187129 matches found
PT-2026-51042
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authentication logic flaw exists where a user authorized to manage team or organization security settings can enforce mandatory two-factor authentication 2FA for all team members without having 2...
PT-2026-51188
Name of the Vulnerable Software and Affected Versions AOMEI Partition Assistant versions prior to 10.10.2 Description Improper access controls exist within the Kernel Driver component, specifically affecting unknown code in the ampa10.sys library. This issue allows a local attacker to manipulate...
PT-2026-51154
Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the require apikey expiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers wit...
PT-2026-51045
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description Authenticated users can modify the mutable public.users.email variable to arbitrary addresses. The SSO provisioning endpoint trusts this value as an account-merge key. This allows an attacker to...
PT-2026-51132
Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains insufficient authorization checks that allow unauthenticated attackers to delete and modify files on the server. This issue occurs within t...
PT-2026-51140
Name of the Vulnerable Software and Affected Versions WordPress Time Capsule Plugin version 1.21.16 Description An authentication bypass allows unauthenticated attackers to gain administrative access by sending a crafted POST request containing the IWP JSON PREFIX header. This flaw enables the...
PT-2026-51175
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description An authorization bypass exists in the Meet plugin's 'uploadRecordedVideo.json.php' endpoint. The system derives the target users id from the uploaded filename without proper verification. An attacker w...
PT-2026-51152
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the unauthenticated '/replication' endpoint. This allows attackers to retrieve internal PostgreSQL replication telemetry without authentication, exposing...
PT-2026-51136
Name of the Vulnerable Software and Affected Versions SP LMS versions prior to 4.1.4 Description SP LMS com splms by JoomShaper contains a PHP Object injection flaw where user-controlled cookie data is deserialized without validation. Specifically, the application passes the lmsOrders cookie to a...
PT-2026-53939
Affected versionf of memmap2 did not perform enough validation on the offset and len parameters of Mmap::unchecked advise range, MmapMut::unchecked advise ranage and MmapMut::flush async range. This can cause undefined behavior due to invalid values being passed to pointer::offset and pointer::ad...
PT-2026-51153
Name of the Vulnerable Software and Affected Versions capacitor-native-biometric versions prior to 12.128.2 Description An authentication bypass exists because the onAuthenticationSucceeded function fails to validate CryptoObject parameters. This allows attackers to use dynamic instrumentation to...
PT-2026-51158
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'stripe portal' and 'stripe checkout' endpoints. These endpoints accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers ca...
PT-2026-55717
bcrypt::verifypassword, hash and HashParts::from strhash panic in str::slice error fail when given a 60-byte &str containing a multi-byte UTF-8 character at certain byte positions. Impact Any Rust code that calls bcrypt::verify or HashParts::from str with an attacker-controlled hash string will...
PT-2026-51173
AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...
PT-2026-51189
A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploi...
PT-2026-51178
Name of the Vulnerable Software and Affected Versions GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN version 1.0 Description An issue exists where a crafted SQL statement can be used to access sensitive database information. This occurs via the scost parameter in the...
PT-2026-51043
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the public.upsert version meta SECURITY DEFINER function exposed via PostgREST RPC. This allows unauthenticated attackers to insert arbitrary rows into version meta...
PT-2026-51195
Name of the Vulnerable Software and Affected Versions Apache NiFi versions 0.0.1 through 2.9.0 Description Apache NiFi allows the construction of qualified URLs using several HTTP request headers that serve as alternatives to the standard Host header without validating the provided values. While ...
PT-2026-51130
Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A stored cross-site scripting issue exists due to the use of an outdated notebookjs library. While .ipynb previews are sanitized on the server side via the '/-/api/sanitize ipynb' endpoint,...
PT-2026-51072
Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description A CoreWCF service listening on a Kafka topic stops processing new records when the KafkaTransportPump receives a null-value tombstone record. A tombstone record is a...
PT-2026-51082
Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description When operating in object mode, the Oj.dump function is susceptible to a heap buffer overflow during the serialization of Exception objects if a large :indent value is used. The issue occurs because the...
PT-2026-55979
Name of the Vulnerable Software and Affected Versions Hugo versions 0.60.0 through 0.163.2 Description The default code-block renderer fails to perform HTML escaping when writing the Markdown code-fence language or info-string into the code element's class and data-lang attributes. An attacker ca...
PT-2026-50922
Name of the Vulnerable Software and Affected Versions Chromacam version 4.0.3.0 Description An unquoted service path issue exists in the PsyFrameGrabberService. This allows local attackers with write access to C: or subdirectories such as C:Program Files x86Personify to execute arbitrary code. By...
PT-2026-51092
Name of the Vulnerable Software and Affected Versions concurrent-ruby versions prior to 1.3.7 Description A synchronization correctness issue exists in the public Concurrent::ReadWriteLock API. The function release write lock does not verify if the calling thread actually acquired the write lock,...
PT-2026-50889
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An out-of-bounds read occurs in the NI grpc-device streaming API because of a missing bounds check. This issue can lead to a denial of service if an attacker provides a specially crafted writ...
PT-2026-50914
Name of the Vulnerable Software and Affected Versions Network Inventory Advisor version 5.0.26.0 Description The niaservice service is installed with an unquoted binary path. This configuration allows local attackers to escalate privileges by placing malicious executables in intermediate...
