176977 matches found
PT-2026-41259
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV SOC CMD ID SRIOV COPY VF CHIPLET REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...
PT-2026-41255
Name of the Vulnerable Software and Affected Versions AMD affected versions not specified Description An out-of-bounds write exists in the AMDGV CMD GET DIAG DATA ioctl handler. This issue could allow a local user to escalate privileges through remote code execution. Recommendations At the moment...
PT-2026-41339
CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to access internal service...
PT-2026-41356
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...
PT-2026-41267
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the smb inherit dacl function fails to verify that the variable-length Security Identifier SID described by sid.num subauth is fully contained within the Access...
PT-2026-41340
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields. Attackers can send POST requests to the GraphQL endpoint with amplified field duplication payloa...
PT-2026-41319
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
PT-2026-41231
Improper input validation in the AMD Secure Processor ASP PCI driver could allow a local attacker to trigger a Use-After-Free UAF condition, potentially resulting in a loss of platform integrity or crash...
PT-2026-41261
Name of the Vulnerable Software and Affected Versions Rapid7 Metasploit Pro affected versions not specified Description Rapid7 Metasploit Pro on Windows is subject to a local privilege escalation. During startup, the metasploitPostgreSQL service and the subsequent postgres.exe service attempt to...
PT-2026-41292
Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
PT-2026-41302
Name of the Vulnerable Software and Affected Versions vorbis-tools version 1.4.3 Description A stack buffer underflow exists in the ogg123 utility within the remotethread function located in remote.c. This issue occurs during the processing of malformed input via the remote control functionality,...
PT-2026-41395
Name of the Vulnerable Software and Affected Versions epa4all-client versions prior to 1.2.2 Description An attacker positioned on the network path between the ePA service and the Konnektor can present any TLS certificate, such as self-signed, expired, or those with an incorrect Common Name CN, t...
PT-2026-41374
Name of the Vulnerable Software and Affected Versions @angular/platform-server versions prior to 22.0.0-next.12 @angular/platform-server versions prior to 21.2.13 @angular/platform-server versions prior to 20.3.21 @angular/platform-server versions prior to 19.2.22 Description A Server-Side Reques...
PT-2026-40942
Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset path...
PT-2026-41195
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description A parsing discrepancy between the urlparse and requests libraries allows for a Server-Side Request Forgery SSRF bypass. The validate url function uses urlparse to verify the hostname; however,...
PT-2026-41192
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An information disclosure issue exists where the 'GET /api/v1/retrieval/' endpoint returns live RAG Retrieval-Augmented Generation pipeline configuration to any unauthenticated HTTP client. No...
PT-2026-41235
Name of the Vulnerable Software and Affected Versions NiceGUI affected versions not specified Description The ui.restructured text function renders reStructuredText server-side using Docutils without disabling file insertion directives. When attacker-controlled content is passed to this function,...
PT-2026-41151
Name of the Vulnerable Software and Affected Versions go-billy versions prior to 5.9.0 Description Multiple path traversal issues exist across different components of the software due to insufficient path sanitization and boundary enforcement. This allows crafted paths, such as those using .., to...
PT-2026-40884
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...
PT-2026-40909
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to...
PT-2026-41130
Name of the Vulnerable Software and Affected Versions Hedera Guardian versions prior to 3.5.2 Description An authentication bypass exists in the 'GET /api/v1/demo/registered-users' endpoint. This allows unauthenticated attackers to retrieve sensitive user information, including usernames, Hedera...
PT-2026-41213
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the DatasetRow create and update processes. The application uses Object.assign to copy the request body into the DatasetRow entity without an explicit field allowlis...
PT-2026-41214
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the evaluation create and update processes. The server uses Object.assign to copy the request body into the Evaluation entity without an explicit field allowlist,...
PT-2026-41211
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the CustomTemplate create and update processes. The application uses Object.assign to copy the request body into a CustomTemplate entity without an explicit field...
PT-2026-40971
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description A flaw in the software installer pipeline allows a crafted software package to execute arbitrary commands as root on macOS and Linux, or as SYSTEM on Windows, when an uninstall is triggered. When...
