186967 matches found
PT-2026-51595
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.10.0 through 2.18.7 jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.1.0 through 3.1.3 Description An issue exists in the PolymorphicTypeValidator PTV, the primary safety mechanism for...
PT-2026-51598
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.8.0 through 2.18.8 jackson-databind versions 2.21.0 through 2.21.4 jackson-databind versions 3.0.0 through 3.1.3 Description In the createContextual function of BeanDeserializerBase, per-property @JsonIgnoreProperti...
PT-2026-51600
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description In the BeanDeserializer. deserializeUsingPropertyBased function, the active-view @JsonView filter was applied only to creator properties,...
PT-2026-51563
Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description A one-byte stack out-of-bounds write exists in the dhcp6 makemessage function within src/dhcp6.c. Unauthenticated attackers on the same link can trigger this by serializing an oversized RFC6603 OPTIO...
PT-2026-51488
Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a maliciou...
PT-2026-51621
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description An open redirect issue exists where attacker-controlled redirect to parameters can bypass validation, allowing redirection to arbitrary external sites. This occurs in all redirects validated via the...
PT-2026-51589
Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description A flaw in the H.266 parser occurs when processing a malformed H.266/VVC video stream containing a crafted aspect ratio indicator value. This leads to an out-of-bounds read o...
PT-2026-51645
Impact A vulnerability was identified in Snipe-IT v8.4.0 build 21280-g91a95dbc6 that allows any authenticated user with generic asset edit permissions to delete files attached to any asset in the system, regardless of ownership or company assignment. This constitutes an Insecure Direct Object...
PT-2026-51441
Summary The ticket creation endpoint accepts a user-supplied service identifier without enforcing ownership validation, allowing authenticated users to create support tickets referencing services belonging to other accounts by modifying the service ID in the request. Technical Details The ticket...
PT-2026-51433
Vulnerability Details CWE: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory The official docker-compose.yml line 61 mounts the entire project root directory as the Apache document root: yaml volumes: - "./:/var/www/html/AVideo" This causes the .env file —...
PT-2026-51455
Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.6.0 Description Actual is a local-first personal finance tool that fails to neutralize formula-trigger characters when exporting data to CSV. The functions exportToCSV and exportQueryToCSV in...
PT-2026-51447
Name of the Vulnerable Software and Affected Versions @actual-app/cli versions prior to 26.6.0 Description The @actual-app/cli tool contains a CSV serialization issue in the escapeCsv function within packages/cli/src/output.ts. When the --format csv option is used, the serializer only handles...
PT-2026-51305
Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Container Platform 4 affected versions not specified Description A flaw exists in the Windows Machine Config Operator WMCO where the WICD CSR auto-approver validates that a Certificate Signing Request contains the organizatio...
PT-2026-51392
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The MessagePackReader.TrySkip function recursively descends into nested arrays and maps without incrementing the reader depth or triggering...
PT-2026-52474
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0663 Description A Vimscript code injection issue exists in the s:NetrwLocalRmFile function within the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. The probl...
PT-2020-8615
This update for xar fixes the following issues: Changes in xar: - Switch to the maintained Apple xar lineage build 503, versioned 1.8.0.0.503: the mackyle 1.6.1 fork this package tracked has been dead since 2012, and Debian, Fedora and Gentoo all moved to Apple's xar apple-oss-distributions/xar...
PT-2020-8614
This update for xar fixes the following issues: Changes in xar: - Switch to the maintained Apple xar lineage build 503, versioned 1.8.0.0.503: the mackyle 1.6.1 fork this package tracked has been dead since 2012, and Debian, Fedora and Gentoo all moved to Apple's xar apple-oss-distributions/xar...
PT-2026-51315
Name of the Vulnerable Software and Affected Versions libxml2 versions 2.9.11 through 2.11.0 Description A Use After Free issue exists in the xmlParseInternalSubset function of libxml2. This occurs due to improper entity resolution handling, which allows a remote attacker to cause a...
PT-2026-51387
Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.11.4 Filament versions 5.0.0 through 5.6.4 Description The login page contains a timing discrepancy that enables unauthenticated attackers to perform email enumeration. This allows an attacker to determine if ...
PT-2026-51337
Name of the Vulnerable Software and Affected Versions Angular Language Service VS Code Extension versions prior to 21.2.4 Description The client-side extension reads custom TypeScript SDK paths from workspace configurations in .vscode/settings.json without verifying the VS Code Workspace Trust...
PT-2026-51396
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. Specifically, the...
