176044 matches found
PT-2026-40035
Name of the Vulnerable Software and Affected Versions Pocket ID versions prior to 2.6.0 Description The createTokenFromRefreshToken function in oidc service.go validates the cryptographic integrity of refresh tokens but fails to re-verify the user's current authorization state before issuing new...
PT-2026-40045
Name of the Vulnerable Software and Affected Versions LWP::UserAgent versions prior to 6.83 Description LWP::UserAgent leaks Authorization and Proxy-Authorization headers during cross-origin redirects. When a 3xx response is received, the redirect handler only removes the Host and Cookie headers...
PT-2026-40037
Name of the Vulnerable Software and Affected Versions Schneider Electric EcoStruxure Panel Server affected versions not specified Description An insecure default resource initialization issue exists that may cause credentials to revert to initial settings under rare circumstances. This allows...
PT-2026-40044
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU6 Description SQL injection in the web console allows a remote authenticated attacker to achieve remote code execution. SQL injection is a type of flaw where an attacker can interfere with the...
PT-2026-40068
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Description An issue exists involving the allocation of resources without limits or throttling...
PT-2026-40039
Name of the Vulnerable Software and Affected Versions Ivanti Secure Access Client versions prior to 22.8R6 Description A race condition allows a locally authenticated user to escalate privileges to SYSTEM. A race condition is a situation where the system's substantive behavior is dependent on the...
PT-2026-40038
Name of the Vulnerable Software and Affected Versions Ivanti Secure Access Client versions prior to 22.8R6 Description An incorrect permission assignment for a critical resource allows a local authenticated user to read or modify sensitive log data. This is possible through write access to a shar...
PT-2026-40074
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...
PT-2026-40213
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally...
PT-2026-40201
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
PT-2026-40198
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
PT-2026-40199
Access of resource using incompatible type 'type confusion' in Microsoft Office Word allows an unauthorized attacker to execute code locally...
PT-2026-40205
Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description External control of a file name or path allows an authorized attacker to execute arbitrary code over a network, which can affect the system. Recommendations At the moment, there is no...
PT-2026-40204
Name of the Vulnerable Software and Affected Versions Windows 11 versions 24H2 through 25H2 Description A heap-based buffer overflow and untrusted pointer dereference in the Windows Kernel allows an authorized attacker to elevate privileges locally to SYSTEM level. The issue resides in ntoskrnl.e...
PT-2026-40227
Name of the Vulnerable Software and Affected Versions Microsoft Dynamics 365 Business Central affected versions not specified Description Weak authentication procedures allow an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no information about a newer...
PT-2026-40210
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...
PT-2026-40212
Integer underflow wrap or wraparound in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
PT-2026-40219
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network...
PT-2026-40188
Name of the Vulnerable Software and Affected Versions Microsoft Office Click-To-Run affected versions not specified Description Insufficient granularity of access control in the Click-to-Run C2R technology of Microsoft Office and Microsoft 365 Apps for Enterprise allows an authorized attacker to...
PT-2026-40228
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...
PT-2026-40211
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally...
PT-2026-40202
Name of the Vulnerable Software and Affected Versions Microsoft Office Word affected versions not specified Description An untrusted pointer dereference allows an unauthorized attacker to execute arbitrary code locally and remotely, affecting the system. A pointer dereference occurs when a progra...
PT-2026-40225
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A use after free issue in the Windows TCP/IP stack allows an unauthorized attacker to execute code over a network. Use after free is a memory corruption flaw that occurs when an application...
PT-2026-40217
Name of the Vulnerable Software and Affected Versions Windows Win32K - GRFX affected versions not specified Description A heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. This issue can potentially be used to escape a virtual machine...
PT-2026-40189
Name of the Vulnerable Software and Affected Versions Windows Admin Center affected versions not specified Description Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. This issue can be triggered by abusing the update path,...
PT-2026-40214
Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally...
PT-2026-40194
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
PT-2026-40193
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
PT-2026-40231
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network...
PT-2026-40221
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...
PT-2026-40191
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
PT-2026-40223
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network...
PT-2026-40224
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network...
PT-2026-40209
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack...
PT-2026-40229
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...
PT-2026-40192
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
PT-2026-40216
Name of the Vulnerable Software and Affected Versions Windows Hyper-V affected versions not specified Description A use after free issue in Windows Hyper-V allows an unauthorized attacker to perform a guest-to-host attack to elevate privileges locally to SYSTEM level. Use after free is a memory...
PT-2026-40220
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
PT-2026-40234
Name of the Vulnerable Software and Affected Versions Windows Server versions prior to May 12, 2026 Description A stack-based buffer overflow exists in the Windows Netlogon service, specifically within the MS-NRPC handler. This flaw allows an unauthenticated remote attacker to execute arbitrary...
PT-2026-40195
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...
PT-2026-40185
Missing release of memory after effective lifetime in Windows Internet Key Exchange IKE Protocol allows an unauthorized attacker to deny service over a network...
PT-2026-40255
Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...
PT-2026-40240
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally...
PT-2026-40253
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...
PT-2026-40249
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...
PT-2026-40250
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...
PT-2026-40244
Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...
PT-2026-40257
Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description Improper access control allows an unauthorized attacker to perform spoofing locally...
PT-2026-40235
Improper control of generation of code 'code injection' in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network...
PT-2026-40267
A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to improper access control via...