184951 matches found
PT-2026-50599
Name of the Vulnerable Software and Affected Versions org.hl7.fhir.dstu2 affected versions not specified Description An incomplete patch in the org.hl7.fhir.dstu2 module allows an unauthenticated attacker to cause a Regular Expression Denial of Service ReDoS. While other modules were updated to...
PT-2026-50608
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The rebuild.php front controller, used to clear caches and rebuild the container when a site is in an unexpected condition, fails to correctly validate the Host header against trusted hos...
PT-2026-50609
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The Media module supports oEmbed, which utilizes two discovery mechanisms: providers.json and URL discovery. The URL discovery code can be exploited to trick the system into making...
PT-2026-50610
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The JSON:API and REST modules allow image file uploads to image fields. The validation rules verify the file extension but fail to check the file MIME type Multipurpose Internet Mail...
PT-2026-50594
Name of the Vulnerable Software and Affected Versions Claude Code versions 0.2.54 through 2.1.162 Description The WebFetch tool pre-approved the hostname 'huggingface.co' as a bare hostname, allowing any path on that domain to be auto-approved without a permission prompt or restrictions from...
PT-2026-50596
Name of the Vulnerable Software and Affected Versions langchain4j-mariadb versions prior to 1.2.1-beta8 langchain4j-mariadb versions prior to 1.5.1-beta11 langchain4j-mariadb versions prior to 1.11.8-beta19 langchain4j-mariadb versions prior to 1.16.3-beta26 langchain4j-pgvector versions prior to...
PT-2026-50607
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description Drupal core contains a gadget chain, which is a sequence of existing code fragments that can be leveraged during the deserialization of untrusted data. While this issue is not directly...
PT-2026-50591
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An issue exists in the self-hosted artificial intelligence platform where collection-level Access Control List ACL checks can be bypassed when Milvus multitenancy mode is enabled. The ACL permits...
PT-2026-50590
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The SafePlaywrightURLLoader uses a validate url function to prevent Server-Side Request Forgery SSRF by checking the IP address of a user-provided URL. However, this validation only occurs for the...
PT-2026-50582
Name of the Vulnerable Software and Affected Versions Drupal Formatter Field versions 0.0.0 through 2.0.0 Description Improperly controlled modification of dynamically-determined object attributes in the Formatter Field module allows for Object Injection. This occurs because the module stores dat...
PT-2026-50612
Name of the Vulnerable Software and Affected Versions Drupal Plotly.js Graphing versions 0.0.0 through 3.0.2 Description Improperly controlled modification of dynamically-determined object attributes allows object injection. The module stores certain data as PHP-serialized strings, and if malicio...
PT-2026-50606
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description An attacker with appropriate JSON:API write permissions could potentially inject a malicious payload in certain rare circumstances, leading to PHP Object Injection. PHP Object Injection...
PT-2026-50600
Name of the Vulnerable Software and Affected Versions org.hl7.fhir.utilities versions 6.9.8 and earlier Description The org.hl7.fhir.utilities library contains an XML External Entity XXE injection flaw. The saxonTransform function overloads instantiate a bare net.sf.saxon.TransformerFactoryImpl...
PT-2026-50589
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The terminal-server reverse proxy in backend/open webui/routers/terminals.py fails to properly confine the user-controlled path segment before forwarding it to an admin-configured terminal server...
PT-2026-50561
Name of the Vulnerable Software and Affected Versions bbot affected versions not specified Description The docker pull module fails to validate the realm parameter received from a Docker registry's WWW-Authenticate response header when using it as the authentication endpoint. A man-in-the-middle...
PT-2026-50499
Name of the Vulnerable Software and Affected Versions undici versions 5.15.0 through 6.25.x undici versions 7.0.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description When parsing a Set-Cookie header, the software accepts any SameSite attribute value containing Strict, Lax, or None as a...
PT-2026-50487
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains an authorization flaw in its prompt version-history endpoints. While the system authorizes the prompt id provided in the URL, it fails to verify that the requested history...
PT-2026-50490
Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.23.1rc0 Description Temperature validation gates use comparison operators that silently evaluate to False when encountering NaN Not a Number or positive Infinity due to Python's IEEE 754 float semantics. These values...
PT-2026-50472
Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.23.1rc0 Description Integer truncation of tensor dimensions in GGUF dequantize kernels within csrc/quantization/gguf/gguf kernel.cu leads to partial tensor processing. The output tensor is allocated at full size...
PT-2026-50469
picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the reduce trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable,...
PT-2026-50448
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...
