175506 matches found
PT-2026-41942
Name of the Vulnerable Software and Affected Versions BillaBear versions prior to Jan 2026 Description An issue exists in the EventRepository where user-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using the sprintf function withou...
PT-2026-41945
Name of the Vulnerable Software and Affected Versions APScheduler affected versions not specified Description The JSONSerializer and CBORSerializer are subject to Remote Code Execution RCE through insecure deserialization. The unmarshal object function enables arbitrary class instantiation and...
PT-2026-41943
Name of the Vulnerable Software and Affected Versions LalanaChami Pharmacy Management System version 5c3d028 Description Unauthenticated remote attackers can escalate privileges by self-assigning an administrative role during the registration process. This occurs because the '/api/user/signup'...
PT-2026-41946
Name of the Vulnerable Software and Affected Versions hitarth-gg Zenshin versions prior to 2.7.0 Description An OS command injection flaw exists in the '/stream-to-vlc' Express route. This allows remote attackers to execute arbitrary commands on the host operating system by manipulating the url...
PT-2026-41941
Name of the Vulnerable Software and Affected Versions scalar/astro version 0.1.13 Description A Server-Side Request Forgery SSRF exists in the Scalar Proxy endpoint. Unauthenticated attackers can use the scalar url query parameter to force the backend server to send HTTP requests to URLs under...
PT-2026-41944
Name of the Vulnerable Software and Affected Versions LalanaChami Pharmacy Management System version 5c3d028 Description Certain API endpoints lack authentication middleware, allowing unauthenticated remote attackers to access sensitive data and perform unauthorized actions. Specifically, the...
PT-2026-41947
An improper authentication vulnerability was discovered in the Motorola Factory Test component com.motorola.motocit. The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing...
PT-2026-41993
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...
PT-2026-41992
Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description An issue exists in the handle compose command function within kitty/graphics.c where bounds validation on composition offsets uses unsigned 32-bit arithmetic. This process is subject to integer...
PT-2026-42000
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux zSeries, AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges. This issue affects Automic...
PT-2026-41997
Name of the Vulnerable Software and Affected Versions LIVE555 versions prior to 2026.04.22 Description An authorization bypass exists in the RTSP session command handling. This allows attackers to replay valid Session tokens from unauthenticated connections. By obtaining a valid Session token, an...
PT-2026-41996
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.1.4 Discourse versions prior to 2026.3.1 Discourse versions prior to 2026.4.1 Discourse versions prior to 2026.5.0-latest.1 Description A flaw in the discourse-subscriptions plugin allows users to gain access t...
PT-2026-41998
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...
PT-2026-41995
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description An unsigned integer underflow occurs in the Chunk constructor when processing a crafted HEIF sequence file containing samples per chunk=0 in the stsc box. This causes all samples to map to an empty...
PT-2026-41983
Name of the Vulnerable Software and Affected Versions BYD Atto3 affected versions not specified Description An attacker can obtain a permanently available authentication key through a Brute Force attack. This key allows unauthorized flashing of the Electronic Parking Break EPB and Supplemental...
PT-2026-41988
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...
PT-2026-41990
In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage...
PT-2026-41985
Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description A heap buffer overflow exists in the load image data function. This occurs when a process writes to the terminal's stdin using a single APC graphics protocol command with a PNG format declaration f=10...
PT-2026-41989
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...
PT-2026-41957
Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...
PT-2026-41999
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
PT-2026-41973
Name of the Vulnerable Software and Affected Versions guardrails-ai version 0.10.1 Description A malicious version of the Python framework was published to PyPI. The package was identified by security researchers and quarantined by PyPI within approximately two hours of publication. Telemetry and...
PT-2026-41968
Summary The Mailpit SMTP server has a Server.MaxSize int field that controls the maximum allowed DATA payload size, but the field is never assigned anywhere outside test code, leaving it at Go's zero value 0 ⇒ "no limit". The same applies to the HTTP /api/v1/send endpoint, whose request body is...
PT-2026-41977
Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description A stored cross-site scripting XSS issue exists due to improper sanitization of elements. The application permits the use of javascript: URIs within the src attribute, which execute when a malicious...
PT-2026-41970
Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...
PT-2026-41971
Summary The original fix for GHSA-3v3m-wc6v-x4x3 is incomplete. argocd app diff --server-side-diff can still expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation. The prior fix masks top-level Secret data in ServerSideDiff responses, but it...
PT-2026-41984
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for clean start=0...
PT-2026-41972
Name of the Vulnerable Software and Affected Versions Strawberry GraphQL versions 0.288.4 through 0.315.3 Description The bundled GraphiQL template in Strawberry GraphQL writes values from the headers editor into the browser URL query string. This occurs because the strawberry/static/graphiql.htm...
