PT-2026-47976

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...

PT-2026-47733

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended fil...

PT-2026-48304

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

PT-2026-48146

InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-47686

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute arbitrary operating syst...

PT-2026-47879

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A race condition occurs in the Function Discovery Service fdwsd.dll due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges...

PT-2026-47851

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

PT-2026-48124

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

PT-2026-48129

Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...

PT-2026-48176

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wl radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

PT-2026-47784

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi transfer struct initialisation Make sure that the spi transfer struct is zeroed out before use...

PT-2026-47894

Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network...

PT-2026-48331

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macro...

PT-2026-48337

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary user id because the get items permissions check...

PT-2026-48280

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

PT-2026-48265

Name of the Vulnerable Software and Affected Versions Focus for iOS versions prior to 151.3.1 Klar for iOS versions prior to 151.3.1 Description Universal Cross-Site Scripting UXSS exists in the Webkit navigation of Focus for iOS and Klar for iOS. UXSS is a security flaw that allows an attacker t...

PT-2026-48045

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...

PT-2026-48054

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

PT-2026-48056

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

PT-2026-48057

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

PT-2026-48072

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...

PT-2026-48200

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48199

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48179

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the param 1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48093

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

PT-2026-48083

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

PT-2026-48108

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. Secure Boot is a security standard developed by members of the PC...

PT-2026-48247

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 through 26.001.21651 Description A Use After Free issue exists in the Multimedia Rendition component, which could lead to arbitrary code execution in the context of the current user. This occurs when a user...

PT-2026-48156

An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. There is a Heap buffer overflow in various buffer encryption utilities...

PT-2026-47706

openSUSE issued new Chromium 149.0.7827.53 and Chromedriver builds fixing CVE-2026-0194 and CVE-2026-10958 for Backports SLE-15-SP7 and Tumbleweed, LinuxSecurity reported. https://t.co/OjsKRZMxHK...

PT-2026-47782

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can...

PT-2026-47781

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create masked entry string function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged...

PT-2026-48157

A stack buffer overflow in the filein process function in file.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-48164

An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via a crafted GIF file...

PT-2026-48270

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access...

PT-2026-47801

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

PT-2026-48016

Name of the Vulnerable Software and Affected Versions Windows BitLocker affected versions not specified Description A protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature through a physical attack, which can subsequently affect the system...

PT-2026-47904

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...

PT-2026-48214

SemCms 5.0 is vulnerable to Cross Site Request Forgery CSRF via crafted POST request to /admin/semcms user.php...

PT-2026-48329

Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14;...

PT-2026-48034

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network. Cross-si...

PT-2026-47893

Name of the Vulnerable Software and Affected Versions Windows Kerberos affected versions not specified Description A denial of service issue exists within the Windows Kerberos authentication protocol, which could lead to authentication failures and prevent users from logging into the system...

PT-2026-47917

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

PT-2026-47931

Name of the Vulnerable Software and Affected Versions Windows DHCP Client affected versions not specified Description A stack-based buffer overflow exists in the Windows DHCP Client, allowing an unauthorized remote attacker to execute arbitrary code over a network and affect the system. The issue...

PT-2026-48599

These are all security issues fixed in the libIex-3 4-33-3.4.12-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-47699

DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-47638

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-47667

Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity...

PT-2026-48216

Multiple version of UEFI SHIM bootloaders are vulnerable to SecureBoot bypass through lack of enforcement and validation SBAT. The following authenticode signatures are impacted by this disclosure AE75F0D82BA3DF824FBFC69340CC3B4D66C598373B1AB54CDB6C8BFD83A6B961 - Spyrus WTGCreator version 4.2...

PT-2026-47729

SQL injection in the ‘two steps auth code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL...