175962 matches found
PT-2026-40760
Name of the Vulnerable Software and Affected Versions Zoom Workplace VDI Plugin Windows Universal Installer versions prior to 6.6.11 Description An issue exists where external control of a file name or path may allow an authenticated user with local access to achieve escalation of privilege...
PT-2026-40759
Name of the Vulnerable Software and Affected Versions Zoom Workplace for iOS versions prior to 7.0.0 Description A protection mechanism failure allows an authenticated user with physical access to the device to conduct a disclosure of information. Recommendations Update to version 7.0.0 or later...
PT-2026-40634
Name of the Vulnerable Software and Affected Versions OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a Description A path injection issue exists in the binary program compiled from glue generator.cpp. The software fails to validate file path parameters passed via the command line, specifically...
PT-2026-40761
Name of the Vulnerable Software and Affected Versions Zoom Rooms for Windows versions prior to 7.0.0 Description An untrusted search path in the installer allows an authenticated user with local access to achieve escalation of privilege. Recommendations Update to version 7.0.0 or later...
PT-2026-40582
The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-slick' attribute in all versions up to, and including, 24.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-40792
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An Out-of-Memory OOM condition can be triggered by overloading the server through the use of the $ timeGroup macro. This issue requires the use of a SQL...
PT-2026-40775
Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...
PT-2026-40731
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.3 Description A sandbox breakout allows attackers to execute arbitrary commands on the host system. This occurs because a host exception can be caught using the yield expression within an async generator. When the...
PT-2026-40814
Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.3 Description An administrator with documents edit permission can save raw PHP code into the Invoice Editor. When any administrator clicks Print on an order, the rendered template is written to files/print..php...
PT-2026-40815
Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description An Authenticated Server-Side Template Injection SSTI exists in multiple modules, including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied...
PT-2026-40697
Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.8 protobufjs versions prior to 8.2.0 Description protobufjs compiles protobuf definitions into JavaScript functions. The software can recurse without a depth limit when expanding nested JSON descriptors through...
PT-2026-40830
Name of the Vulnerable Software and Affected Versions OPNsense versions prior to 26.1.8 Description Unsanitized user input is passed to the DHCP configuration of the configured interface and subsequently processed by a shell script. This allows remote code execution as root on the underlying...
PT-2026-40801
Name of the Vulnerable Software and Affected Versions Quark Drive versions prior to 0.8.5 Description A mass assignment issue exists in the "POST /update" endpoint. Authenticated attackers can overwrite administrator credentials by submitting an arbitrary webui object to the config data dictionar...
PT-2026-40800
Name of the Vulnerable Software and Affected Versions Quark Drive versions prior to 0.8.5 Description A stored cross-site scripting issue exists in the System Configuration page. The template renders push config key names using the Vue.js v-html directive without proper escaping. Authenticated...
PT-2026-40690
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM SVM implementation where CR8 write interception remains enabled after AVIC Advanced Virtual Interrupt Controller is activated. This occurs because the...
PT-2026-40684
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/i915/vrr component where writing to TRANS VRR VMAX or FLIPLINE before enabling TRANS DDI FUNC CTL can cause a system hang with a Machine Check Exception MCE on...
PT-2026-40646
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When a SIP Session Initiation Protocol profile is configured on a virtual server, undisclosed traffic can cause the...
PT-2026-40655
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A heap-use-after-free error exists in the ngx http ssl module module. This occurs when the ssl verify client directive is set to "on" or...
PT-2026-40648
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description When configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address. This can lead to the bypass of...
PT-2026-40647
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Recommendations Update to version...
PT-2026-40832
Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information CWE-319 vulnerability. A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially resulting in information disclosure or data tampering...
PT-2026-40659
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IQ versions prior to 17.5.1.4 Description An improper sanitization issue in the QKView utility allows a low-privileged attacker to read sensitive information from a QKView file. Recommendations Updat...
PT-2026-40661
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can lead to excessive resource allocation and increased memory...
PT-2026-40660
Name of the Vulnerable Software and Affected Versions iControl REST affected versions not specified Description A flaw in iControl REST allows a highly privileged, authenticated attacker with at least the Manager role to create configuration objects that enable the execution of arbitrary commands...
PT-2026-40657
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description An issue exists in an undisclosed TMOS Shell tmsh command that allows an authenticated attacker with administrator or...
PT-2026-40662
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description A configuration command injection issue exists where a highly privileged, authenticated attacker with at least the...
