176044 matches found
PT-2026-39979
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All...
PT-2026-39989
A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application contains hardcoded key which is us...
PT-2026-39992
A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current...
PT-2026-39978
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A null pointer dereference occurs during the processing of specially crafted IPv4 requests. This issue allows an attacker to trigger a denial of service conditio...
PT-2026-39980
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...
PT-2026-39990
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All versions, blueplanet...
PT-2026-39996
Name of the Vulnerable Software and Affected Versions multiparty versions prior to 4.3.0 Description A denial of service issue exists due to regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload containing a long header value can cause...
PT-2026-39988
A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application does not properly encode or filter...
PT-2026-40016
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through = 11.4.0...
PT-2026-40017
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Insufficient Entropy occurs when the randomness used in session-management protections is inadequate, potentially allowing a network-based attacker to gain...
PT-2026-40012
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through = 1.4.0.3...
PT-2026-40015
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through = 4.3.0...
PT-2026-40014
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...
PT-2026-40004
Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-S allows Privilege Escalation. This issue affects Turboard FOR-S: from 7.01.2026 before 18.02.2026...
PT-2026-40008
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...
PT-2026-40011
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...
PT-2026-40007
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...
PT-2026-40006
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...
PT-2026-40013
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through = 1.1.7.1...
PT-2026-40009
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views for WPForms: from n/a through = 3.4.6...
PT-2026-40005
The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information...
PT-2026-40010
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.2...
PT-2026-40018
Name of the Vulnerable Software and Affected Versions Siemens Simcenter Femap affected versions not specified Description Memory corruption occurs during the parsing of specially crafted IPT files. This flaw allows an attacker to execute arbitrary code within the context of the current process...
PT-2026-40021
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150.0.3 Description JIT miscompilation occurs within the JIT component of the JavaScript Engine. JIT Just-In-Time compilation is a method used to improve the execution speed of programs by compiling code during runtim...
PT-2026-40022
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3...
PT-2026-40028
Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can use the IMAP SETACL command to inject the anyone permission into a user's dovecot-acl file, bypassing the imap acl allow anyone=no configuration. This allows folders to be spammed...
PT-2026-40029
Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...
PT-2026-40019
CWE-22: Improper Limitation of a Pathname to a Restricted Directory “Path Traversal” vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing...
PT-2026-40026
Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution...
PT-2026-40031
pam authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer lookup tcp src/peer lookup.c:134, prior to the fix allowed a crafted NETLINK SOCK DIAG reply to slip past the message-size check...
PT-2026-40032
sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...
PT-2026-40025
Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.4-1.1 Description An attacker positioned between Dovecot and the client connection can use a specially crafted base64 exchange to fake SCRAM TLS channel binding. This allows the attacker to act as a MITM...
PT-2026-40024
Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description When the safe filter is used with variable expansion, subsequent pipelines on the same string are incorrectly treated as safe. This behavior allows unsafe data to be unescaped, which can lead to...
PT-2026-40027
Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can upload a malicious Sieve script via the 'ManageSieve' service or local access to bypass configured CPU time limits for Sieve by up to 130 times the limit. This can lead to degrade...
PT-2026-40030
Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can cause uncontrolled memory usage via excessive bracing over IMAP. A previous fix was incomplete as it only blocked closing braces, allowing the memory limit to be bypassed using op...
PT-2026-40085
Untrusted pointer dereference for some IntelR QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of...
PT-2026-40101
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability i...
PT-2026-40087
Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements a...
PT-2026-40078
Improper input validation for some Intel Endpoint Management Assistant EMA software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation...
PT-2026-40090
Uncontrolled search path for some IntelR Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may...
PT-2026-40104
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool send tokens, execute contract, instantiate contract, upload wasm, ibc transfer, etc. accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded ...
PT-2026-40086
Out-of-bounds read for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may...
PT-2026-40098
Null pointer dereference for some IntelR QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...
PT-2026-40079
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...
PT-2026-40097
Improper input validation for some IntelR QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...
PT-2026-40107
Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted requests to PAM API endpoints. This issue affects the following versions : Devolutions Server...
PT-2026-40095
Divide by zero for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...
PT-2026-40077
Name of the Vulnerable Software and Affected Versions IntelR Processors affected versions not specified Description Shared microarchitectural predictor state that influences transient execution for some processors within VMX non-root guest operation may lead to information disclosure. An...
PT-2026-40084
Incorrect default permissions for some IntelR NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation ...
PT-2026-40092
Unchecked return value for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ma...