185744 matches found
PT-2026-51065
Name of the Vulnerable Software and Affected Versions jupyterlab-git affected versions not specified Description A stored cross-site scripting XSS issue exists in the PlainTextDiff.ts component of the jupyterlab-git extension. The createHeader function passes Git filenames directly to innerHTML...
PT-2026-51631
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Gogs contains a path traversal flaw where organization names containing relative path sequences e.g., ../ are accepted without proper sanitization. This occurs because the internal/database/org.go file...
PT-2026-51088
Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj is a JSON parser and Object marshaller for Ruby. A Use-After-Free issue exists when using the Oj::Parser in SAJ mode. The parser fails to protect cached object keys of 35 bytes or more from garbage...
PT-2026-50864
The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fx file close even when the file was never successfully opened. Multiple error branches jump to...
PT-2026-50839
Name of the Vulnerable Software and Affected Versions ts-deepmerge versions prior to 8.0.0 Description An uncaught exception occurs due to improper handling of built-in Object.prototype methods, such as toString and valueOf. When user-controlled input contains these keys with non-function values,...
PT-2026-50875
Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...
PT-2026-51021
Name of the Vulnerable Software and Affected Versions Mercator versions prior to 2025.05.19 Description A Server-Side Request Forgery SSRF exists in the CVE configuration panel at the '/admin/config/parameters' endpoint. The testProvider method in ConfigurationController passes user-supplied inpu...
PT-2026-50937
Name of the Vulnerable Software and Affected Versions Joomla! Component Price Alert version 3.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending requests to the 'subscribeajax' view with crafted payloads in the product id parameter,...
PT-2026-50990
Name of the Vulnerable Software and Affected Versions Joomla Component vRestaurant version 1.9.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'menu-listing-layout' endpoint with malicious code...
PT-2026-50977
Summary tract the tract-onnx crate resolves an ONNX tensor's external-data location by joining it onto the model directory without any sanitization. Because location comes from the untrusted .onnx file, a malicious model can make tract open and read an arbitrary local file at load time, with the...
PT-2026-50896
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.5.0 through 3.16.0 Description An authentication bypass issue exists in the opa plugin. An attacker can relay spoofed identity headers to upstream services by exploiting non-default configurations in the opa plugin,...
PT-2026-50993
Name of the Vulnerable Software and Affected Versions Joomla vWishlist version 1.0.1 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the component using crafted payloads in the...
PT-2026-50931
Name of the Vulnerable Software and Affected Versions Joomla! Component User Bench version 1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. This is achieved by sending GET requests to the...
PT-2026-51030
Name of the Vulnerable Software and Affected Versions Microsoft Copilot affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to perform tampering over a network. Recommendations At th...
PT-2026-51038
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A flaw exists in the Enforce Password Policy feature. When a Super Admin enables this policy and updates their password to a compliant one, the backend fails to update the password-compliance state...
PT-2026-50838
Name of the Vulnerable Software and Affected Versions Blocksy Companion versions prior to 2.1.46 Description The Blocksy Companion plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings caused by insufficient input sanitization and output escaping. This allows...
PT-2026-50958
Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.4 Description The JoomRecipe component for Joomla contains a blind SQL injection flaw. This allows attackers to inject SQL code via POST requests to the search endpoint using the search author parameter. This can be used...
PT-2026-50845
Name of the Vulnerable Software and Affected Versions The Royal Addons for Elementor β Addons and Templates Kit for Elementor versions 1.7.1058 through 1.7.1059 Description An arbitrary file read issue exists due to the wpr get csv handle helper function. When the settings.table upload csv.url...
PT-2026-51029
Name of the Vulnerable Software and Affected Versions Quarkus versions prior to 3.37.0 Quarkus versions prior to 3.36.3 Quarkus versions prior to 3.33.3 Quarkus versions prior to 3.33.2.1 Quarkus versions prior to 3.27.5 Quarkus versions prior to 3.27.4.1 Quarkus versions prior to 3.20.6.2...
PT-2026-50956
Name of the Vulnerable Software and Affected Versions Joomla! Component PHP-Bridge version 1.2.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending GET requests to the 'index.php' endpoint with the parameters option=com phpbridge and...
PT-2026-50920
Name of the Vulnerable Software and Affected Versions Brother SAPSprint version 7.60 Description An unquoted service path issue exists in the SAPSprint service binary. This allows local attackers to escalate privileges by placing a malicious executable in the Program Files directory path, which i...
PT-2026-50992
Name of the Vulnerable Software and Affected Versions Joomla! Component vAccount version 2.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the 'vaccount-dashboard/expense'...
PT-2026-50995
Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. This is achieved by submitting POST requests to the...
PT-2026-51070
Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description WS-Security signature verification performs a document-wide ds:Signature lookup. An unauthenticated remote attacker can place a SOAP header before wsse:Security and...
PT-2026-50890
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description A NULL pointer dereference occurs in the data moniker service of NI grpc-device. A NULL pointer dereference is a condition where a program attempts to read or write to a memory address that i...
PT-2026-50925
Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The AbstractGenerator::$temporaryFiles public array allows any code with a reference to a generator instance to...
PT-2026-50972
Summary In affected versions, the OAuth2 token request sends app id, app secret, refresh token and code as URL query parameters of the POST request to https://oauth./oauth/api/oauth2/token. Request URLs are commonly recorded in access logs, proxy logs and APM traces, so the application secret and...
PT-2026-50830
Name of the Vulnerable Software and Affected Versions Classified Listing β Classified ads & Business Directory versions prior to 5.4.3 Description The plugin contains a missing authorization flaw in the gallery image update as feature AJAX handler action: rtcl fb gallery image update as feature...
