-sdk's transactions are not committed using the options.WithCommit option on last call table.Transaction.Execute in transaction in github.com/ydb-platform/ydb-go-sdk...

PT-2026-42380

Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in github.com/grafana/tempo-operator...

PT-2026-42383

SiYuan Bazaar marketplace renders unescaped package name and version metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel...