185797 matches found
PT-2026-53772
PathFilter's deny-list glob patterns are anchored, so .git, .obsidian, and node modules were only blocked at the vault root. Nested copies inside the vault e.g. tools/cli/node modules/..., tools/somerepo/.git/config, a nested .obsidian/ were fully traversable via isAllowed/isAllowedForListing...
PT-2026-53799
Kozou compiles a PostgreSQL schema into an Admin UI, a REST API, and an MCP server. Several hardening gaps in the bundled HTTP surfaces and the scaffolded dev stack are fixed in 1.8.1. Issues 1. MCP HTTP server lacked DNS-rebinding protection. The Streamable HTTP transport is unauthenticated and...
PT-2026-53785
A record user could read field values hidden from them by field-level SELECT permissions by reaching the records through a graph-edge - or back-reference SELECT FROM knows, person:bobknows-SELECT FROM person — returned it intact. The root cause: the shared resolve record batch helper used by...
PT-2026-50963
Name of the Vulnerable Software and Affected Versions Joomla! Component jCart for OpenCart version 2.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...
PT-2026-54528
Уязвимость программного обеспечения управления аккаунтами JetBrains Hub связана с недостаточным контролем модификации динамически определённых характеристик объекта. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти ограничения безопасности, получить...
PT-2026-51163
These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-51048
Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description A maliciously crafted image can cause a Denial of...
PT-2026-50843
Name of the Vulnerable Software and Affected Versions BetterDocs Pro versions prior to 3.8.1 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. Unauthenticated attackers can exploit this via the doc style...
PT-2026-50834
Name of the Vulnerable Software and Affected Versions WP DSGVO Tools GDPR versions prior to 3.1.40 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Unauthenticated attackers can provide an arbitrary victim...
PT-2026-50960
Name of the Vulnerable Software and Affected Versions Joomla Payage version 2.05 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to the 'index.php' endpoint with malicious...
PT-2026-50877
Name of the Vulnerable Software and Affected Versions Microsoft HEIF Image Extensions version 1.2.22.0 Description An out-of-bounds read occurs because the CHEIFItemInfoEntry GetDataSize function can return a success status while leaving the reported data size at 0. This leads a caller to perform...
PT-2026-50876
Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...
PT-2026-50997
Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal id parameter. Attackers can send GET requests to index.php with option=com joomcrm&view=contacts and inject SQL...
PT-2026-50998
Name of the Vulnerable Software and Affected Versions Joomla! Component JoomProject version 1.1.3.2 Description An information disclosure issue allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. By sending requests to 'index.php' using the paramete...
PT-2026-51000
Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.23 Statamic versions prior to 6.20.0 Description An incomplete fix for a previous issue in this Laravel and Git powered content management system CMS left in-memory collection sorting unprotected, although the...
PT-2026-50869
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network...
PT-2026-50902
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An incorrect conversion between numeric types occurs in NI grpc-device due to missing range checks in CodeGen. This issue may result in the silent discarding of high bits if a size value...
PT-2026-51031
Name of the Vulnerable Software and Affected Versions Azure Active Directory affected versions not specified Description Improper authentication allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...
PT-2026-51036
Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication bypass exists in the OTP One-Time Password verification process. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely indicate that...
PT-2026-51055
Name of the Vulnerable Software and Affected Versions symfony/ux-autocomplete versions prior to 2.x symfony/ux-autocomplete versions prior to 3.x Description The Stimulus controller in the software renders AJAX response items into a dropdown by interpolating the text field directly into HTML...
PT-2026-50986
Name of the Vulnerable Software and Affected Versions Joomla Component J-MultipleHotelReservation version 6.0.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the...
PT-2026-50950
Name of the Vulnerable Software and Affected Versions Joomla! Component KissGallery version 1.0.0 Description An SQL injection allows unauthenticated attackers to inject SQL commands through the component URL path. By supplying malicious SQL code in the 'kissgallery' endpoint, attackers can execu...
PT-2026-50886
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.14.1 through 3.16.0 Description An incorrect authorization issue exists in the authz-casdoor plugin when using the default configuration. This allows an attacker to authenticate using credentials from a different sourc...
PT-2026-50955
Name of the Vulnerable Software and Affected Versions Joomla LMS King Professional version 3.2.4.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...
PT-2026-50915
Name of the Vulnerable Software and Affected Versions TFTP Broadband version 4.3.0.1465 Description The tftpt.exe service binary contains an unquoted service path issue. This occurs when a service path contains spaces and is not enclosed in quotation marks, allowing a local attacker to place a...
PT-2026-50870
Name of the Vulnerable Software and Affected Versions Cloudflare Quiche versions prior to 0.29.2 Description Two use-after-free issues exist in the connection ID iterator FFI Foreign Function Interface functions. The functions quiche connection id iter next and quiche conn retired scid next retur...