PT-2026-50481
Name of the Vulnerable Software and Affected Versions Open-webui affected versions not specified Description An authenticated user can access files belonging to other users by exploiting a lack of ownership verification in the image processing path. When the POST endpoint "/api/chat/completions"...
PT-2026-50478
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An authorization bypass exists in the calendar event update process. The endpoint '/api/v1/calendars/events/event id/update' validates that the user has write access to the calendar where the even...
PT-2026-50479
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The chat message listener in the chat page's window message listener processes input:prompt and action:submit messages without enforcing same-origin restrictions. This allows an external site to s...
PT-2026-50547
Today I received a public security credit for a vulnerability I responsibly disclosed: CVE-2026-54683 – Improper authorization in NL Portal The vulnerability allowed any authenticated portal user to download documents belonging to other users when they had access to a valid document identifier. A...
PT-2026-50517
Name of the Vulnerable Software and Affected Versions undici versions 7.23.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description The ProxyAgent in undici silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. This causes the target HTTPS...
PT-2026-50505
Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...
PT-2026-50330
Name of the Vulnerable Software and Affected Versions JetSmartFilters versions prior to 3.8.2 Description An unauthenticated SQL Injection allows an attacker to interfere with the queries that an application makes to its database. This occurs in the JetSmartFilters WordPress plugin. Recommendatio...
PT-2026-50370
Cross-Site request forgery CSRF vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0...
PT-2026-50304
Unauthenticated Local File Inclusion in Malmö = 2.2 versions...
PT-2026-50229
Name of the Vulnerable Software and Affected Versions Android versions prior to June 2026 Description A logic error in the setAllowedCarriers function within PhoneInterfaceManager.java allows for the disabling of carrier restrictions. This flaw can lead to local escalation of privilege without...
PT-2026-50240
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-50411
Unauthenticated Local File Inclusion in Kastell = 2.0 versions...
PT-2026-50513
Name of the Vulnerable Software and Affected Versions undici versions 7.23.0 through 8.1.0 Description When using Socks5ProxyAgent, the software reuses a single connection pool across different origins without verifying if the pool's origin matches the requested origin. This leads to cross-origin...
PT-2026-50525
Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.93.0 Description An authorization bypass exists in the proxy repository configuration. This issue allows a delegated repository administrator to disclose stored upstream proxy credentials...
PT-2026-50197
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A heap buffer overflow occurs in WebRTC, which is a framework that enables real-time communication such as voice and video calls within web browsers. This issue allows a remote attacke...
PT-2026-50489
Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.23.1rc0 Description The '/v1/audio/transcriptions' endpoint limits the size of compressed uploads but fails to limit the size of the decoded PCM Pulse Code Modulation output. PCM is an uncompressed digital audio format...
PT-2026-50438
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A flaw in the ngx http proxy v2 module and ngx http grpc module modules can be triggered when NGINX is configured to proxy HTTP/2 traffic...
PT-2026-50566
Name of the Vulnerable Software and Affected Versions Steeltoe.Security.Authentication.CloudFoundryBase versions prior to 3.4.0 Steeltoe.Security.Authentication.JwtBearer versions prior to 4.2.0 Steeltoe.Security.Authentication.OpenIdConnect versions prior to 4.2.0 Description The JWT signing key...
PT-2026-50493
Name of the Vulnerable Software and Affected Versions @mariozechner/pi-coding-agent versions 0.28.0 through 0.73.1 @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 Description A race condition in the file write path of the credential storage implementation allows the auth.json file,...
PT-2026-50546
Impact In versions up to and including 3.0.0, two parts of the GraphQL API returned data without checking whether the data belonged to the logged-in user: - Document content. A logged-in user could download the raw content of any document by its ID, regardless of who owned it. The resolver has...
PT-2026-50518
Name of the Vulnerable Software and Affected Versions Hermes Agent versions prior to 0.16.0 Description A DNS rebinding issue in WebSocket endpoints allows remote attackers to bypass Host and Origin validation. This occurs because FastAPI HTTP middleware does not execute for WebSocket upgrade...
PT-2026-50655
It was discovered that Dolibarr incorrectly handled user-supplied database name values during installation. A remote attacker could possibly use this issue to execute arbitrary code...
PT-2026-50598
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.1 Description Unauthenticated users with network access can upload unlimited amounts of data to the server, which can lead to disk space exhaustion and a resulting denial-of-service. Additionally, the server...
PT-2026-50341
Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...
PT-2026-50205
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Tab Strip component. This occurs when a program continues to use a pointer after it has been freed, which can lead to heap corruption a memory...
PT-2026-50373
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7...
PT-2026-50276
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...
PT-2026-50263
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...
PT-2026-50309
Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...