187186 matches found
PT-2026-53779
Lokka versions prior to 2.1.2 constructed Azure Resource Manager request URLs using direct string concatenation with user-controlled path input. Specially crafted path values could alter URL authority parsing and cause Azure Resource Manager bearer tokens to be sent to an unintended host. Version...
PT-2026-53783
SurrealDB fetches the JWKS document for a JWT or record access method using a bare reqwest client that follows HTTP redirects by default. The network capability check in core/src/iam/jwks.rs check capabilities url is applied only to the originally configured URL; redirect targets are not...
PT-2026-53767
Summary EnvironmentManager.backup recursively collects files using collectBackupFiles. collectBackupFiles uses statSyncfull, which follows symlinks. If data/ contains a symlink to a directory outside the environment root, backup recursion follows the symlink and copies external files into...
PT-2026-53766
Summary On a multi-tenant stigmem node, a caller holding a write credential for one tenant can run a decay sweep that acts on every tenant's facts. The candidate-selection queries in lifecycle/decay.py select ttl candidates, select confidence candidates carried no tenant id predicate, and the...
PT-2026-51094
Summary convert builds the nested tree by using each flat record's id and parent field values directly as object keys, with no guard against proto / constructor / prototype. A record whose parent is the string " proto " makes tempparent resolve to Object.prototype, and the following initPush...
PT-2026-50987
Name of the Vulnerable Software and Affected Versions J-ClassifiedsManager version 3.0.5 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. By submitting crafted payloads to the 'displayads' component...
PT-2026-53768
Summary The Order::setPaymentAmount method accepts any float value without enforcing a minimum positive amount. The PaymentsController casts the user-supplied 'paymentAmount' parameter directly to float with no lower-bound check. Details When the store has 'Allow Partial Payment on Checkout'...
PT-2026-54526
Уязвимость интегрированной среды разработки программного обеспечения GoLand связана с некорректным внешним управлением именем или путем файла. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код...
PT-2026-53330
Summary agentic-flow versions = 2.0.13 MCP server tools interpolated attacker-influenceable tool parameters e.g. agent, task, name, language, agentdb arguments directly into shell command strings passed to execSync. A malicious value reaching any of the affected MCP tools could break out of the...
PT-2026-51067
Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.3 Description When Oj::Doceach child is invoked recursively over a deeply nested JSON document, it can cause a fixed-size stack buffer overflow, leading to a denial of service DoS that aborts the process. This occurs...
PT-2026-53776
EverOS versions 1.0.0 and earlier are vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint. The per-message sender id field was not validated as a path-safe identifier unlike app id / project id, which already enforced this. During user-memory extraction, sender id is us...
PT-2026-51091
Name of the Vulnerable Software and Affected Versions concurrent-ruby versions prior to 1.3.7 Description Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after a single thread acquires the read lock 32,768 times. The lock manages a thread's local read and write hold counts...
PT-2026-50918
Name of the Vulnerable Software and Affected Versions Winstep version 18.06.0096 Description The Winstep Xtreme Service contains an unquoted service path issue. This occurs when a service path contains spaces and is not enclosed in quotes, allowing a local attacker to place a malicious executable...
PT-2026-51064
Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj.dump is subject to a stack-based buffer overflow when a large :indent value is provided. The fill indent function in dump.h utilizes memset to fill a buffer without validating the size of the indent...
PT-2026-51084
Name of the Vulnerable Software and Affected Versions oj gem affected versions not specified Description A heap use-after-free occurs in Oj::Parserparse when a SAJ/SAJ2 callback mutates the input JSON string during the parsing process. The C engine maintains a raw pointer to the Ruby string's...
PT-2026-51086
Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description When operating in usual mode with create id enabled, the Oj::Parserparse function is susceptible to heap corruption. This occurs when a JSON object key is exactly 65,535 bytes long, leading to an integer...
PT-2026-51105
Summary When passing an unknown service name to embedvideo, an error message is rendered containing the invalid service name. The service name is not sanitized and can contain HTML. Details There is a hardcoded list of allowed services in a switch statement inside EmbedServiceFactorynewFromName...
PT-2026-51028
Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.1.0 Description An open source implementation of the h.265 video codec contains a signed integer overflow in the de265 image get buffer function. This occurs when processing a crafted H.265 bitstream with 16-bit bi...
PT-2026-50974
Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.18.0 Description The OIDC authenticator fails to validate the JWT audience aud claim when no audience is configured. In environments where a single identity provider issues tokens for multiple services, a token...
PT-2026-50973
Summary The public GraphQL resolvers getFormDefinitionByObjectenApiUrlurl and the deprecated getFormDefinitionByIdid fetch a caller-supplied URL using the privileged Objecten-API token. Because the /graphql endpoint is permitAll and these resolvers do not declare a CommonGroundAuthentication...
PT-2026-51027
Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.0.20 Description An issue in the h.265 video codec implementation allows a crafted sequence of H.265 NAL units to cause the decoder context::read slice NAL function to attach slice headers to a finished picture...
PT-2026-51000
Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.23 Statamic versions prior to 6.20.0 Description An incomplete fix for a previous issue in this Laravel and Git powered content management system CMS left in-memory collection sorting unprotected, although the...
PT-2026-51017
Name of the Vulnerable Software and Affected Versions ProxySQL versions 3.0.0 through 3.0.8 Description The GenAI/MCP run sql readonly tool violates its read-only contract for MySQL targets. The tool validates input using a substring blacklist and a first-keyword allowlist, but executes the SQL...
PT-2026-50885
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description An Open Redirect issue exists in the default configuration of the cas-auth plugin, where unsanitized cookie values can lead to URL redirection to untrusted sites. This flaw can be leverag...