PT-2026-50911
Name of the Vulnerable Software and Affected Versions Wise Care 365 version 4.27 Wise Disk Cleaner version 9.29 Description An unquoted service path issue exists in the WiseBootAssistant and SpyHunter 4 Service. This allows local users to execute arbitrary code with SYSTEM privileges by placing...
PT-2026-50888
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An untrusted pointer dereference exists in the sideband streaming API. This issue allows an attacker to trigger an arbitrary memory dereference, which could lead to remote code execution...
PT-2026-50953
Name of the Vulnerable Software and Affected Versions Joomla Ultimate Property Listing version 1.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the sf selectuser id parameter. Attackers can...
PT-2026-50908
Name of the Vulnerable Software and Affected Versions Comodo Dragon Browser versions prior to 52.15.25.664 Description The DragonUpdater service contains a privilege escalation flaw caused by an unquoted service path that runs with SYSTEM privileges. A local attacker can exploit this by placing a...
PT-2026-51033
Name of the Vulnerable Software and Affected Versions Microsoft Exchange Online affected versions not specified Description Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. There have been reports of elevated activities targeti...
PT-2026-51061
Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.6.0 Description The Konnected integration registers an HTTP endpoint 'KonnectedView' located in homeassistant/components/konnected/ init .py that is configured to not require authentication. While write...
PT-2026-50942
Name of the Vulnerable Software and Affected Versions Joomla! Component Flip Wall version 8.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the wallid parameter via GET requests to the 'index.ph...
PT-2026-50943
Name of the Vulnerable Software and Affected Versions Joomla SP Movie Database version 1.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the searchword parameter when sending GET requests to the...
PT-2026-50836
Name of the Vulnerable Software and Affected Versions Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation versions prior to 2.8.8 Description An issue exists where unauthenticated attackers can perform Server-Side Request Forgery SSRF, a flaw that allows a serv...
PT-2026-51012
Name of the Vulnerable Software and Affected Versions gonic versions prior to 0.21.0 Description The Subsonic API endpoints '/rest/deletePlaylist.view' and '/rest/getPlaylist.view' lack per-resource authorization. An authenticated user, regardless of privilege level, can delete any playlist or re...
PT-2026-51013
Name of the Vulnerable Software and Affected Versions Gonic versions prior to 0.21.0 Description A logic error in the ServeCreateOrUpdatePlaylist function allows for arbitrary file write operations within the music streaming server. Recommendations Update to version 0.21.0 or later. As a temporar...
PT-2026-50891
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An unchecked enum cast issue exists in the BeginSidebandStream function. An attacker can trigger invalid enum states and undefined behavior by supplying a specially crafted message containing...
PT-2026-50917
Name of the Vulnerable Software and Affected Versions Realtek Audio Service version 1.0.0.55 Description An unquoted service path issue exists in RtkAudioService64.exe. This allows local attackers to escalate privileges by placing malicious executable files in the unquoted service path directory,...
PT-2026-50965
Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.5.1 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The software contains a shell command injection flaw occurring when the binary path for WeasyPrint is processed...
PT-2026-51034
Name of the Vulnerable Software and Affected Versions Azure Synapse affected versions not specified Description Execution with unnecessary privileges allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version th...
PT-2026-50894
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description An open redirect issue exists where an attacker can manipulate client headers, specifically the Host header in the cas-auth plugin, to influence the CAS service URL. This can lead to the...
PT-2026-50951
Name of the Vulnerable Software and Affected Versions Joomla! Component Twitch Tv version 1.1 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the username and id parameters. Attackers can send GET...
PT-2026-51040
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Improper access control exists in the SECURITY DEFINER PostgREST RPC function public.record build time. This function is granted to the anon role and can be called using only the public Supabase...
PT-2026-50921
Name of the Vulnerable Software and Affected Versions Malwarebytes version 4.5 Description An unquoted service path issue exists in the MBAMService executable. This allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable...
PT-2026-50999
Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The software uses a case-sensitive blacklist to protect output filenames against the phar:// stream wrapper...
PT-2026-50945
Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description Improper neutralization of input during web page generation allows for Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted websites. Recommendation...
PT-2026-51009
Name of the Vulnerable Software and Affected Versions gonic versions prior to 0.21.0 Description An authenticated Subsonic user can bypass ownership checks to read or delete playlists belonging to other users and probe arbitrary file paths on the host for existence or readability. This occurs...
PT-2026-51037
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A cross-tenant authorization bypass exists in PostgREST endpoints. This issue allows API keys with organization-level read permissions to access webhook secrets and delivery logs belonging to other...
PT-2026-50959
Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.3 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. This is achieved by sending GET requests to the 'all-recipes' endpoint...