176990 matches found
PT-2026-41190
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description A missing authorization check in the tool update endpoint "POST /api/v1/tools/id/id/update" allows users to bypass the workspace.tools security boundary. While the tool creation endpoint correctly...
PT-2026-41189
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An issue exists where users granted read access to a model can also read the model's system prompt, which may contain confidential information. This occurs because the workspace model edit page...
PT-2026-41182
Name of the Vulnerable Software and Affected Versions electerm versions 3.0.6 through 3.8.8 Description A local code execution issue exists where any process running under the same user can send a JSON payload to the single-instance socket or pipe of the application. This allows an attacker to...
PT-2026-41216
Name of the Vulnerable Software and Affected Versions deepobj versions prior to 1.0.3 Description Prototype pollution occurs when property paths contain proto , constructor, or prototype. This issue arises when property paths are exposed as user input, allowing an attacker to modify the prototype...
PT-2026-41423
CVE-2026-40327 - Apache Struts Remote Code Execution Vulnerability CVE ID :CVE-2026-40327 Published : May 13, 2026, 10:16 p.m. | 37 minutes ago Description :Rejected reason: This CVE is a duplicate of another CVE. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...
PT-2026-41424
CVE-2026-40328 - Apache HTTP Server XML External Entity XXE Injection CVE ID :CVE-2026-40328 Published : May 13, 2026, 10:16 p.m. | 37 minutes ago Description :Rejected reason: This CVE is a duplicate of another CVE. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affect...
PT-2026-45007
Unknown description...
PT-2026-40902
Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...
PT-2026-41145
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions prior to 2.39.0 Description The backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function ExtractTarGz in api/archive/targz.go constructs...
PT-2026-41196
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description The validate url function in backend/open webui/retrieval/web/utils.py only validates the initial URL provided by the user. Downstream HTTP clients, including sync requests, async aiohttp, and...
PT-2026-41173
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description A Server-Side Request Forgery SSRF issue exists in the process picture url function within backend/open webui/utils/oauth.py. The function fetches URLs from OAuth picture claims without using the...
PT-2026-41144
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.0 Portainer Community Edition versions prior to 2.33.0 Description A missing authorization issue in the Custom Template file...
PT-2026-40913
Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...
PT-2026-40866
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.9.1 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Improper authorization checks could allow an authenticated user to access confidential issue conten...
PT-2026-41035
Name of the Vulnerable Software and Affected Versions Portainer versions 2.33.0 through 2.33.7 Portainer versions 2.39.0 through 2.39.1 Portainer versions 2.40.0 through 2.40.x Portainer versions prior to 2.33.0 Description An authorization bypass exists in the Docker API proxy layer where plugin...
PT-2026-40978
Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2016 affected versions not specified Microsoft Exchange Server 2019 affected versions not specified Microsoft Exchange Server Subscription Edition affected versions not specified Description An issue exists in the...
PT-2026-41147
Name of the Vulnerable Software and Affected Versions mistune affected versions not specified Description The Image directive plugin fails to properly validate the :width: and :height: options. The validation uses a regular expression that only checks if the value starts with a digit, rather than...
PT-2026-40865
The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wple basic get requests' function in all versions up to, and including, 7.8.5.10. This...
PT-2026-41086
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in Accessibility allows a remote attacker who has compromised the renderer process to perform privilege escalation via a crafted HTML page. Use after free is a...
PT-2026-40847
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c password = '%@' in changePasswordForLogin...
PT-2026-41185
Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description Server-Side Request Forgery SSRF occurs when the application fails to properly validate IPv6 addresses provided directly in a URL, such as http://::1. While the system validates hostnames that...
PT-2026-41141
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description Portainer supports deploying stacks from Git repositories...
PT-2026-41153
Name of the Vulnerable Software and Affected Versions ApostropheCMS version 4.29.0 Description A stored cross-site scripting issue exists in the image widget functionality. A user with the Editor or Contributor role can configure an image widget link using a javascript: URL payload. Since editors...
PT-2026-41071
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in Core on Windows allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Use aft...
PT-2026-41067
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Insufficient validation of untrusted input in the GPU component allows a remote attacker who has compromised the renderer process to cause a denial of service using a specially crafted...
PT-2026-41042
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description A use after free issue in Input allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Use after...
PT-2026-41043
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in Aura allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Use after free is a...
PT-2026-41044
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in the Human Interface Device HID component allows a remote attacker to potentially perform a sandbox escape. This occurs when a user is convinced to perform...
PT-2026-41055
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An out of bounds write in WebRTC allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. An out of bounds write occurs when a program writes...
PT-2026-41068
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description Script injection in the SanitizerAPI allows a remote attacker to inject arbitrary scripts or HTML, leading to Universal Cross-Site Scripting UXSS, which is a vulnerability...
PT-2026-41057
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Insufficient validation of untrusted input in SiteIsolation allows a remote attacker who has compromised the renderer process to bypass Site Isolation using a crafted HTML page. Site...
PT-2026-41072
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description An out of bounds read in FileSystem allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is convinced to perform...
PT-2026-41065
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description Insufficient validation of untrusted input in ReadingMode allows a remote attacker who has compromised the renderer process to bypass site Isolation via a crafted HTML page. Sit...
PT-2026-41054
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description A heap buffer overflow in ANGLE allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A heap buffer overflow occurs when a program write...
PT-2026-41079
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in Google Lens allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory by using a craft...
PT-2026-41048
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An integer overflow in ANGLE on Windows allows a remote attacker to perform an out-of-bounds memory write by using a crafted HTML page. Recommendations Update to version 148.0.7778.168...
PT-2026-41060
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A heap buffer overflow in WebML allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. A heap buffer overflow occurs when a program writes more da...
PT-2026-41041
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in FileSystem allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page, provided they can convince a user to perform specific UI...
PT-2026-41059
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in the Network component on Windows allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a...
PT-2026-41053
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An out of bounds write in WebAudio allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. An out of bounds write occurs when a program writes...
PT-2026-41102
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An integer overflow in Codecs allows a remote attacker to potentially perform a sandbox escape by using a crafted video file. Recommendations Update to version 148.0.7778.168 or later...
PT-2026-41087
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An out-of-bounds write issue exists in the Fonts component, which occurs when the font rendering engine mishandles memory operations by writing data past an allocated memory buffer. Th...
PT-2026-41047
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in Blink allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs...
PT-2026-41080
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in Downloads allows a remote attacker to execute arbitrary code via a crafted HTML page, provided they can convince a user to perform specific UI gestures. Use...
PT-2026-41074
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Object corruption in Compositing allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page. Recommendations Update to...
PT-2026-41100
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description Insufficient policy enforcement in the GPU allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page....
PT-2026-41104
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in the UI allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Use after free is a...
PT-2026-41105
Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 148.0.7778.168 Google Chrome on ChromeOS versions prior to 148.0.7778.168 Description An inappropriate implementation in Cross-Origin Resource Sharing CORS, a mechanism that allows restricted resources ...
PT-2026-41082
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A use after free issue in the GPU allows a remote attacker who has compromised the renderer process to perform an out of bounds memory write by using a crafted HTML page. Use after fre...
PT-2026-41051
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description A use after free issue in Downloads allows a remote attacker to execute arbitrary code via a crafted HTML page. Use after free is a memory corruption flaw that occurs when an...