186922 matches found
PT-2026-51521
Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.4 through 0.7.x Description An authorization bypass in the API role handling allows unauthenticated access to privileged '/api/system/' endpoints. Because system resolves to the cron admin identity, attackers can invok...
PT-2026-51491
picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...
PT-2026-51528
SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component...
PT-2026-51642
Name of the Vulnerable Software and Affected Versions Snipe-IT affected versions not specified Description An authorization bypass exists in the BulkAssetsController::update function. The system accepts the company id variable directly from user input without utilizing the standard company-scopin...
PT-2026-51542
Name of the Vulnerable Software and Affected Versions openlink virtuoso-opensource version 7.2.11 Description A flaw in the st compare component allows attackers to trigger a Denial of Service DoS by using specially crafted SQL statements. Recommendations At the moment, there is no information...
PT-2026-51548
Name of the Vulnerable Software and Affected Versions Language Servers for AWS versions prior to 1.69.0 Description Missing symlink validation may allow an arbitrary file write outside of the workspace trust boundary. This occurs when a local user opens a workspace containing a maliciously crafte...
PT-2026-51641
Name of the Vulnerable Software and Affected Versions mise versions 2026.3.15 through 2026.6.3 Description mise loads the github.credential command setting from local project configuration files before any trust decision is made. When resolving a GitHub token, the software executes the value of...
PT-2026-51626
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description An authorization bypass exists where three API endpoints are protected by write-level middleware instead of administrator-level middleware. This allows a collaborator with write access to perfor...
PT-2026-51610
Name of the Vulnerable Software and Affected Versions Caliptra Core Runtime Firmware versions 2.0.0 through 2.0.1 Caliptra Core Runtime Firmware version 2.1.0 Description A missing cryptographic step in the aes 256 gcm update module leads to an incorrect GCM authentication tag. When the streaming...
PT-2026-51590
Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description A flaw in the gst-plugins-bad package occurs when processing a specially crafted H.264 video file containing malformed Multiview Video Coding MVC or Scalable Video Coding SV...
PT-2026-51501
Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers get/put/delete/post. API keys created with mode=all but restricted to a single app via limited to apps are only checked for limited to orgs and not for limited to apps, so an app-scoped...
PT-2026-51487
Name of the Vulnerable Software and Affected Versions ADSelfService Plus versions prior to 6529 RecoveryManager Plus versions prior to 6321 M365 Manager Plus versions prior to 4817 ADAudit Plus versions prior to 8703 Description In ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and...
PT-2026-51499
Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decode each/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...
PT-2026-51552
A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...
PT-2026-52872
Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the output path parameter. Remote attackers can...
PT-2026-51527
Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs...
PT-2026-51494
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...
PT-2026-51576
Name of the Vulnerable Software and Affected Versions immich versions 4ffa26c9 through 4eb1003 Description A reflected cross-site scripting XSS issue exists on the '/auth/login' page. The continue query parameter is processed by SvelteKit's redirect function without proper scheme or origin...
PT-2026-51653
Name of the Vulnerable Software and Affected Versions Hoppscotch affected versions not specified Description Four independent weaknesses allow an unauthenticated request to lead to full server compromise. Recommendations At the moment, there is no information about a newer version that contains a...
PT-2026-51652
An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service DoS via supplying a crafted PSD file...
PT-2026-51633
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Gogs contains an information disclosure issue where the 'GET /api/v1/orgs/:orgname/teams' endpoint returns all teams for any organization without requiring authentication. This occurs because the route...
PT-2026-51518
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
PT-2026-51536
Name of the Vulnerable Software and Affected Versions Control Builder A versions prior to 1.4/4 800xA for Advant Master versions prior to 6.0.3-1 800xA for Advant Master versions prior to 6.1.1-1 800xA for Advant Master version 6.1.1-3 800xA for Advant Master version 6.2.0-1 Description An...
PT-2026-51583
Name of the Vulnerable Software and Affected Versions rtk versions prior to 0.42.2 Description A flaw in the permission splitter logic fails to conservatively split or reject certain Bash shell constructs that create command-execution boundaries or nested execution. This improper input validation...
PT-2026-51643
Impact The store method in both the web and API UsersController only strips the superuser permission when a non-superuser creates a user. It does not strip the admin permission. This allows any authenticated user with the users.create permission to create a new user with full admin privileges. Th...
PT-2026-51611
Name of the Vulnerable Software and Affected Versions Anthropic Claude Desktop Cowork VM versions 1.1348.0 through 1.2278.0 Description The Cowork VM image handling process validates only the presence of the file and a version marker string before booting rootfs.img, failing to verify the integri...
PT-2026-55571
This update for sg3 utils fixes the following issues: - sg inq: --export output conformance for SCSI name string and ATA fields bsc1267823 - rescan-scsi-bus.sh: quote $id serial in findmultipath call bsc1268201...
PT-2026-55574
This update for podman rebuilds it against the current go security release...
PT-2026-52874
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...
PT-2026-51480
An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability...
PT-2026-51496
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06...
PT-2026-51638
Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.6.1 Description The HTTP backend in mise improperly handles version strings for non-latest versions when creating install symlinks. Instead of using a sanitized version pathname, it uses the raw resolved version...
PT-2026-51525
Name of the Vulnerable Software and Affected Versions HCL Connections affected versions not specified Description Broken access control may allow an unauthorized user to view data in a single specific scenario. Recommendations At the moment, there is no information about a newer version that...
PT-2026-51557
A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...
PT-2026-51566
Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description A heap use-after-free issue exists in the control socket handling within src/control.c. This occurs when privilege separation is disabled or initialization fails, leaving the control socket in mode...
PT-2026-51519
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...
PT-2026-51581
Name of the Vulnerable Software and Affected Versions ash-project ash versions 3.0.0 through 3.29.2 Description An issue exists where users can set the value of a private action argument intended to be controlled exclusively by trusted server-side code. Action arguments declared with public?: fal...
PT-2026-51531
NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create agent to create arbitrary agent groups, container...
PT-2026-55570
This update for sg3 utils fixes the following issues: - sg inq: --export output conformance for SCSI name string and ATA fields bsc1267823 - rescan-scsi-bus.sh: quote $id serial in findmultipath call bsc1268201...
PT-2026-51553
A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the...
PT-2026-51632
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description The built-in Go SSH server in Gogs is subject to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to the ssh.NewServerConn...
PT-2026-51637
Name of the Vulnerable Software and Affected Versions Budibase server versions prior to 3.39.1 Description An issue exists where the enrichContext function substitutes parameter values into the raw JSON body of a query and then parses the result using JSON.parse. The validateQueryInputs function...
PT-2026-51507
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description Multiple OS command injection issues exist in the Custom MCP Server feature. These occur due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker wi...
PT-2026-51630
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Git LFS storage is content-addressed by OID Object Identifier alone, while per-repository authorization is managed in the lfs object table. The serveUpload function skips the re-upload process when an...
PT-2026-51629
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description An issue exists in the Repository.UploadRepoFiles function where symlink checks are performed only on the leaf of the upload target using osx.IsSymlinktargetPath, unlike other functions that validate...
PT-2026-51493
picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported tensor ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...
PT-2026-51539
An issue in the sqlo strip in join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
PT-2026-51529
NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response...
PT-2026-51605
Name of the Vulnerable Software and Affected Versions Fortra File Integrity Monitoring FIM versions prior to 9.4.0 Description An issue exists where incorrect or elevated effective permissions may be assigned to users created by the tetool import command while the software is running. This occurs...
PT-2026-51550
A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...