187424 matches found
PT-2026-50556
Name of the Vulnerable Software and Affected Versions Steeltoe.Management.Endpoint versions prior to 4.2.0 Steeltoe.Management.EndpointCore versions prior to 3.4.0 Description The Sanitizer component in the Environment actuator redacts configuration values by matching key names against a suffix...
PT-2026-50367
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8...
PT-2026-50369
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1...
PT-2026-50584
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.2 Description Authenticated self routes under the /api/v1/user/... group do not properly enforce the public-only token restriction. This allows a token or OAuth grant marked as public-only to access or modify priva...
PT-2026-50244
Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.7 Description An information disclosure issue exists where the edit context on a REST endpoint is not properly restricted by the edit users capability. This allows unauthenticated visitors to retrieve sensitive...
PT-2026-50559
In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash...
PT-2026-50363
Name of the Vulnerable Software and Affected Versions WP Media folder Addon versions prior to 4.0.2 Description An unauthenticated arbitrary file download issue exists in the software, allowing an attacker to download files without providing credentials. Recommendations Update to version 4.0.2 or...
PT-2026-50370
Cross-Site request forgery CSRF vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0...
PT-2026-50302
Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...
PT-2026-50518
Name of the Vulnerable Software and Affected Versions Hermes Agent versions prior to 0.16.0 Description A DNS rebinding issue in WebSocket endpoints allows remote attackers to bypass Host and Origin validation. This occurs because FastAPI HTTP middleware does not execute for WebSocket upgrade...
PT-2026-50610
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The JSON:API and REST modules allow image file uploads to image fields. The validation rules verify the file extension but fail to check the file MIME type Multipurpose Internet Mail...
PT-2026-50611
Name of the Vulnerable Software and Affected Versions Flag attendance field versions 0.0.0 through 1.2 Description An Object Injection issue exists in the Flag attendance field module due to the improper control of modification of dynamically-determined object attributes. The module stores data a...
PT-2026-50237
A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server...
PT-2026-50406
Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...
PT-2026-50403
Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...
PT-2026-50427
Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning...
PT-2026-50358
Subscriber Privilege Escalation in Falang multilanguage = 1.4.2 versions...
PT-2026-50437
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager version 4.6.0.1 Description Use of a broken or risky cryptographic algorithm allows an unauthenticated attacker with remote access to potentially cause information disclosure and information tampering. Recommendations At...
PT-2026-50352
Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...
PT-2026-50428
Name of the Vulnerable Software and Affected Versions Plane CE version 1.3.1 Description A low-privileged project member can submit arbitrary HTML and JavaScript via the description html field. This occurs when creating an intake work item through the 'API v1 intake' endpoint. Recommendations At...
PT-2026-50264
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
PT-2026-50394
Name of the Vulnerable Software and Affected Versions Zephyr versions 1.7 through 4.4.0 Description The Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser in subsys/bluetooth/host/classic/hfp hf.c contains an out-of-bounds write. During Service Level Connection setup, the Hands-Free ...
PT-2026-50504
Name of the Vulnerable Software and Affected Versions RTI Connext Professional versions 6.1.0 through 6.1.x RTI Connext Professional versions 7.0.0 through 7.3.1.2 RTI Connext Professional versions 7.4.0 through 7.6.x Description An out-of-bounds write issue exists within the Queueing Service, Co...
PT-2026-53072
A vulnerability in Laravel's local filesystem driver allows temporary signed URLs to be parsed ambiguously, potentially misrouting requests and bypassing expiration enforcement. Under certain conditions, a generated temporary signed URL can be interpreted differently by the server than intended a...
PT-2026-53070
Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...
PT-2026-53074
This update for xwayland fixes the following issues: - CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 - Font Alias Stack-based Buffer Overflow. bsc1266294 - GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write. bsc1266300 - XKB Key Types Stack-based Buffer Overflow. bsc12662...
PT-2026-50186
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...
PT-2026-50484
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI allows users with permissions to create, update, or import workspace models to store arbitrary meta.knowledge entries without verifying ownership or read access to the referenced files...
PT-2026-50482
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An authenticated user can attach arbitrary file id values to their own chat messages because the system fails to verify if the user owns or has read access to those files. By sharing the chat and...
