186967 matches found
PT-2026-51281
Name of the Vulnerable Software and Affected Versions Apache Doris MCP Server versions prior to 0.6.1 Description A SQL injection exists in a metadata query path where a user-controlled database name is directly interpolated into a SQL query. The query is executed without the caller's authorizati...
PT-2026-51372
WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG PATH directory by sending requests with percent-encoded backslashes %5C that bypass the path.Clean sanitization in handler/router.go...
PT-2026-51448
Name of the Vulnerable Software and Affected Versions @actual-app/sync-server versions prior to 26.6.0 Description An authorization asymmetry exists in the @actual-app/sync-server component of Actual. In OpenID multi-user deployments, the GET /secret/:name endpoint only verifies that a user has a...
PT-2026-51393
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The parameterless MessagePackInputFormatter constructor uses default serializer options that resolve to MessagePackSerializerOptions.Standard wit...
PT-2026-51403
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A denial of service issue exists in the 'POST /app/demo' endpoint. Authenticated users with organization write permissions can create an unlimited number of demo applications because the system lack...
PT-2026-51343
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database...
PT-2026-51399
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the...
PT-2026-51379
Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate function in models/attachment.go processes Office documents as ZI...
PT-2026-51295
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...
PT-2026-51443
Summary Certain federation endpoints do not consistently apply output encoding when rendering user-supplied parameters into HTML responses. Under a non-default configuration used in some clustered deployments, this inconsistency can result in reflected XSS in the OpenAM origin without...
PT-2026-51427
A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In bt iso recv subsys/bluetooth/host/iso.c, when processing PB=START/SINGLE fragments, the code pulls a TS SDU header 8 bytes, ts=1 or a non-TS SDU header 4 bytes, ts=0 without...
PT-2026-51446
Name of the Vulnerable Software and Affected Versions OpenDJ Community Edition versions prior to 5.1.1 Description A Deserialization of Untrusted Data issue in the JMX RMI connector allows an unauthenticated remote attacker to deserialize arbitrary Java objects on the server. The issue occurs...
PT-2026-51439
Summary The PayPal webhook endpoint /extensions/paypal/webhook processes the PAYPAL-CERT-URL HTTP header without validation, allowing attackers to control server-side HTTP request destinations. Technical details: The /extensions/paypal/webhook endpoint processes incoming webhook requests and trus...
PT-2026-55436
This update for rpcbind fixes the following issues - Update to rpcbind 1.2.9 bsc1267212 https://lore.kernel.org/linux-nfs/[email protected]/ rpcinfo: stack buffer overflow in rpcinfo rpcbaddrlist rpcbind: Stop unauthenticated oversized allocation in PMAPPROC CALLIT...
PT-2026-51389
Name of the Vulnerable Software and Affected Versions Filament versions prior to 3.3.52 Filament versions prior to 4.11.5 Filament versions prior to 5.6.5 Description Filament applies Livewire's WithFileUploads trait to components where schemas may contain file upload fields. Certain schemas, suc...
PT-2026-51317
The vulnerability is present in the ‘/addJugador’ endpoint: The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other users’ information without requiring prior authorization validation. This could enable an authenticated attacker to alter any user’s ID and change their...
PT-2026-51456
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description A specially crafted issue index pattern can cause a panic during rendering, leading to a denial of service. In the internal/markup/markup.go file, the RenderIssueIndexPattern function uses com.Expand t...
PT-2026-51381
Name of the Vulnerable Software and Affected Versions phpseclib versions 0.1.1 through 1.0.29 phpseclib versions 2.0.0 through 2.0.54 phpseclib versions 3.0.0 through 3.0.53 Description An insecure default in the library allows an unauthenticated attacker to perform Server-Side Request Forgery...
PT-2026-51307
Name of the Vulnerable Software and Affected Versions MISP Core affected versions not specified Description Broken access-control checks exist in the bulk deletion flows for Event Reports and Sharing Groups. The deleteSelection handlers authorized deletions using broad role-level permissions...
PT-2026-51445
Name of the Vulnerable Software and Affected Versions MotionEye affected versions not specified Description An authentication bypass occurs because the application improperly trusts client-controlled cookies. The server accepts the cookies meye username and meye password hash as sufficient...
PT-2026-51425
Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2 fetch direntry subsys/fs/ext2/ext2 diskops.c, the code only checks de name len = EXT2 MAX FILE NAME and then copies the name with...
