PT-2026-42110

Name of the Vulnerable Software and Affected Versions memcached versions prior to 1.6.42 Description Password data for SASL password database authentication contains a timing side channel. This occurs because the sasl server userdb checkpass function utilizes memcmp, which can allow an attacker t...

PT-2026-42262

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...

PT-2026-42092

Name of the Vulnerable Software and Affected Versions NVIDIA Triton Inference Server versions prior to r26.03 Description An authentication bypass exists in the server that could allow an attacker to gain unauthorized access. Successful exploitation may result in code execution, escalation of...

PT-2026-42091

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure...

PT-2026-42222

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulti...

PT-2026-42217

NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

PT-2026-42221

ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...

PT-2026-42193

Name of the Vulnerable Software and Affected Versions Cisco Secure Workload versions prior to 3.10.8.3 Cisco Secure Workload versions prior to 4.0.3.17 Description Insufficient validation and authentication in the internal REST API endpoints of Cisco Secure Workload allow an unauthenticated, remo...

PT-2026-42263

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attacker...

PT-2026-42223

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 16.10.17 XWiki Platform versions prior to 17.4.9 XWiki Platform versions prior to 17.10.3 XWiki Platform versions prior to 18.1.0-rc-1 Description The 'POST /wikis/wikiName' API executes a XAR import without...

PT-2026-42228

Name of the Vulnerable Software and Affected Versions Drupal core versions 8.9.0 through 10.4.9 Drupal core versions 10.5.0 through 10.5.9 Drupal core versions 10.6.0 through 10.6.8 Drupal core versions 11.0.0 through 11.1.9 Drupal core versions 11.2.0 through 11.2.11 Drupal core versions 11.3.0...

PT-2026-42189

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...

PT-2026-42128

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1 Description An issue exists related to the parsing of long lists of incoming EDNS Extension Mechanisms for DNS options. An adversary can send queries containing an excessive number of EDNS options,...

PT-2026-42129

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1 Description An issue exists in the jostle logic that can degrade resolution performance. When the num-queries-per-thread limit is reached, the jostle logic identifies slow-resolving queries for...

PT-2026-42133

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1 Description An issue exists where promiscuous RRSets Resource Record Sets that complement DNS replies in the authority section can be used to trick the system into caching unauthorized records. An...

PT-2026-42368

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

PT-2026-42132

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1 Description A denial of service issue exists in the DNSSEC validator. When constructing chase-reply messages for validation, the software uses an incorrect counter to calculate write offsets for...

PT-2026-42130

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1 Description A flaw in the DNSSEC validator occurs when the code path used to consult the negative cache for DS records ignores the limit on NSEC3 hash calculations. An attacker controlling a DNSSEC...

PT-2026-42134

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1 Description An issue exists when handling replies with very large RRsets Resource Record sets that require name compression. Malicious upstream responses containing very large RRsets with records tha...

PT-2026-42162

Name of the Vulnerable Software and Affected Versions Microsoft Defender affected versions not specified Description A heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network. A heap-based buffer overflow occurs when an application writes mo...

PT-2026-42231

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description A use after free issue in WebRTC allows a remote attacker to execute arbitrary code via a crafted HTML page. Use after free is a memory corruption flaw that occurs when an application...

PT-2026-42242

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.179 Description An out of bounds read in the GPU allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. An out of bounds read...

PT-2026-42380

Grafana Tempo Operator Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in github.com/grafana/tempo-operator...

PT-2026-42183

Dell PowerFlex Manager, versions =4.6.2, contains an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

PT-2026-42172

Name of the Vulnerable Software and Affected Versions twig/intl-extra affected versions not specified Description IntlExtension memoises every IntlDateFormatter and NumberFormatter it creates in instance-level arrays. These arrays are keyed on a hash including locale, pattern, and attrs, which ar...

PT-2026-42096

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure...