PT-2026-50848
Name of the Vulnerable Software and Affected Versions WP Hotel Booking versions prior to 2.3.1 Description Several AJAX handlers do not enforce capability checks, which allows authenticated users with Subscriber-level access to read booking line items of other users, enumerate active coupons, and...
PT-2026-50906
Name of the Vulnerable Software and Affected Versions Comodo Chromodo Browser version 52.15.25.664 Description The ChromodoUpdater service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker to place a malicious executable within the service path to...
PT-2026-50913
Name of the Vulnerable Software and Affected Versions Matrix42 Remote Control Host version 3.20.0031 Description An unquoted service path issue exists in the FastViewerRemoteService and FastViewerRemoteProxy services. This allows local users to execute arbitrary code with SYSTEM privileges by...
PT-2026-50948
Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description The GridTime 3000 GNSS Time Server contains an open redirect issue within the password change form submission. An open redirect occurs when an application takes a user-provided URL an...
PT-2026-51204
CVE ID :CVE-2026-6716 Published : June 18, 2026, 10:19 p.m. | 3 hours, 52 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-53795
Hugo's default code-block renderer wrote the Markdown code-fence language / info-string into the wrapper without HTML escaping. A fence info-string containing a quote and a payload breaks out of the attribute and injects a live script element. This is not an issue if you fully trust every file...
PT-2026-53796
Impact The default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals e.g. http://127.0.0.1/, http://169.254.169.254/. The deny rule only matched dotted-decimal notation, so alternate IPv4 encodings of the same addresses β integer, hex, or octal, whi...
PT-2026-53800
Summary ChatterBot's UbuntuCorpusTrainer.extract uses a predictable, home-rooted output directory /ubuntu data/ubuntu dialogs with a check-then-create pattern if not os.path.exists: os.makedirs followed by tar.extractallpath=self.data path. A local attacker who pre-plants a symlink at the...
PT-2026-53803
Unbounded Response Body Read Bypasses URL Size Limit in web url read Summary The web url read MCP tool in mcp-searxng enforces its 5 MiB response-size limit exclusively by inspecting the Content-Length header of a preliminary HEAD request. When a server omits Content-Length β a standard HTTP...
PT-2026-53782
Impact A stored cross-site scripting XSS vulnerability affected the Markdown/RichText field preview renderer in Sveltia CMS. The DOMPurify sanitization configuration used for Markdown previews explicitly permitted iframe elements without enforcing a sandbox attribute or restricting iframe sources...
PT-2026-53647
Root has patched GHSA-458j-xx4x-4375 in the @rootio/hono package for Root:npm. Multiple fixed versions available...
PT-2026-53775
Summary A GitHub Actions workflow is vulnerable to command injection through the issue title. The workflow is triggered when an issue is opened or closed, and it directly inserts github.event.issue.title into a Bash variable assignment. If an issue title contains command substitution syntax, Bash...
PT-2026-53774
Affected versions: v0.123.0 through v0.163.0. Earlier versions are not affected. Fixed in: v0.163.1. Severity: Medium. Requires the attacker to be able to place or convince a site author to place a symlink inside a mounted directory β for example, inside a locally-vendored theme under themes/...
PT-2026-53798
Impact Uni-CLI versions before 0.225.2 exposed the legacy JSON-RPC-over-HTTP MCP transport on loopback without validating browser Origin headers before routing requests. A malicious web page could send a CORS simple POST request, such as text/plain, to the local /mcp endpoint and deliver a JSON-R...
PT-2026-53797
Summary vcrpy deserializes YAML cassette files with PyYAML's object-constructing loader yaml.CLoader / yaml.Loader instead of the safe loader yaml.CSafeLoader / yaml.SafeLoader. A cassette containing a !!python/object/apply: or similar tag therefore executes arbitrary Python code the moment the...
PT-2026-53791
DNS-resolved Private Hostname SSRF in web url read Summary The web url read MCP tool in mcp-searxng is vulnerable to Server-Side Request Forgery SSRF via DNS rebinding bypass. The assertUrlAllowed function at src/url-reader.ts:85-93 validates only the syntactic hostname string against a private...
PT-2026-53804
Summary On a multi-tenant stigmem node, a tenant administrator could list, read, and admit or reject quarantined facts belonging to other tenants. The list/count queries and get quarantined fact in routes/quarantine.py lacked an f.tenant id = identity.tenant id predicate, and the garden lookup wa...
PT-2026-51106
Summary The user supplied class value is fed directly into the sprintf call that creates HTML. You can add a quote to escape the class and then inject arbitrary html/javascript to the final output. Details The template here adds a figure with a class that is substituted in. This value is provided...
PT-2026-51107
Summary With $wgEmbedVideoRequireConsent enabled the default, the urls for videos are stored in a json-ified data attributedata-mw-iframeconfig. When given a malformed url or id, the data-mw-iframeconfig attribute can be escaped via single quotes, allowing for html/javascript injection. Details T...
PT-2026-51051
Name of the Vulnerable Software and Affected Versions Symfony UX LiveComponent versions prior to 2.x Symfony UX LiveComponent versions prior to 3.x Description The createHtml function in SymfonyUXLiveComponentUtilChildComponentPartialRenderer interpolates the $childTag variable directly into the...
PT-2026-51011
Name of the Vulnerable Software and Affected Versions Grafana Tempo affected versions not specified Description A TraceQL query containing a large exemplars hint value can lead to excessive memory allocation within the Tempo instance. This condition may result in an out-of-memory crash, allowing ...
PT-2026-53651
This update for xwayland fixes the following issues: - CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 - Font Alias Stack-based Buffer Overflow. bsc1266294 - GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write. bsc1266300 - XKB Key Types Stack-based Buffer Overflow. bsc12662...