PT-2026-41316

Name of the Vulnerable Software and Affected Versions Microsoft APM versions 0.5.4 through 0.12.4 Description Two primitive integrators in apm-cli use Path.glob and Path.rglob to enumerate package files and Path.read text to read matches, which transparently follows symbolic links. A symlink with...

PT-2026-41342

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...

PT-2026-41371

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart id and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse anothe...

PT-2026-41357

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.2 Description An improper restriction of excessive authentication attempts exists in the "/admin/check" endpoint. This endpoint accepts arbitrary user-id parameters without session binding or rate limiting...

PT-2026-41340

WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...

PT-2026-41369

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craft URLs with unescaped quotes to inject event handlers, stealing admin session cookies and achieving...

PT-2026-41345

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login userid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

PT-2026-41367

phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...

PT-2026-41358

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, This vulnerability is fixed in 1.0.8.3...

PT-2026-41370

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's admin id. This can...

PT-2026-41372

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1...

PT-2026-41346

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

PT-2026-41365

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.2 Description A stored cross-site scripting issue exists in the FAQ creation and update endpoints. Authenticated attackers with FAQ ADD permission can bypass sanitization through encode-decode cycles to inject...

PT-2026-41354

phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated instead of userHasPermissionCONFIGURATION EDIT. Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail...

PT-2026-41363

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass html...

PT-2026-41347

Podcast Generator 3.1 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the long description parameter. Attackers can inject script tags through episode creation or editing requests ...

PT-2026-41344

Name of the Vulnerable Software and Affected Versions WP Super Edit versions 2.5.4 and earlier Description The FCKeditor component contains an unrestricted file upload flaw. Attackers can upload arbitrary and dangerous file types without validation through the 'filemanager upload' endpoint, which...

PT-2026-41341

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edit user endpoint, which execute in t...

PT-2026-41350

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...

PT-2026-41362

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQ EDIT permission can upload malicious SVG files with deeply...

PT-2026-41349

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header e.g. image/png...

PT-2026-41353

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

PT-2026-41348

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...

PT-2026-41359

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting XSS issue in the public product return form in Vvveb CMS. The customer order id POST parameter is inserted into the...

PT-2026-41355

phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to recursively delete...

PT-2026-41338

Name of the Vulnerable Software and Affected Versions Trog::TOTP versions prior to 1.006 Description Secrets are generated using the built-in Perl rand function, which is predictable and unsuitable for security purposes. Recommendations Update to version 1.006 or later...

PT-2026-41318

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

PT-2026-41321

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

PT-2026-41320

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...

PT-2026-41322

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

PT-2026-41323

Name of the Vulnerable Software and Affected Versions radare2 version 6.1.5 Description A use-after-free issue exists in the gdbr threads list function. This occurs when a valid qfThreadInfo response is followed by a malformed qsThreadInfo response, allowing remote attackers to trigger memory...

PT-2026-41368

phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution id id.html endpoint. Attackers can sequentially...

PT-2026-41352

Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, collaborators.list, tables.metadata.list, explorations.list, and forms.list accept a database id without verifying that the requesting user was a collaborator on that...

PT-2026-41339

CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal service...

PT-2026-41319

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...

PT-2026-41373

ORSEE Online Recruitment System for Economic Experiments 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval...

PT-2026-41374

Name of the Vulnerable Software and Affected Versions @angular/platform-server versions prior to 22.0.0-next.12 @angular/platform-server versions prior to 21.2.13 @angular/platform-server versions prior to 20.3.21 @angular/platform-server versions prior to 19.2.22 Description A Server-Side Reques...

PT-2026-41375

Name of the Vulnerable Software and Affected Versions radare2 version 6.1.5 Description A use-after-free issue exists in the gdbr pids list function within the GDB client core. Remote attackers can cause a denial of service or potentially execute arbitrary code by sending malformed thread...

PT-2026-41377

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.20 Description Crypt::DSA for Perl uses a 2-args open function, which can allow existing files to be modified. Recommendations Update to a version later than 1.19...

PT-2026-41376

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.20 Description Seeds are generated using the built-in rand function in Perl, which is predictable and unsuitable for security purposes. Recommendations Update to version 1.20 or later...

PT-2026-41388

Name of the Vulnerable Software and Affected Versions NukeViet CMS versions prior to 4.5.08 Description Stored Cross-Site Scripting XSS occurs due to insufficient server-side input sanitization in the Request class. The application relies on client-side filtering to sanitize HTML tags and...

PT-2026-41419

Name of the Vulnerable Software and Affected Versions Funnel Builder affected versions not specified Description An SQL injection flaw in the Funnel Builder plugin allows attackers to inject payment skimmers into WooCommerce checkout pages. This issue enables script propagation across all checkou...

PT-2026-41396

Impact An attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects u ri puk idp enc and uri puk idp sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge...

PT-2026-41397

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description The REST datasource integration in the packages/server/src/integrations/rest.ts file follows HTTP redirects without re-validating the target URL against the IP blacklist. This allows an authenticat...

PT-2026-41398

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description Budibase contains a route-level authorization misconfiguration where the endpoint "PUT /api/datasources/:datasourceId" is incorrectly assigned to the authorizedRoutes group with TABLE/READ...

PT-2026-41393

Name of the Vulnerable Software and Affected Versions Better Auth versions prior to 1.4.17 Better Auth versions prior to 1.5.0-beta.9 Description The HTTP rate limiter in Better Auth identifies requests based on the exact textual IP address found in the x-forwarded-for header or other configured...

PT-2026-41385

Name of the Vulnerable Software and Affected Versions SimpleSAMLphp-casserver versions prior to 6.3.1 SimpleSAMLphp-casserver versions prior to 7.0.0 Description The logout endpoint accepts a url query parameter for redirection. The server treats this URL as trusted and, depending on the...

PT-2026-41386

Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.5.7 Description A path traversal issue exists in the OneNote importer. The OneNote converter fails to sanitize the names of embedded files before writing them to disk. An attacker can create a malicious .one file...

PT-2026-41387

Name of the Vulnerable Software and Affected Versions nimiq-blockchain versions prior to 1.4.0 Description A malicious network peer can crash a Nimiq full node by publishing a crafted Kademlia DHT record. The record contains a TaggedSigned with a signature field whose byte length is not exactly 6...

PT-2026-41418

wow CVE-2026-22931203921321321...