PT-2026-40881
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 8.3 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where an authenticated user can cause a denial of service through excessive memory...
PT-2026-41160
Name of the Vulnerable Software and Affected Versions Marten versions prior to 8.36.1 Description Full-text search APIs interpolate the user-supplied regConfig parameter directly into generated SQL without parameterization or validation. This creates a SQL injection sink in any code path where...
PT-2026-40959
Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Controller affected versions not specified Cisco Catalyst SD-WAN Manager affected versions not specified Cisco Catalyst SD-WAN versions prior to 20.12.6.2 Description A critical authentication bypass exists in the peering...
PT-2026-41122
Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...
PT-2026-40968
Impact Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limiting controls. Fleet determines a client’s public IP address using HTT...
PT-2026-41149
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DbtMCP.call tool in src/dbt mcp/mcp/server.py logs the complete raw arguments dictionary at INFO level on every tool invocation line 67 and again at ERROR level if the cal...
PT-2026-41024
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch buffer bpp using signed 32-bit arithmetic. When the product...
PT-2026-41191
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An authenticated attacker can perform a mass assignment attack via the 'POST /api/v1/evaluations/feedback' endpoint. This is possible because the FeedbackForm uses a configuration that allows extr...
PT-2026-40845
Yubico webauthn-server-core aka java-webauthn-server 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation...
PT-2026-40882
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the bt bb button shortcode in all versions up to, and including, 5.6.8. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
PT-2026-40897
Name of the Vulnerable Software and Affected Versions Royal Elementor Addons and Templates versions prior to 1.7.1059 Description The Royal Elementor Addons and Templates plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escapin...
PT-2026-41154
Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.1 Description An authenticated server-side request forgery SSRF exists in the rich-text widget import flow. An authenticated user with permissions to submit or edit rich-text widget content can force the...
PT-2026-41187
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An Insecure Direct Object Reference IDOR exists in the Channels feature, which allows any member of a channel to modify messages sent by other members, including administrators. In the update...
PT-2026-41028
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i 4 inside SwapRGBABytes causes the function to compute a large negative...
PT-2026-41023
Name of the Vulnerable Software and Affected Versions OpenImageIO versions prior to 3.0.18.0 OpenImageIO versions prior to 3.1.13.0 Description An issue exists in the toolset used for reading, writing, and manipulating image files for VFX and animation. Specifically, the softimageinput.cpp file...
PT-2026-41025
Name of the Vulnerable Software and Affected Versions OpenImageIO versions prior to 3.0.18.0 OpenImageIO versions prior to 3.1.13.0 Description OpenImageIO is a toolset for reading, writing, and manipulating image files for VFX and animation. A heap-based buffer overflow occurs in the HEIF decode...
PT-2026-40924
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description Uncontrolled recursion during SSL and GSS negotiation...
PT-2026-40920
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description Symlink following in pg basebackup plain format and in pg...
PT-2026-40918
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description Integer wraparound in multiple server features allows an...
PT-2026-40919
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description An externally-controlled format string in the timeofday...
PT-2026-41022
Name of the Vulnerable Software and Affected Versions OpenImageIO versions prior to 3.0.18.0 OpenImageIO versions prior to 3.1.13.0 Description OpenImageIO is a toolset for reading, writing, and manipulating image files for VFX and animation. A heap buffer overflow and crash can occur when...
PT-2026-40925
Name of the Vulnerable Software and Affected Versions PostgreSQL versions 18.0 through 18.3 Description A buffer over-read occurs in the pg restore attribute stats function when it accepts array values of unmatched length. This causes query planning to read past the end of one array, allowing a...
PT-2026-40926
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description A stack buffer overflow in the "refint" module allows an...
PT-2026-40922
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description The use of the dangerous function PQfn..., result is int=...
PT-2026-40927
Name of the Vulnerable Software and Affected Versions PostgreSQL versions 16.0 through 16.13 PostgreSQL versions 17.0 through 17.9 PostgreSQL versions 18.0 through 18.3 Description SQL injection in logical replication occurs when using the 'ALTER SUBSCRIPTION ... REFRESH PUBLICATION' command. Thi...