PT-2026-40666
Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.1.3.2 BIG-IP versions prior to 17.5.1.6 BIG-IP versions prior to 21.0.0.2 BIG-IQ versions prior to 17.1.3.2 BIG-IQ versions prior to 17.5.1.6 BIG-IQ versions prior to 21.0.0.2 Description Incorrect permission...
PT-2026-40667
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description An authenticated attacker can send undisclosed requests to the 'iControl REST' endpoint, which may result in an...
PT-2026-40696
In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo file: remember retrieve status LUO keeps track of successful retrieve attempts on a LUO file. It does so to avoid multiple retrievals of the same file. Multiple retrievals cause problems because once the file is...
PT-2026-40675
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic ca...
PT-2026-40678
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When operating in Appliance mode, an authenticated attacker with the 'Administrator' role can bypass system restrictions...
PT-2026-40683
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sps30 i2c read meas function within the iio: chemical: sps30 i2c component. The sizeofnum expression incorrectly evaluates to the size of size t 8 bytes on 64-bit...
PT-2026-40682
Name of the Vulnerable Software and Affected Versions NGINX affected versions not specified Description An issue in the ngx http scgi module and ngx http uwsgi module modules can lead to excessive memory allocation or an over-read of data. When scgi pass or uwsgi pass is configured, an...
PT-2026-40693
In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set access flags no-op check for SMMU/ATS faults contpte ptep set access flags compared the gathered ptep get value against the requested entry to detect no-ops. ptep get ORs AF/dirty from all sub-PTEs in the...
PT-2026-40838
Name of the Vulnerable Software and Affected Versions Drupal Colorbox Inline versions 0.0.0 through 2.1.0 Description An issue in the Drupal Colorbox Inline module, which allows opening page content within a colorbox, occurs because the module does not sufficiently sanitize the data-colorbox-inli...
PT-2026-40839
Name of the Vulnerable Software and Affected Versions Date iCal versions 0.0.0 through 4.0.14 Description A missing authorization issue in the Date iCal module, which exports entity date fields as iCal feeds, allows forceful browsing. The module fails to sufficiently check entity or field access...
PT-2026-40837
Name of the Vulnerable Software and Affected Versions Translate Drupal with GTranslate versions 0.0.0 through 3.0.4 Description A Modification of Assumed-Immutable Data MAID issue in the GTranslate module allows Resource Location Spoofing. The module's widget JavaScript fails to sufficiently...
PT-2026-40681
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source versions 0.6.27 through 1.30.0 Description A heap buffer overflow exists in the ngx http rewrite module module of NGINX. The issue occurs when a rewrite directive is followed by a...
PT-2026-40680
Name of the Vulnerable Software and Affected Versions BIG-IP affected versions not specified BIG-IQ affected versions not specified Description Incorrect permission assignment issues exist in the BIG-IP and BIG-IQ TMOS Shell tmsh 'arp' and 'ndp' commands, as well as in BIG-IP iControl REST. These...
PT-2026-40805
Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description An unauthenticated Reflected Cross-Site Scripting XSS issue exists in the search feature. A logic flaw in the classes/catalogue.class.php file allows user input to be reflected without sanitization...
PT-2026-40807
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...
PT-2026-40806
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...
PT-2026-40587
Name of the Vulnerable Software and Affected Versions malcontent version 0.14.0 Description A D-Bus method RecordUsage in malcontent-timerd allows arbitrary system users to exhaust disk space in the /var/lib/malcontent-timerd directory. Recommendations At the moment, there is no information about...
PT-2026-40813
Name of the Vulnerable Software and Affected Versions CubeCart versions 6.6.x through 6.7.1 Description CubeCart builds the CC STORE URL constant directly from the Host request header during bootstrap without using an allowlist. This constant is embedded into transactional email links, specifical...
PT-2026-40811
Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description An authenticated arbitrary file upload flaw exists in the REST API File Manager endpoint "POST /api/v1/files". Users possessing an API key with files:rw permissions can upload PHP source files to th...
PT-2026-40695
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the xHCI controller where a Host Controller Error HCE occurs during UAS Storage Device plug/unplug scenarios on Android devices. The xhci irq function checks for HCE,...
PT-2026-40694
In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing random system freezes. The drive belongs to the same BarraCuda family as the ST2000DM008-2FR102...
PT-2026-40691
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mmc core where the host-claimed bit shares a word with retune flags. This configuration leads to Read-Modify-Write RMW side effects in asynchronous contexts...
PT-2026-40692
In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN ON in ACPI probes These WARN ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so just drop them, as they are most likely harmless...
PT-2026-40777
Content removed...