175511 matches found
PT-2026-42157
Name of the Vulnerable Software and Affected Versions Microsoft Defender affected versions not specified Description Improper link resolution before file access, also known as link following, in the Microsoft Malware Protection Engine allows an authorized attacker to elevate privileges locally to...
PT-2026-42161
Name of the Vulnerable Software and Affected Versions Microsoft Defender Antimalware Platform affected versions not specified Description An issue exists in the Microsoft Defender Antimalware Platform involving uncontrolled resource consumption. This can be exploited by an attacker to cause a...
PT-2026-42005
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description A heap buffer overflow exists in the MaskImageCodec::decode mask image function. This occurs when decoding a HEIF file containing a mask image mski because the function copies the full iloc extent...
PT-2026-41889
A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...
PT-2026-41991
In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin...
PT-2026-41814
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...
PT-2026-42240
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description A use after free issue exists in WebRTC, which could allow a remote attacker to execute arbitrary code through a specially crafted HTML page. Use after free is a memory corruption flaw...
PT-2026-41987
Name of the Vulnerable Software and Affected Versions Jaspersoft Reports Library affected versions not specified Description A Java deserialization issue exists in the Jaspersoft Reports Library. This flaw can lead to Remote Code Execution RCE, which is a type of attack where an attacker can...
PT-2026-42047
Name of the Vulnerable Software and Affected Versions @beproduct/nestjs-auth versions 0.1.2 through 0.1.19 Description An attacker used a compromised npm publish token to distribute malicious versions of the package containing payloads from the Mini Shai-Hulud npm supply-chain worm campaign. The...
PT-2026-41891
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...
PT-2026-41883
Rilevata vulnerabilità per FreePBX CVE-2026-44978 con gravità “alta” Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔗https://www.acn.gov.it/portale/w/rilevata-vulnerabilita-alta-per-freepbx 🔄 Aggiornamenti disponibili 🔄...
PT-2026-42236
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description Insufficient policy enforcement in ServiceWorker allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. A ServiceWorker is a script that the browser...
PT-2026-42239
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description A heap buffer overflow occurs in WebRTC, which is a framework that enables real-time communication such as voice and video calling within web browsers. This issue allows a remote...
PT-2026-42244
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description Insufficient validation of untrusted input in Input allows a remote attacker who has compromised the renderer process to leak cross-origin data through the use of a crafted HTML page...
PT-2026-42235
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description Insufficient policy enforcement in the Service Worker allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script...
PT-2026-42241
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description An out of bounds read in the GPU component allows a remote attacker to potentially exploit heap corruption through the use of a crafted HTML page. Heap corruption occurs when a program...
PT-2026-42238
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description A use after free issue in XR Extended Reality allows a remote attacker to execute arbitrary code via a crafted HTML page. Recommendations Update to version 148.0.7778.179 or later...
PT-2026-42245
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description A use after free issue in the Document Object Model DOM allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free i...
PT-2026-42234
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description A use after free issue in the QUIC protocol allows a remote attacker to execute arbitrary code within a sandbox by sending malicious network traffic. Use after free is a memory...
PT-2026-42230
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description An inappropriate implementation in the UI allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page. Recommendations Update to...
PT-2026-42232
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description A use after free issue in the GPU component allows a remote attacker to execute arbitrary code inside a sandbox by utilizing a crafted HTML page. Use after free is a memory corruption...
PT-2026-42362
Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...
PT-2026-42169
Name of the Vulnerable Software and Affected Versions Atril versions prior to 1.26.3 Atril versions prior to 1.28.4 Evince affected versions not specified Xreader versions prior to 3.6.7 Xreader versions prior to 4.6.4 Papers affected versions not specified Description A command injection issue...
PT-2026-41842
There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface...
PT-2026-41858
Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
PT-2026-42011
Name of the Vulnerable Software and Affected Versions ZKTeco CCTV cameras affected versions not specified Description An issue exists in ZKTeco CCTV cameras that allows unauthenticated users to export configuration data, which leads to the exposure of administrator credentials. Recommendations...
PT-2026-41961
Name of the Vulnerable Software and Affected Versions fabric-chaincode-java versions 2.3.1 through 2.5.9 Description When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker...
PT-2026-42389
Takuya Aramaki discovered that Smarty did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack...
PT-2026-41922
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 Description A denial-of-service issue exists in the Audio/Video: Web Codecs component caused by an invali...
PT-2026-42013
Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description An authenticated admin-level user can achieve Remote Code Execution by supplying an arbitrary class name available in the Composer autoloader. The admin settings update endpoint accepts a fully...
PT-2026-42016
Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description The web-based installer at the endpoint "public/installer/index.php" allows unauthenticated Remote Code Execution RCE, which is the ability to execute arbitrary commands on a remote machine. The...
PT-2026-41639
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...
PT-2026-41767
Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of the docker cp command. When copying files into a container, the daemon creates a temporary filesystem view by bind-mounting volumes. A process...
PT-2026-41766
Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of docker cp, allowing a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem with root...
PT-2026-41666
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument pic filename results in path traversal. The attack may be launched remotely. The patch is...
PT-2026-41592
A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument...
PT-2026-41593
A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack may be performed from remote. The exploit is now public...
PT-2026-41630
A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made...
PT-2026-41594
A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPUserName causes buffer overflow. It is possible to initiate the attack remotely. The exploit has...
PT-2026-41595
A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation of the argument stadrv ssid results in command injection. The attack can be initiated remotely...
PT-2026-41629
A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and ma...
PT-2026-41596
A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly...
PT-2026-41631
A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...
PT-2026-41633
A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update info.php of the component GET Parameter Handler. Executing a manipulation of the argument appointment no can lead to sql injection. T...
PT-2026-41634
A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...
PT-2026-41632
A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change file status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named...
PT-2026-41635
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
PT-2026-41637
The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks...
PT-2026-41638
The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2026-41636
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...