PT-2026-50485
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains a stored Cross-Site Scripting XSS issue where the platform fails to validate profile images for models. While similar issues were patched for user and webhook profile images, t...
PT-2026-50590
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The SafePlaywrightURLLoader uses a validate url function to prevent Server-Side Request Forgery SSRF by checking the IP address of a user-provided URL. However, this validation only occurs for the...
PT-2026-50592
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Several direct, index-addressed Ollama proxy routes allow authenticated users to bypass backend isolation. The system accepts a caller-supplied url idx path parameter and uses it as a raw index in...
PT-2026-50562
Name of the Vulnerable Software and Affected Versions github workflows affected versions not specified Description The github workflows module constructs local directory paths using repository names provided by the user without validating for symlinks. A local attacker with access to the scan...
PT-2026-50560
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The unarchive internal module's archive extraction commands lack code-level validation for extracted file paths. This causes the module to rely on the behavior o...
PT-2026-50561
Name of the Vulnerable Software and Affected Versions bbot affected versions not specified Description The docker pull module fails to validate the realm parameter received from a Docker registry's WWW-Authenticate response header when using it as the authentication endpoint. A man-in-the-middle...
PT-2026-50593
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description An authorization bypass exists in the ydoc:document:join Socket.IO handler. The handler only performs ownership checks when the document id variable starts with the prefix note: colon. However, t...
PT-2026-50557
Name of the Vulnerable Software and Affected Versions marimo versions prior to 0.23.9 Description A reflected cross-site scripting issue exists in the notebook page. Unauthenticated attackers can inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query...
PT-2026-50563
Name of the Vulnerable Software and Affected Versions Postman Download Module affected versions not specified Description The postman download module fails to sanitize the workspace name field retrieved from the Postman API when constructing local directory paths. A malicious workspace name...
PT-2026-50519
Name of the Vulnerable Software and Affected Versions Hermes Agent versions prior to 0.16.0 Description The software creates response store.db and webhook subscriptions.json files with world-readable permissions mode 0o644. This configuration allows local users with filesystem access to read thes...
PT-2026-50481
Name of the Vulnerable Software and Affected Versions Open-webui affected versions not specified Description An authenticated user can access files belonging to other users by exploiting a lack of ownership verification in the image processing path. When the POST endpoint "/api/chat/completions"...
PT-2026-50479
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The chat message listener in the chat page's window message listener processes input:prompt and action:submit messages without enforcing same-origin restrictions. This allows an external site to s...
PT-2026-50472
Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.23.1rc0 Description Integer truncation of tensor dimensions in GGUF dequantize kernels within csrc/quantization/gguf/gguf kernel.cu leads to partial tensor processing. The output tensor is allocated at full size...
PT-2026-50488
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains a Broken Object Level Authorization BOLA issue in the builtin search knowledge files function. BOLA occurs when an application does not properly verify if a user has permission...
PT-2026-50478
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An authorization bypass exists in the calendar event update process. The endpoint '/api/v1/calendars/events/event id/update' validates that the user has write access to the calendar where the even...
PT-2026-50505
Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...
PT-2026-50447
The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 default Supervised security policy can be bypassed to execute arbitrary OS commands with the privileges of the desktop user. Two flaws in src/openhuman/security/policy.rs combine: 1 is args safe block...
PT-2026-50506
Missing Authentication for Critical Function vulnerability in RTI Connext Professional Security Plugins allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3., from 6.1.0 before 6.1., from 6.0.0 before 6.0., from 5.3.0 before 5.3...
PT-2026-50606
Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description An attacker with appropriate JSON:API write permissions could potentially inject a malicious payload in certain rare circumstances, leading to PHP Object Injection. PHP Object Injection...
PT-2026-50480
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An issue exists where the process picture url function in backend/open webui/utils/oauth.py performs URL validation only on the initial URL. Subsequently, it uses aiohttp.ClientSession.get without...
PT-2026-50589
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The terminal-server reverse proxy in backend/open webui/routers/terminals.py fails to properly confine the user-controlled path segment before forwarding it to an admin-configured terminal server...