PT-2026-42125

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.19.1 through 1.25.0 Description A flaw in the DNSSEC validator allows for denial of service and potential remote code execution. The issue occurs during the deep copying of a data structure when DS sub-queries...

PT-2026-42124

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.6.2 through 1.25.0 Description A denial of service issue exists when the software is compiled with DNSCrypt support using the --enable-dnscrypt flag. A specially crafted DNSCrypt query, where the decrypted plainte...

PT-2026-42127

Name of the Vulnerable Software and Affected Versions Unbound versions 1.16.2 through 1.25.0 Description An issue exists within the ghost domain names family of attacks that allows an adversary who controls a ghost zone and can query the system to extend the ghost domain window by up to one cache...

PT-2026-42131

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.14.0 through 1.25.0 Description A heap overflow occurs when encoding multiple NSID, DNS Cookie EDNS, and EDNS Padding options in a reply packet. This happens because a flaw in the size calculation of the EDNS fiel...

PT-2026-42174

Name of the Vulnerable Software and Affected Versions Twig versions prior to 3.26.0 Description When a sandbox is enabled selectively via SourcePolicyInterface rather than globally, a sandboxed template permitted to use template from string and include can render an arbitrary inner template witho...

PT-2026-42853

Уязвимость системы автоматизированного тестирования на проникновение связана с непринятием мер по нейтрализации специальных элементов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольные команды на сервере...

PT-2026-41949

Name of the Vulnerable Software and Affected Versions Panabit PAP-XM320 versions prior to 7.8 Description A command injection issue exists in the web management interface, which invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper uses the eval...

PT-2026-41954

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

PT-2026-41844

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

PT-2026-41855

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06 Description Apache OFBiz contains a hard-coded cryptographic key. This flaw may allow remote attackers to gain unauthorized access, expose sensitive data, or tamper with application data. Recommendations...

PT-2026-42043

Name of the Vulnerable Software and Affected Versions SQLFluff versions prior to 4.2.0 Description In deployments where untrusted users can provide SQL queries to be linted, a malicious actor can submit an excessively long query to any application using the parser. This action triggers a Denial o...

PT-2026-41986

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.703.2 Description Incorrect default permissions in nsjail sandbox configuration files allow the /etc directory to be bind-mounted without read-write restrictions. This enables authenticated users to write arbitrary...

PT-2026-41865

Name of the Vulnerable Software and Affected Versions Content Element Selector ceselector affected versions not specified Description The extension passes an attacker-controlled cookie directly to the unserialize function without safe processing. A remote, unauthenticated attacker can provide a...

PT-2026-41857

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

PT-2026-41820

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

PT-2026-41758

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.1.4 Discourse versions prior to 2026.3.1 Discourse versions prior to 2026.4.1 Discourse versions prior to 2026.5.0-latest.1 Description Outdated cached AI summaries can leak removed content to anonymous and...

PT-2026-41764

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.1.4 Discourse versions prior to 2026.3.1 Discourse versions prior to 2026.4.1 Discourse versions prior to 2026.5.0-latest.1 Description An authenticated user on an instance with the form templates feature enabl...

PT-2026-41761

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service DoS through the server due to uncontrolled disk space consumption. The download agent fil...

PT-2026-41763

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt platform/backend/backend/blocks/email block.py accepts a user-supplied smtp server string and smtp port integer as...

PT-2026-41762

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

PT-2026-41760

Name of the Vulnerable Software and Affected Versions Mullvad VPN versions prior to 2026.2-beta1 Description Mullvad VPN on macOS may allow local privilege escalation during installation or upgrade. The installer package executes binaries from '/Applications/Mullvad VPN.app' without verifying if...

PT-2026-41825

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

PT-2026-41826

Name of the Vulnerable Software and Affected Versions Samsung Open Source Walrus version f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9 Description A NULL pointer dereference allows pointer manipulation. A NULL pointer dereference occurs when a program attempts to read or write to a memory address that...

PT-2026-41815

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...