176071 matches found
PT-2026-40330
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entr...
PT-2026-40312
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...
PT-2026-40329
AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16...
PT-2026-40308
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAP PERSISTENCE SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the...
PT-2026-40294
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...
PT-2026-40301
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...
PT-2026-40295
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...
PT-2026-40317
Out-of-bounds write for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This...
PT-2026-40316
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data...
PT-2026-40324
Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue...
PT-2026-40292
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...
PT-2026-40218
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network...
PT-2026-40203
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
PT-2026-40197
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
PT-2026-40200
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
PT-2026-40126
The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from pretrained method uses torch.load to load the pytorch model.bin weight file without enabling the security-restrictive...
PT-2026-40121
Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...
PT-2026-40134
Name of the Vulnerable Software and Affected Versions Microsoft Teams affected versions not specified Description Files or directories accessible to external parties allow an unauthorized attacker to perform spoofing locally. This issue represents a failure in the trust boundary where identity ca...
PT-2026-40123
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...
PT-2026-40109
Name of the Vulnerable Software and Affected Versions FortiOS versions 7.6.0 through 7.6.3 FortiOS versions 7.4.0 through 7.4.8 FortiOS versions 7.2.0 through 7.2.11 Description An out-of-bounds write issue allows an attacker to execute unauthorized code or commands by sending specially crafted...
PT-2026-40118
Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...
PT-2026-40112
Name of the Vulnerable Software and Affected Versions Windows Rich Text Edit affected versions not specified Description A double free issue in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. A double free occurs when a program attempts to free the same memory...
PT-2026-40111
Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 7.6.0 through 7.6.4 FortiAnalyzer versions 7.4.0 through 7.4.8 FortiAnalyzer version 7.2 FortiAnalyzer version 7.0 FortiAnalyzer version 6.4 FortiManager versions 7.6.0 through 7.6.4 FortiManager versions 7.4.0 through...
PT-2026-40128
Name of the Vulnerable Software and Affected Versions mem0 version 1.0.0 Description The server lacks authentication and authorization controls for the 'DELETE /memories' API endpoint. This allows unauthenticated remote attackers to delete memory records by specifying arbitrary identifiers such a...
PT-2026-40117
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustness evaluation fgsm pytorch.py. The script uses the unsafe eval function to parse string values provided via the --clip values and --input shape command-lin...
PT-2026-40206
Name of the Vulnerable Software and Affected Versions Power Automate affected versions not specified Description Insufficient protection of service data in Power Automate for Desktop allows an authorized attacker to disclose sensitive information over a network. Recommendations At the moment, the...
PT-2026-40113
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execut...
PT-2026-40131
Name of the Vulnerable Software and Affected Versions Windows Rich Text Edit Control affected versions not specified Description A double free issue in the Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally. A double free occurs when a program attempts to...
PT-2026-40127
The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memory id are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...
PT-2026-40120
Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post install...
PT-2026-40115
Name of the Vulnerable Software and Affected Versions FortiSandbox versions 5.0.0 through 5.0.1 FortiSandbox versions 4.4.0 through 4.4.8 FortiSandbox Cloud versions 5.0.2 through 5.0.5 FortiSandbox PaaS version 23.4 FortiSandbox PaaS version 23.3 FortiSandbox PaaS version 23.1 FortiSandbox PaaS...
PT-2026-40130
Name of the Vulnerable Software and Affected Versions Windows Native WiFi Miniport Driver versions prior to Server 2025 Description A race condition exists in the Windows Native WiFi Miniport Driver due to improper synchronization when using a shared resource. This allows an unauthorized remote...
PT-2026-40232
Name of the Vulnerable Software and Affected Versions Windows Admin Center affected versions not specified Description Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a...
PT-2026-40132
Name of the Vulnerable Software and Affected Versions Microsoft Visual Studio/.NET versions prior to 10.0.8 Description A tampering issue occurs when .NET Core improperly handles specially crafted files. An attacker can exploit this by sending a specially crafted file to a vulnerable system,...
PT-2026-40110
Name of the Vulnerable Software and Affected Versions FortiAP versions 7.6.0 through 7.6.2 FortiAP versions 7.4.0 through 7.4.5 FortiAP version 7.2 FortiAP version 7.0 FortiAP version 6.4 FortiAP-W2 versions 7.4.0 through 7.4.4 FortiAP-W2 version 7.2 FortiAP-W2 version 7.0 Description An OS comma...
PT-2026-40108
Name of the Vulnerable Software and Affected Versions FortiMail versions 7.6.0 through 7.6.3 FortiMail versions 7.4.0 through 7.4.5 FortiMail versions 7.2.0 through 7.2.8 Description Improper neutralization of special elements used in an SQL command allows an authenticated privileged attacker to...
PT-2026-40114
An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...
PT-2026-40124
The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using pandas.read...
PT-2026-40116
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...
PT-2026-40133
Name of the Vulnerable Software and Affected Versions .NET affected versions not specified Description A heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. A heap-based buffer overflow occurs when an application writes more data to a heap-allocated...
PT-2026-40129
The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a DROP TABLE SQL statement. Th...
PT-2026-40122
The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augment images worker method without any safety...
PT-2026-40119
The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --model dir argument, the code uses torch.load withou...
PT-2026-40125
The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weights only=True...
PT-2026-40169
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2026-40162
Heap-based buffer overflow in Windows Application Identity AppID Subsystem allows an authorized attacker to elevate privileges locally...
PT-2026-40146
Name of the Vulnerable Software and Affected Versions Windows Win32K - GRFX affected versions not specified Description A race condition occurs in Windows Win32K - GRFX due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges locally t...
PT-2026-40166
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network...
PT-2026-40135
Name of the Vulnerable Software and Affected Versions Azure Monitor Agent versions prior to May 2026 Description External control of a file name or path allows an authorized attacker to elevate privileges locally. Recommendations Update to the May 2026 patch...
PT-2026-40136
Name of the Vulnerable Software and Affected Versions Windows Filtering Platform affected versions not specified Description Improper access control in the Windows Filtering Platform WFP allows an authorized attacker to bypass a security feature locally. Recommendations At the moment, there is no...