176977 matches found
PT-2026-40966
A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...
PT-2026-40955
HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices...
PT-2026-40938
Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to loss of confidentiality...
PT-2026-40974
Name of the Vulnerable Software and Affected Versions Microsoft Authenticator affected versions not specified Description Exposure of sensitive information in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no...
PT-2026-41013
Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-good versions prior to 1.28.2 Description An issue exists when parsing MP4 audio tracks where the isomp4 plugin's qtdemux audio caps function fails to sufficiently validate atom data before performing division operations...
PT-2026-40967
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description A flaw in the Windows MDM management endpoint allows requests to be processed without proper client certificate validation. The endpoint relies on mutual TLS mTLS—a process where both the client and...
PT-2026-40972
Name of the Vulnerable Software and Affected Versions Strapi versions 4.0.0 through 5.36.1 Description Strapi did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessible...
PT-2026-41011
Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible to request paths such as http://localhost:8080/c:/Windows/System32/drivers/etc/hosts and have the...
PT-2026-41012
Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-good versions prior to 1.28.2 Description An issue exists when parsing MP4 audio tracks where the isomp4 plugin's qtdemux parse trak function fails to sufficiently validate atom data before performing division operations...
PT-2026-41010
Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....
PT-2026-41009
Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Library Automation System: from v.19.5...
PT-2026-40977
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the chatflow update endpoint. This occurs when an application takes user-provided data and applies it to an internal object without sufficient filtering, allowing...
PT-2026-40979
Summary A vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances exposed to the public internet. Impact Fleet extracted client IP...
PT-2026-40970
Summary Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled...
PT-2026-40976
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the tool update endpoint. This occurs when the server does not restrict which properties a client can modify, allowing user-controlled request bodies to include fiel...
PT-2026-40975
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the variable update endpoint '/api/v1/variables/variableId'. This allows authenticated users to modify server-controlled properties by including them in the JSON...
PT-2026-40973
Name of the Vulnerable Software and Affected Versions CoreShop versions 5.0.1 through 5.1.0-beta.1 Description The GitHub Actions workflow located at .github/workflows/static.yml uses the pull request target trigger and checks out unverified code from the pull request head using the variable ref:...
PT-2026-41118
Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to th...
PT-2026-41015
Foscam VD1 Video Doorbell before V5.3.13 1072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...
PT-2026-41021
Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values...
PT-2026-41019
Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...
PT-2026-41031
Name of the Vulnerable Software and Affected Versions Crabbox versions prior to 0.12.0 Description An environment variable exposure issue allows attackers with access to a malicious or compromised repository to forward local secrets, such as API tokens, cloud credentials, and broker tokens, into...
PT-2026-41029
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode pixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = ...
PT-2026-41034
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel decode raw and sixel decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter...
PT-2026-41033
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixel decode raw impl. context-pos x grows by repeat count on every sixel characte...
PT-2026-41030
Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the...
PT-2026-41017
SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows a...
PT-2026-41117
Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description The ModelBuilder/Serve component stores sensitive information in cleartext. A remote authenticated actor with permissions to...
PT-2026-41032
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel encode highcolor's allocation size calculation can lead to a heap buffer overflow. The public sixel encode entry point validates only that width and height are greater...
PT-2026-41120
HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab t from its strip list. User input then reaches shell exec, where the shell interprets these characters and commands...
PT-2026-41119
Name of the Vulnerable Software and Affected Versions OneDev versions prior to 15.0.2 Description OneDev is a Git server featuring CI/CD, kanban, and packages. A flaw exists where the boundary between repository-controlled LFS Large File Storage metadata and server-local filesystem paths is...
PT-2026-41124
Name of the Vulnerable Software and Affected Versions python-utcp versions prior to 1.1.3 Description The prepare environment function in cli communication protocol.py passes a complete copy of os.environ to every CLI subprocess. This allows any environment variable in the host process, such as...
PT-2026-41014
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified Description Improper input handling under certain conditions allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. T...
PT-2026-41037
@hetmehtaa - Cleveland Steamer CVE-2026-80085...
PT-2026-41131
Name of the Vulnerable Software and Affected Versions MongoDB PHP driver affected versions not specified Description A stack exhaustion issue occurs when processing deeply nested BSON Binary JSON documents. This can lead to application crashes in unusual circumstances, specifically when the BSON...
PT-2026-41128
Name of the Vulnerable Software and Affected Versions MCP Registry versions prior to 1.7.9 Description OCI ownership validation fails to perform a label-match check when an upstream OCI registry returns an HTTP 429 Too Many Requests error. This occurs because the function ValidateOCI in the file...
PT-2026-41127
Name of the Vulnerable Software and Affected Versions Tuist versions prior to 1.180.9 Description The "DELETE /api/projects/account handle/project handle/previews/preview id" endpoint loads a preview by its UUID without verifying that the preview belongs to the project resolved from the URL path...
PT-2026-41129
Summary A command injection vulnerability was identified in shivammathur/setup-php when the action resolves the PHP version from repository-controlled files and uses that value while generating the platform setup script. In affected versions, setup-php may read the PHP version from: - .php-versio...
PT-2026-41165
Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.22 Description The fetch url tool implements a check using the is restricted ip function to validate the resolved IP address of an initial URL against a blocklist of restricted IPs, such as localhost, private...
PT-2026-41155
Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 Description The password reset flow in the resetRequest route of the modules/@apostrophecms/login/index.js component constructs the reset URL using req.hostname. When apos.baseUrl is not explicitly...
PT-2026-41161
Name of the Vulnerable Software and Affected Versions opentelemetry-java versions prior to 1.62.0 Description A flaw in the baggage propagation implementation within opentelemetry-api and opentelemetry-extension-trace-propagators allows for unbounded memory allocation and CPU consumption when...
PT-2026-41138
Name of the Vulnerable Software and Affected Versions Fides versions 2.33.0 through 2.84.4 Description A DOM-based Cross-Site Scripting XSS issue exists in fides.js, the script used to render consent banners. The problem occurs when the fides description variable is overridden via a URL query...
PT-2026-41164
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.5 Description Scripts can be injected and executed through the HTML rendering view. The frontend includes a function to visualize HTML content of a chat by embedding it in an iFrame. However, the use of the...
PT-2026-41139
Impact A Python operator precedence bug in pyzipper/zipfile aes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...
PT-2026-41133
Name of the Vulnerable Software and Affected Versions devalue affected versions not specified Description The devalue.parse function may allocate excessive memory when deserializing sparse arrays due to specific behaviors in some JavaScript engines. This can lead to high memory consumption...
PT-2026-41143
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description The authentication middleware accepts JSON Web Tokens JWT...
PT-2026-41159
Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description Local authenticated users can cause the system to starve other requests of CPU resources, leading to request failures and a denial of service for other users. Homeservers that trust all their local...
PT-2026-41136
Summary Any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The RoutinePermission class grants read access to any authenticated user when a routine has is...
PT-2026-41140
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description Portainer includes a security setting to disable bind mounts...
PT-2026-41148
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary run dbt command in src/dbt mcp/dbt cli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two...