187392 matches found
PT-2026-50439
Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.31.0 through 1.31.1 NGINX Ingress Controller affected versions not specified NGINX Gateway Fabric affected versions not specified NGINX Instance Manager affected versions not specified Description A use-after-free...
PT-2026-50249
Name of the Vulnerable Software and Affected Versions snes9x version 1.63 Description An out-of-bounds write occurs when loading a ROM alongside a crafted .ups patch file, which can lead to a denial of service and cause the emulator to crash. Recommendations At the moment, there is no information...
PT-2026-50238
A vulnerability in nltk.app.wordnet app up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request /SHUTDOWN%20THE%20SERVER to...
PT-2026-50196
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in the Passwords component allows a remote attacker to leak cross-origin data, which is data from a different domain than the one serving the current...
PT-2026-50205
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Tab Strip component. This occurs when a program continues to use a pointer after it has been freed, which can lead to heap corruption a memory...
PT-2026-50202
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description A use after free issue in the Downloads component allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free occurs when an...
PT-2026-50194
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An out-of-bounds read in Chromoting allows a local attacker to obtain potentially sensitive information from process memory by using a malicious file. An out-of-bounds read occurs when...
PT-2026-50199
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in Chromoting on Windows allows a local attacker to achieve OS-level privilege escalation by using a malicious file. Use after free is a memory corruption flaw...
PT-2026-50215
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An object lifecycle issue in Metrics allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use of a...
PT-2026-50216
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A heap buffer overflow exists in WebRTC in Google Chrome on Windows. A remote attacker can execute arbitrary code by inducing the victim to open a crafted HTML page. A heap buffer...
PT-2026-50203
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description Insufficient validation of untrusted input allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanism that...
PT-2026-50190
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in DigitalCredentials on Windows allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free occurs when an...
PT-2026-50211
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An out-of-bounds read exists in WebRTC Web Real-Time Communication, a project that provides websites and applications with real-time communication capabilities in Google Chrome on...
PT-2026-50219
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description An uninitialized use in the GPU allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version 149.0.7827.155 o...
PT-2026-50206
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in Extensions allows an attacker to bypass the Same Origin Policy SOP—a security mechanism that restricts how a document or script loaded from one origi...
PT-2026-53079
Local Privilege Escalation via LIBMOUNT FORCE MOUNT2 Environment Variable - nosuid/noexec Bypass in SUID mount8...
PT-2026-50543
Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted...
PT-2026-50536
Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...
PT-2026-50516
Name of the Vulnerable Software and Affected Versions undici versions 6.x prior to 6.26.0 undici versions 7.0.0 through 7.27.x undici versions 8.x prior to 8.5.0 Description The cookie parser in the parseSetCookie function percent-decodes cookie values using qsUnescape, which converts encoded...
PT-2026-50429
Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component when NGINX Plus is used as the data plane. User-supplied string values from the serverTokens field of the...
PT-2026-50430
Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw exists in the aclp normalize acltxt function within aclparse.c. A malformed Access Control Instruction ACI string can trigger heap-buffer-overflow writes and reads during...
PT-2026-50438
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A flaw in the ngx http proxy v2 module and ngx http grpc module modules can be triggered when NGINX is configured to proxy HTTP/2 traffic...
PT-2026-50410
Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 2.2.1 Apache Shiro versions prior to 3.0.0-alpha-2 Description A remote attacker can inject LDAP special characters into the Distinguished Name DN construction within the DefaultLdapRealm class. User-supplied...
PT-2026-50250
Got 2 CVEs today: CVE-2026-46655 - virtio-win kvm-guest-drivers - 7.8 High CVE-2026-46977 - Oracle VirtualBox - 3.2 Low...
PT-2026-50207
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in Extensions allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML page. Site isolation is a...
PT-2026-50212
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use-after-free issue exists in the Media component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...
PT-2026-50217
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in Extensions allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A use after free...
PT-2026-50210
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description Insufficient policy enforcement in File System Access allows a remote attacker who has compromised the renderer process to bypass site isolation by using a crafted PDF file. Site...
PT-2026-50208
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in the Passwords component allows a remote attacker to leak cross-origin data. This occurs when a user is convinced to perform specific UI gestures on a...
PT-2026-50193
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Web Authentication component. This allows a remote attacker to execute arbitrary code by inducing the user to open a specially crafted HTML page. U...
PT-2026-50200
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in the Media component allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page...
PT-2026-50197
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A heap buffer overflow occurs in WebRTC, which is a framework that enables real-time communication such as voice and video calls within web browsers. This issue allows a remote attacke...
PT-2026-50218
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.155 Description A race condition in the Updater allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use of a...
PT-2026-50187
Name of the Vulnerable Software and Affected Versions Google Chrome on Windows versions prior to 149.0.7827.155 Description A use-after-free issue exists in WebShare. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...
PT-2026-50213
Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.155 Description An inappropriate implementation in Views allows a remote attacker who has compromised the renderer process to inject arbitrary scripts or HTML via a crafted HTML page. This...
PT-2026-50192
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description A use after free issue in the Passwords component allows a remote attacker to execute arbitrary code when a user accesses a specially crafted HTML page. Use after free is a...
PT-2026-50204
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A race condition in the Safe Browsing component of Google Chrome on Mac allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escap...
PT-2026-50198
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description An inappropriate implementation in the WebView component allows a remote attacker to perform privilege escalation by using a crafted HTML page. Recommendations Update Google...
PT-2026-50195
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in Extensions allows an attacker who convinces a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Use...
PT-2026-50600
Name of the Vulnerable Software and Affected Versions org.hl7.fhir.utilities versions 6.9.8 and earlier Description The org.hl7.fhir.utilities library contains an XML External Entity XXE injection flaw. The saxonTransform function overloads instantiate a bare net.sf.saxon.TransformerFactoryImpl...
PT-2026-50470
Name of the Vulnerable Software and Affected Versions undici version 8.1.0 Description The undici WebSocket client enforces maxPayloadSize on a per-frame basis but fails to enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream numerous small...
PT-2026-50373
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7...
PT-2026-50276
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...
PT-2026-50263
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...
PT-2026-50309
Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...
PT-2026-50256
Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network attacker can obtain privileged information without requiring registration. This information disclosure occurs by using the Version command through the endpoint...
PT-2026-50372
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5...
PT-2026-54556
Уязвимость класса DefaultLdapRealm фреймворка Apache Shiro связана с непринятием мер по нейтрализации специальных элементов в запросе LDAP. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти ограничения безопасности и осуществить подмену данных...
PT-2026-50267
Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...
PT-2026-50461
Name of the Vulnerable Software and Affected Versions Cisco Umbrella Virtual Appliance affected versions not specified Description An issue in the vmadmin CLI of Cisco Umbrella Virtual Appliance allows an authenticated, local attacker to elevate privileges. This is caused by insufficient validati...