PT-2026-51277
The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2026-51289
EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in...
PT-2026-51442
Name of the Vulnerable Software and Affected Versions Inspektor Gadget versions 0.28.0 and later Description A malicious container can crash or destabilize the privileged Inspektor Gadget process when a gadget using USDT User-level Statically Defined Tracing probes is deployed. The issue exists i...
PT-2026-51394
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description When decompressing Lz4Block or Lz4BlockArray payloads, the software reads declared uncompressed lengths from the wire and allocates output buffer...
PT-2026-51409
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description The software fails to filter deleted app versions when joining channels during the resolution of the '/updates' endpoint. This occurs due to a missing app versions.deleted filter in channel version...
PT-2026-51292
Name of the Vulnerable Software and Affected Versions Net::Statsite::Client versions prior to 1.1.1 Description Net::Statsite::Client, a client for the statsite protocol a variant of statsd, allows metric injections. This occurs because newlines are not removed from metric names, and values are n...
PT-2026-51329
A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths...
PT-2026-51452
Name of the Vulnerable Software and Affected Versions Budibase versions 3.37.2 through 3.38.x Description Budibase contains an issue where the GET /api/chat-links/:instance/:token/handoff endpoint is public and lacks authentication and Cross-Site Request Forgery CSRF protection. This allows an...
PT-2026-51333
Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description A path traversal issue exists when using the configName parameter. This allows a local attacker to utilize malicious configuration files for snapper, which can lead to a denial of service or potenti...
PT-2026-51386
Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.3.10 Description mise processes .tool-versions files using the Tera template engine, which includes a registered exec function that allows for arbitrary command execution. In the default non-paranoid mode,...
PT-2026-51428
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description A malicious user with permissions to create files in a repository or wiki page can trigger a denial of service. This occurs when pages containing file listings return an HTTP 500 error, rendering the w...
PT-2026-51296
Name of the Vulnerable Software and Affected Versions IBM Engineering Workflow Management versions 7.0.3 through 7.0.3 Interim Fix 020 IBM Engineering Workflow Management versions 7.1 through 7.1 Interim Fix 007 Description An issue exists where an authenticated user can embed arbitrary JavaScrip...
PT-2026-51401
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Typeless deserialization in MessagePack-CSharp uses MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType to prevent the...
PT-2026-51308
Name of the Vulnerable Software and Affected Versions MISP core affected versions not specified Description Broken access-control flaws exist where authorization checks are performed against incorrect entities or ownership and editability checks are missing on write paths. This allows a...
PT-2026-51824
CVE ID :CVE-2026-11825 Published : June 22, 2026, 4:47 p.m. | 1 hour, 43 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-51326
IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
PT-2026-51375
Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite WMS versions prior to 2605 Description An improper neutralization of special elements used in an SQL command, known as SQL Injection, allows a low privileged attacker with remote access to potentially gain unauthoriz...
PT-2026-55371
Impact Following the path-safety patches in GHSA-wx3m-whqv-xv47 v0.1.2, a comprehensive multi-angle audit surfaced five further vulnerabilities, now patched in v0.1.3: 1. source sha argument injection in git ls-tree CRITICAL. InstalledSkill.source sha deserialized from .skills.toml committed,...
PT-2026-51339
Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.10.1 Description An issue exists where unauthenticated attackers can restore and inherit authenticated user sessions. This occurs during WebSocket session restoration when a valid sessionId is presented without...
PT-2026-51352
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls...
PT-2026-51440
Summary The email update functionality fails to invalidate the existing verification state when a user changes their email address, allowing a verified account to retain its verified status after switching to an unverified or unowned email address. Technical Details When a user updated their emai...
PT-2026-51282
Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.15.0 through 2.9.0 Description Authorization handling for component configuration verification requests allows clients with read access to submit proposed configuration properties. These proposed properties override the...
PT-2026-51309
The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier session id as the OAuth state...
PT-2026-51275
The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox...
PT-2026-51310
Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A site administrator can configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Since log entries can contain attacker-controlled content, an authenticated attacker...
PT-2026-51342
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
PT-2026-51327
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...
PT-2026-51335
Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Incorrect caching of authentication between different polkit PolicyKit, a component for controlling privileges in Unix-like operating systems methods allows a local attacker to perform unauthorized...
PT-2026-51298
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description Improper isolation of Python execution combined with an authentication bypass allows an unauthenticated remote attacker to execute arbitrary code on the host system, leading to a comple...