PT-2026-41978
Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description A stored cross-site scripting XSS issue exists due to improper sanitization of the component. The application fails to validate user-supplied input in the source and source-data attributes, allowing...
PT-2026-41974
Name of the Vulnerable Software and Affected Versions @haxtheweb/open-apis versions 9.0.1 through 25.x Description Multiple functions perform substring-only matching to validate hostnames for basic authorization. This allows an attacker to append matched substrings to an attacker-controlled...
PT-2026-41979
Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An attack chain combining Stored XSS and dynamic token exposure allows an authenticated attacker to perform a complete cross-tenant account takeover. The system is vulnerable to Stored XSS through...
PT-2026-41975
Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An authenticated Server-Side Request Forgery SSRF allows users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and...
PT-2026-41976
Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description The hmacBase64 function in the HAXcms Node.js backend contains two cryptographic implementation errors. First, the function uses a hardcoded string "0" as the HMAC signing key instead of the intende...
PT-2026-41969
Name of the Vulnerable Software and Affected Versions Algernon version 1.17.6 Description An issue exists where the software performs an unbounded upward search for a file named handler.lua when a request is made for a URL path that resolves to a directory without an index file. This search can...
PT-2026-41962
Name of the Vulnerable Software and Affected Versions Nuxt versions 3.4.3 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 Description When using the navigateTo function with the external: true option, the software generates a server-side HTML redirect body containing a tag. The destinati...
PT-2026-41960
Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...
PT-2026-41958
Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description The SSH transport in go-git constructs the remote exec command by wrapping the repository path in single quotes but fails to escape single quotes embedded within that path. This allows a repository path...
PT-2026-41964
This report is not about a normal textual prefix-expansion case. The issue here is that the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different confi...
PT-2026-41959
Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description A path validation issue allows crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. This occurs because the software drifted from...
PT-2026-41966
Summary The mailpit dump --http sub-command downloads every message from a remote Mailpit instance and writes each one as .eml inside the user-supplied output directory. The message ID field is taken verbatim from the JSON response of the remote server and concatenated into the output path with...
PT-2026-41965
Summary The fix for GHSA-6jxm-fv7w-rw5j CVE-2026-23845, "Server-Side Request Forgery SSRF via HTML Check API", shipped in mailpit v1.28.3, hardened internal/htmlcheck/css.go::downloadCSSToBytes with a 5MB size cap, a text/css content-type check, login-info stripping in isValidURL, and an opt-in...
PT-2026-41967
Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...
PT-2026-41956
Name of the Vulnerable Software and Affected Versions idna versions prior to 3.14 Description A specially crafted argument passed to the idna.encode function can consume significant system resources, potentially leading to a denial-of-service. This occurs because payloads containing specific...
PT-2026-41963
Name of the Vulnerable Software and Affected Versions @nuxt/rspack-builder versions 3.15.4 through 3.21.5 @nuxt/rspack-builder versions 4.0.0-alpha.1 through 4.4.5 @nuxt/webpack-builder versions 3.15.4 through 3.21.5 @nuxt/webpack-builder versions 4.0.0-alpha.1 through 4.4.5 Description An...
PT-2026-42001
Name of the Vulnerable Software and Affected Versions Apache Airflow affected versions not specified Description JWT tokens used by workers in Kubernetes Executors are exposed to users with read-only access to Kubernetes Pods. This exposure allows users with limited permissions to perform actions...
PT-2026-42006
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description When decoding a HEIF grid image with strict decoding set to false the default, a corrupted tile may fail to decode silently. The library returns heif error Ok without indicating failure, resulting i...
PT-2026-42007
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description A heap buffer over-read exists in the HeifPixelImage::overlay function within libheif/pixelimage.cc. This occurs when compositing an overlay image where the child image uses a different bit depth fo...
PT-2026-42008
Name of the Vulnerable Software and Affected Versions Innoshop version 0.6.0 Description An authorization issue allows an attacker who has logged into the frontend to directly access backend application interfaces, which can lead to the execution of dangerous operations. Recommendations At the...
PT-2026-42002
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description An issue in the HEIF and AVIF file format decoder and encoder allows a specially crafted 800-byte HEIF sequence file to trigger an infinite loop in the Box stts::get sample duration function. This...
PT-2026-42004
Name of the Vulnerable Software and Affected Versions apache-airflow-providers-amazon versions prior to 9.28.0 Description In the AWS Secrets Manager and SSM Parameter Store secrets backends, the team-scoping logic could resolve a conn id containing a / for example, "my team/conn" to the same pat...