PT-2026-51291
An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...
PT-2026-51286
A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability...
PT-2026-51417
Name of the Vulnerable Software and Affected Versions Nuxt versions 3.x prior to 3.21.7 Nuxt versions 4.0.0 through 4.4.6 Description Nuxt fails to validate script-capable URLs in the navigateTo open option, which allows for client-side script execution. When user-controlled input is passed to...
PT-2026-51331
Name of the Vulnerable Software and Affected Versions IBM Storage Protect Client versions 8.1.0.0 through 8.2.1.0 IBM Storage Protect Snapshot For Windows versions 8.1.0.0 through 8.2.1.0 Description An authentication bypass exists in the FlashCopy Manager FCM authentication mechanism. The...
PT-2026-51377
Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure...
PT-2026-51402
Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description Multiple SQL injection issues exist in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization...
PT-2026-51376
Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite WMS versions prior to 2605 Description An Improper Neutralization of Special Elements used in an SQL Command SQL Injection exists. This allows a low privileged attacker with remote access to potentially gain...
PT-2026-51290
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...
PT-2026-51400
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The InterfaceLookupFormatter constructs an internal Dictionary using the default equality comparer instead of the security-aware comparer provide...
PT-2026-51318
Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...
PT-2026-51397
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Runtime-generated union deserializers emitted by DynamicUnionResolver fail to call MessagePackSecurity.DepthStepref reader and do not decrement...
PT-2026-51398
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The UnsafeBlitFormatterBase.Deserialize function reads an attacker-controlled byteLength from an extension payload and allocates an array based o...
PT-2026-51341
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.8.4 Description Improper authorization enforcement in the Streamable MCP transport endpoint allows unauthenticated attackers to access protected MCP project resources and execute MCP operations...
PT-2026-51283
Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.2.0 through 2.9.0 Description Improper escaping of database table names in the CaptureChangeMySQL Processor allows for the injection of SQL commands through crafted naming. This issue affects installations utilizing the...
PT-2026-51345
Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...
PT-2026-51316
Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost version 11.6.2 Mattermost version 11.5.5 Mattermost version 10.11.17 Description Remote unauthenticated attackers can inject a rogue sharedSecret and disrupt the Jira integration. This occurs during the...
PT-2026-51416
Name of the Vulnerable Software and Affected Versions Nuxt versions 3.x prior to 3.21.7 Nuxt versions 4.0.0 through 4.4.6 Description The reloadNuxtApp function accepts protocol-relative paths, such as //evil.com. These paths bypass the script-protocol check and resolve to a cross-origin URL base...
PT-2026-51338
Name of the Vulnerable Software and Affected Versions Angular Language Service VS Code Extension versions prior to 21.2.4 Description The client-side extension configures the tooltip Markdown renderer with the isTrusted: true option, causing VS Code to trust all rendered content and enable active...
PT-2026-51378
Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 2605 Description An improper link resolution before file access allows a low privileged attacker with local access to potentially gain unauthorized access. Recommendations Update to version 2605 or...
PT-2026-51278
The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...
PT-2026-51300
Name of the Vulnerable Software and Affected Versions ArubaSign versions prior to 4.6.6 Description Incorrect default permissions are assigned during the installation of the software. The main executable and other program files located in "C:Program Files" have excessive permissions for the...
PT-2026-51334
Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Lack of authentication when using the snapshot diff functions allows a local attacker to access information that is otherwise read protected. Recommendations Update to version 1.3.3 or later...
PT-2026-51276
The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2026-51347
A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...
PT-2026-51273
Name of the Vulnerable Software and Affected Versions ASUS Armoury Crate affected versions not specified Description A permissive list of allowed inputs allows a local administrator to bypass the validation mechanism. This can lead to arbitrary memory read/write operations or cause a system crash...
PT-2026-51535
CVE ID :CVE-2026-12845 Published : June 21, 2026, 10:32 p.m. | 1 hour, 54 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-55281
This update for rpcbind fixes the following issues - Update to rpcbind 1.2.9 bsc1267212 https://lore.kernel.org/linux-nfs/[email protected]/ rpcinfo: stack buffer overflow in rpcinfo rpcbaddrlist rpcbind: Stop unauthenticated oversized allocation in PMAPPROC CALLIT...
PT-2026-52995
Уязвимость программного обеспечения для удалённого доступа и управления AnyDesk связана с переполнением буфера в динамической памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путем отправки специально сформированного пакета...
PT-2026-55193
Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...