187039 matches found
PT-2026-55278
This update for rpcbind fixes the following issues - Update to rpcbind 1.2.9 bsc1267212 https://lore.kernel.org/linux-nfs/[email protected]/ rpcinfo: stack buffer overflow in rpcinfo rpcbaddrlist rpcbind: Stop unauthenticated oversized allocation in PMAPPROC CALLIT...
PT-2026-51313
AIL did not restrict repeated failed attempts to verify a two-factor authentication OTP code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This could enable...
PT-2026-51449
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description An issue exists where webhooks follow redirects, allowing access to hostnames within localCIDRs Internet Protocol address ranges used for local networks. This leads to Server Side Request Forgery SSRF,...
PT-2026-51312
A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image,...
PT-2026-51320
Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost versions prior to 10.11.17 Description Insufficient enforcement of bot-specific permission checks on the user active status endpoint allows a User Manager with user management write access, but lacking...
PT-2026-51272
A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...
PT-2026-51270
A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories...
PT-2026-51395
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The ExpandoObjectFormatter.Deserialize function populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. Because...
PT-2026-51322
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.17 Mattermost versions 11.5.x through 11.5.5 Mattermost versions 11.6.x through 11.6.2 Mattermost versions 11.7.x through 11.7.0 Description An issue exists where the system fails to invalidate cached...
PT-2026-51411
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the '/functions/v1/channel self' endpoint. Unauthenticated remote attackers can send GET requests using arbitrary app id parameters to enumerate non-public...
PT-2026-51314
Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost version 11.6.2 Mattermost version 11.5.5 Mattermost version 10.11.17 Description An issue exists where the system fails to validate channel ownership of an existing subscription before applying edits. This...
PT-2026-51323
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques...
PT-2026-51360
Name of the Vulnerable Software and Affected Versions Autodesk Fusion Desktop affected versions not specified Description A flaw in the MCP extension allows arbitrary code execution when a user visits a maliciously crafted webpage while the software is running and the extension is enabled. A...
PT-2026-51437
OpenAM Open Identity Platform is an open-source Identity and Access Management IAM platform derived from ForgeRock OpenAM, providing SSO, OAuth2, SAML, and OpenID Connect capabilities. It is widely deployed in enterprise environments as a central authentication gateway. The /sessionservice...
PT-2026-51434
Summary The Authorize.Net webhook handler at plugin/AuthorizeNet/webhook.php contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying a valid transaction ID from a small legitimate purchase, the...
PT-2026-51280
The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing authenticated users with a custom Vitepos WordPress plugin before 3.4.2 role to escalate privileges to administrator...
PT-2026-51429
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description When ENABLE REVERSE PROXY AUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originat...
PT-2026-51430
Name of the Vulnerable Software and Affected Versions motionEye version 0.43.1 Description An absolute path traversal issue exists in the picture and movie API endpoints, such as '/picture/id/preview/filename'. The vulnerability occurs because the API handlers and functions get media preview and...
PT-2026-51444
Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.3 Spinnaker versions prior to 2025.4.4 Spinnaker versions prior to 2025.3.3 Description Unsafe YAML processing bypasses safe deserialization during CloudFormation...
PT-2026-51462
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description Authenticated users with automation permissions can bypass the Server-Side Request Forgery SSRF blacklist through DNS rebinding. This occurs because the outbound fetch flow resolves the DNS twice:...
PT-2026-51325
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 8.5 IBM WebSphere Application Server version 9.0 Description A remote attacker could bypass authentication to gain unauthorized access to JAX-WS applications. JAX-WS Java API for XML Web Services is a...
PT-2026-51407
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A weak parsing issue exists in the x-limited-key-id header. Remote attackers can bypass subkey enforcement by submitting duplicate headers, zero, or malformed values that result in falsy values or N...
PT-2026-55281
This update for rpcbind fixes the following issues - Update to rpcbind 1.2.9 bsc1267212 https://lore.kernel.org/linux-nfs/[email protected]/ rpcinfo: stack buffer overflow in rpcinfo rpcbaddrlist rpcbind: Stop unauthenticated oversized allocation in PMAPPROC CALLIT...
PT-2026-51349
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 Description A denial of service issue exists where a remote attacker can se...
PT-2026-51457
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Gogs is an open source self-hosted Git service. The endpoint '/attachments/:uuid' retrieves attachment records using the uuid variable provided in the URL and returns the corresponding local file witho...