PT-2026-50985
Name of the Vulnerable Software and Affected Versions Joomla J-CruisePortal version 6.0.4 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the "cruises" endpoint using crafted SQL...
PT-2026-50835
Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...
PT-2026-56266
Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.4 Description Webview-based pages communicate with the Rust backend via an internal localhost API. User scripts included through iframes in the editor can bypass protections to access this API. A malicious imported...
PT-2026-54004
Name of the Vulnerable Software and Affected Versions MessagePack versions prior to 1.2.1 Description An out-of-bounds read occurs when an Unpacker is reused after an error has been caught, which can lead to a denial of service DoS attack. If the Unpacker is used repeatedly following such an erro...
PT-2026-51123
Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.32.0 through 2.36.0 Symfony UX versions 3.0.0 through 3.1.9 Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. Due to improper validation in...
PT-2026-51096
Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.30.2 Description An incomplete Server-Side Request Forgery SSRF protection exists in the Link Check API. The tools.IsInternalIP deny-list in internal/tools/net.go fails to block certain IPv6 transition mechanisms an...
PT-2026-51122
Name of the Vulnerable Software and Affected Versions Symfony UX Icons affected versions not specified Description The ux icon Twig function is marked as safe for HTML, which prevents Twig from escaping its output. The Icon::toHtml function inlines SVG source code directly into the page. Because...
PT-2026-51074
Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The NetNamedPipe transport in CoreWCF allows local interception of traffic. This occurs because the transport accepts attachments to pre-existing named pipe instances...
PT-2026-51068
Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0-ea.1 through 3.7.4 Description A fail-open authentication issue exists in the Kubernetes Ingress NGINX provider. When an Ingress explicitly enables BasicAuth or DigestAuth using the nginx.ingress.kubernetes.io/auth-type...
PT-2026-51075
Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description CoreWCF UnixDomainSocket POSIX peer identity resolution utilizes non-reentrant getpwuid and getgrgid calls. This creates a race condition where concurrent connections...
PT-2026-51076
Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML token replay protection is inoperative because the DefaultTokenReplayCache.TryAdd function does not reject duplicate tokens when DetectReplayedTokens is enabled...
PT-2026-51008
Name of the Vulnerable Software and Affected Versions @microsoft/kiota-http-fetchlibrary versions 1.0.0-preview.97 through 1.0.0-preview.101 Description The RedirectHandler in the library fails to properly remove sensitive headers during cross-origin redirects. While it is intended to strip...
PT-2026-53770
Gzip Decompression Bomb Bypasses Sitemap Size Limit Summary ultimate-sitemap-parser enforces a 100 MiB size limit on sitemap responses, but applies it only to the compressed bytes received over the network. When a .gz sitemap is fetched, usp/helpers.py:239 calls gzip lib.decompressdata with no...
PT-2026-50843
Name of the Vulnerable Software and Affected Versions BetterDocs Pro versions prior to 3.8.1 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. Unauthenticated attackers can exploit this via the doc style...
PT-2026-50877
Name of the Vulnerable Software and Affected Versions Microsoft HEIF Image Extensions version 1.2.22.0 Description An out-of-bounds read occurs because the CHEIFItemInfoEntry GetDataSize function can return a success status while leaving the reported data size at 0. This leads a caller to perform...
PT-2026-51036
Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication bypass exists in the OTP One-Time Password verification process. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely indicate that...
PT-2026-51055
Name of the Vulnerable Software and Affected Versions symfony/ux-autocomplete versions prior to 2.x symfony/ux-autocomplete versions prior to 3.x Description The Stimulus controller in the software renders AJAX response items into a dropdown by interpolating the text field directly into HTML...
PT-2026-50911
Name of the Vulnerable Software and Affected Versions Wise Care 365 version 4.27 Wise Disk Cleaner version 9.29 Description An unquoted service path issue exists in the WiseBootAssistant and SpyHunter 4 Service. This allows local users to execute arbitrary code with SYSTEM privileges by placing...
PT-2026-50888
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An untrusted pointer dereference exists in the sideband streaming API. This issue allows an attacker to trigger an arbitrary memory dereference, which could lead to remote code execution...
PT-2026-51033
Name of the Vulnerable Software and Affected Versions Microsoft Exchange Online affected versions not specified Description Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. There have been reports of elevated activities targeti...
PT-2026-51061
Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.6.0 Description The Konnected integration registers an HTTP endpoint 'KonnectedView' located in homeassistant/components/konnected/ init .py that is configured to not require authentication. While write...
PT-2026-51013
Name of the Vulnerable Software and Affected Versions Gonic versions prior to 0.21.0 Description A logic error in the ServeCreateOrUpdatePlaylist function allows for arbitrary file write operations within the music streaming server. Recommendations Update to version 0.21.0 or later. As a temporar...
PT-2026-50891
Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An unchecked enum cast issue exists in the BeginSidebandStream function. An attacker can trigger invalid enum states and undefined behavior by supplying a specially crafted message containing...
PT-2026-51040
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Improper access control exists in the SECURITY DEFINER PostgREST RPC function public.record build time. This function is granted to the anon role and can be called using only the public Supabase...