175418 matches found
PT-2026-47670
Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
PT-2026-47732
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...
PT-2026-48148
Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
PT-2026-48166
Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...
PT-2026-48175
Shenzhen Tenda Technology Co., Ltd Tenda US W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask to reboot function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
PT-2026-47916
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
PT-2026-48271
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
PT-2026-48134
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2026-48137
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2026-48064
Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...
PT-2026-47796
1 Local Privilege Escalation via DYLIB Injection CVE-2026-24064 2 Local Privilege Escalation via Insecure XPC Client Validation CVE-2026-24065 Multiple Local Privilege Escalation Vulnerabilities in Waves Audio Waves Central https://t.co/fkys4ePhWy...
PT-2026-47849
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod verto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / S...
PT-2026-47632
A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...
PT-2026-47712
Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description Improper Neutralization of Alternate XSS Syntax occurs when AI-generated response content is rendered in the browser without proper sanitization. This allows malicious scripts to be executed wh...
PT-2026-48059
Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...
PT-2026-48070
Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...
PT-2026-47828
Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests...
PT-2026-48222
Name of the Vulnerable Software and Affected Versions Ellucian Banner Self-Service versions prior to 2025-04-23 Description The course search functionality contains a stored cross-site scripting issue. Authenticated Banner ERP users with write access can inject malicious JavaScript into faculty a...
PT-2026-48293
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...
PT-2026-48294
Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A denial of service occurs when the $ internalConvertBucketIndexStats stage uses PauseExecution to signal that a document should be skipped following a failed index stats conversion...
PT-2026-47647
In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51;...
PT-2026-48001
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...
PT-2026-47928
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally...
PT-2026-47770
WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...
PT-2026-47939
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
PT-2026-47933
Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
PT-2026-47935
Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
PT-2026-47959
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
PT-2026-48147
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
PT-2026-47865
Name of the Vulnerable Software and Affected Versions Windows Ancillary Function Driver for WinSock affected versions not specified Description A use after free issue in the Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Use after free i...
PT-2026-48009
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
PT-2026-47640
Name of the Vulnerable Software and Affected Versions tmux versions prior to 3.7-rc Description A use after free issue exists in the image free function within the image.c file. This flaw requires local access to exploit and is characterized by high complexity and difficult exploitability...
PT-2026-47989
Access of resource using incompatible type 'type confusion' in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...
PT-2026-48023
Name of the Vulnerable Software and Affected Versions Windows Kerberos affected versions not specified Description An integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute arbitrary code over an adjacent network, potentially affecting the system...
PT-2026-48328
JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default...
PT-2026-48598
These are all security issues fixed in the libzypp-17.38.13-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-47911
Name of the Vulnerable Software and Affected Versions Microsoft Graphics Component affected versions not specified Description A use-after-free issue in the Microsoft Graphics Component allows an authorized attacker with low privileges to perform a local elevation of privilege. Use-after-free is ...
PT-2026-47717
Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description An issue exists where user-supplied content is included in notification emails without proper escaping. This allows authenticated users to perform Cross-Site Scripting XSS, which is the injecti...
PT-2026-47656
Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Incorrect escaping in the javaScriptEscape...
PT-2026-47658
Name of the Vulnerable Software and Affected Versions Spring Framework versions 5.3.0 through 5.3.48 Description Spring WebFlux applications may be subject to a security bypass when utilizing the Kotlin Router DSL. Recommendations At the moment, there is no information about a newer version that...
PT-2026-47663
Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description A flaw in the Spring Expression Language SpE...
PT-2026-47659
Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Applications are susceptible to a Regular...
PT-2026-47883
Name of the Vulnerable Software and Affected Versions Windows TCP/IP affected versions not specified Description A heap-based buffer overflow in the Windows TCP/IP stack allows an unauthorized attacker located on an adjacent network to elevate privileges to SYSTEM level. A heap-based buffer...
PT-2026-47818
Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description A buffer overflow occurs due to insufficient input validation of buffers. This allows authenticated administrators connected to the local network to make unauthorized modifications to the...
PT-2026-47816
Name of the Vulnerable Software and Affected Versions NETGEAR Orbi satellites RBR/RBE/RBS Series affected versions not specified Description An information disclosure issue in NETGEAR Orbi satellites allows a user connected to the network to obtain administrator access to the Orbi router. Orbi Wi...
PT-2026-47777
A flaw was found in 389 Directory Server. The ldap utf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior...
PT-2026-47991
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network...
PT-2026-48106
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...
PT-2026-48292
When using $changestreams and $ requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
PT-2026-48024
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...