PT-2026-50984
Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to provide crafted video frame pixels that overlap with internal encoder layer...
PT-2026-50850
Name of the Vulnerable Software and Affected Versions Dell Server Hardware Manager versions prior to 3.2.2 Description Improper Access Control allows a low privileged attacker with local access to potentially achieve Elevation of privileges, which is the act of gaining higher-level permissions th...
PT-2026-54533
Уязвимость программного обеспечения управления аккаунтами JetBrains Hub связана с ошибками в коде генератора псевдослучайных чисел при генерации ключей хоста. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить полный контроль над приложением...
PT-2026-50995
Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. This is achieved by submitting POST requests to the...
PT-2026-50882
Name of the Vulnerable Software and Affected Versions FlexNet Manager Suite 2025 R1 FlexNet Manager Suite 2025 R2 Description Insufficient access control in the software could allow unauthorized access to attachment files. Recommendations At the moment, there is no information about a newer versi...
PT-2026-50935
Name of the Vulnerable Software and Affected Versions RPC Responsive Portfolio version 1.6.1 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. This is achieved by sending GET requests to the...
PT-2026-50880
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.2 through 3.16.0 Description An authentication bypass by spoofing exists in the jwt-auth plugin. This flaw allows an attacker to completely bypass authentication by using a spoofed token when certain configurations of...
PT-2026-51021
Name of the Vulnerable Software and Affected Versions Mercator versions prior to 2025.05.19 Description A Server-Side Request Forgery SSRF exists in the CVE configuration panel at the '/admin/config/parameters' endpoint. The testProvider method in ConfigurationController passes user-supplied inpu...
PT-2026-50829
Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP affected versions not specified Description An Expected Behavior Violation allows a remote attacker to cause a denial-of-service DoS condition. By continuously...
PT-2026-50932
Name of the Vulnerable Software and Affected Versions Joomla! Component JB Visa version 1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the visatype parameter via GET requests to the 'index.php'...
PT-2026-50871
Name of the Vulnerable Software and Affected Versions FFmpeg affected versions not specified Description A use-after-free issue exists in the RASC video decoder. The decode move function initializes a read pointer into a decompressed buffer; however, a subsequent reallocation of that buffer durin...
PT-2026-51095
Name of the Vulnerable Software and Affected Versions miniflux-v2 affected versions not specified Description URL restrictions can be bypassed, leading to an open redirect. The application uses the IsRelativePath function to validate redirect URLs by requiring relative paths and prohibiting host ...
PT-2026-50897
Name of the Vulnerable Software and Affected Versions Line Desktop MCP versions prior to 1.1.2 Description Line Desktop MCP allows users to operate the LINE Desktop application on Windows or Mac via Model Context Protocol MCP. When using the --http-mode Streamable HTTP transport, the server binds...
PT-2026-50970
Summary The agent sandbox gates shell commands behind an allowlist SandboxPolicy.isCommandAllowed, which THREAT MODEL.md calls the main control against a compromised agent Adversary 3.2. The allowlist glob-matches the whole command string, but ShellExecutor runs that string through /bin/sh -c. So...
PT-2026-50991
Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION...
PT-2026-50842
Name of the Vulnerable Software and Affected Versions FileRise versions prior to 3.16.0 Description A path traversal issue exists in the shared-folder upload endpoint '/api/folder/uploadToSharedFolder.php'. The FolderController validates the upload filename using basename and REGEX FILE NAME, but...
PT-2026-53785
A record user could read field values hidden from them by field-level SELECT permissions by reaching the records through a graph-edge - or back-reference SELECT FROM knows, person:bobknows-SELECT FROM person — returned it intact. The root cause: the shared resolve record batch helper used by...
PT-2026-50836
Name of the Vulnerable Software and Affected Versions Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation versions prior to 2.8.8 Description An issue exists where unauthenticated attackers can perform Server-Side Request Forgery SSRF, a flaw that allows a serv...
PT-2026-50917
Name of the Vulnerable Software and Affected Versions Realtek Audio Service version 1.0.0.55 Description An unquoted service path issue exists in RtkAudioService64.exe. This allows local attackers to escalate privileges by placing malicious executable files in the unquoted service path directory,...
PT-2026-50977
Summary tract the tract-onnx crate resolves an ONNX tensor's external-data location by joining it onto the model directory without any sanitization. Because location comes from the untrusted .onnx file, a malicious model can make tract open and read an arbitrary local file at load time, with the...
PT-2026-50937
Name of the Vulnerable Software and Affected Versions Joomla! Component Price Alert version 3.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending requests to the 'subscribeajax' view with crafted payloads in the product id parameter,...
PT-2026-50899
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description Improper Authentication occurs when the cas-auth plugin is used in a route, potentially allowing an attacker to authenticate using credentials from a different source. Recommendations...
PT-2026-51039
Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication logic flaw allows an attacker to register and control an account linked to a victim's email address before the email is verified. By enabling two-factor authentication on this...
PT-2026-50943
Name of the Vulnerable Software and Affected Versions Joomla SP Movie Database version 1.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the searchword parameter when sending GET requests to the...
PT-2026-50954
Name of the Vulnerable Software and Affected Versions Joomla Event Registration Pro Calendar version 4.1.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the 'index.php' endpoi...
PT-2026-51116
Name of the Vulnerable Software and Affected Versions dbt-mcp version 1.19.1 Description The local OAuth helper FastAPI server bundled with dbt-mcp exposes the 'GET /dbt platform context' endpoint without authentication or host-origin validation. After a user completes the OAuth login flow, this...