PT-2026-52473
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0662 Description The dump prefixes function in src/spell.c iteratively walks a spell-file prefix trie using a depth counter to dump prefixes applying to a word. Because the counter is not checked against the size of t...
PT-2026-51388
Name of the Vulnerable Software and Affected Versions Filament versions prior to 4.11.5 Filament versions prior to 5.6.5 Description The ImageColumn and ImageEntry components render raw database values without escaping HTML. If the data passed to these components is not validated, an attacker can...
PT-2026-51431
Name of the Vulnerable Software and Affected Versions motionEye versions prior to 0.44.0 Description Configuration files /etc/motioneye/motion.conf and camera-.conf are created with 644 permissions, making them readable by any local user on the system. The motion.conf file contains sensitive data...
PT-2026-51380
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.1 Description A flaw exists where an attacker can craft a PDF file that triggers an infinite loop. This occurs when merging a file containing threads or articles into a writer. Recommendations Update to version...
PT-2026-51328
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...
PT-2026-56619
Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.6 Wireshark versions 4.4.0 through 4.4.16 Description The BLF file parser contains errors during variable initialization, which may lead to information disclosure of protected data. Recommendations Update...
PT-2026-51406
Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description A privilege inversion issue exists in the 'GET /build/logs/:jobId' endpoint. This endpoint utilizes Server-Sent Events SSE to stream output and registers an abort listener that invokes the...
PT-2026-51451
Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.6.0 Description In OpenID multi-user mode, disabling a user only prevents future OpenID logins for that identity. Existing session tokens remain valid because the shared session validation path does not check if the...
PT-2026-51279
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
PT-2026-51301
An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...
PT-2026-51302
The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host...
PT-2026-51461
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description An issue exists where a workspace-level builder can read any file the server process has access to by uploading a specially crafted PWA zip file. The POST /api/pwa/process-zip endpoint extracts the...
PT-2026-51321
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A sanitize-then-interpolate ordering bug exists in the geomap panel's XYZ tile layer. The sanitizeTextPanelContent function processes the raw template string...
PT-2026-51365
Name of the Vulnerable Software and Affected Versions ALSA library versions prior to 1.2.16.1 Description A double-free issue exists in the parse def function within src/conf.c. This occurs when the system parses nested compound or array configuration blocks and fails to check return values befor...
PT-2026-51332
Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.93-1.1 Description A heap-based buffer overflow occurs when DNSSEC validation and query logging are simultaneously enabled. The issue arises when logging DS or DNSKEY replies that contain unsupported algorithm or...
PT-2026-51402
Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description Multiple SQL injection issues exist in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization...
PT-2026-51432
Summary The set api signUp method in the API plugin accepts emailVerified, canUpload, canStream, and canCreateMeet parameters from user-supplied input and applies them to newly created accounts without verifying that the request was authenticated with a valid APISecret. Any anonymous user who can...
PT-2026-52075
Name of the Vulnerable Software and Affected Versions hamlib versions prior to 4.7.2 Description Multiple security issues exist in the rigctld component. A stack out-of-bounds write and uninitialized memory access occur within the send raw function. Additionally, a stack/heap overflow primitive i...
PT-2026-51311
Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authenticated site administrator can set the Kafka rdkafka config setting to an arbitrary filesystem path. The system parses the referenced INI file and passes its options to rdkafka. By usin...
PT-2026-55397
Summary The default formatGroup and formatResult functions in devbridge-autocomplete concatenate values into HTML without escaping, allowing XSS when an attacker controls or can taint the suggestion data source. Details 1. formatGroup — category is interpolated raw. src/format.ts: ts function...
PT-2026-51308
Name of the Vulnerable Software and Affected Versions MISP core affected versions not specified Description Broken access-control flaws exist where authorization checks are performed against incorrect entities or ownership and editability checks are missing on write paths. This allows a...
PT-2026-51824
CVE ID :CVE-2026-11825 Published : June 22, 2026, 4:47 p.m. | 1 hour, 43 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-51443
Summary Certain federation endpoints do not consistently apply output encoding when rendering user-supplied parameters into HTML responses. Under a non-default configuration used in some clustered deployments, this inconsistency can result in reflected XSS in the OpenAM origin without...
PT-2026-51401
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Typeless deserialization in MessagePack-CSharp uses MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType to prevent the...
PT-2026-51294
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources...