187518 matches found
PT-2026-50571
Name of the Vulnerable Software and Affected Versions ThingsBoard affected versions not specified Description Prototype pollution occurs when an attacker can manipulate the prototype of an object, potentially leading to arbitrary code execution within a sandboxed context. This issue can be...
PT-2026-50523
Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The handle session export handler in api/routes.py fails to verify active-profile ownership before serializing session...
PT-2026-50251
Name of the Vulnerable Software and Affected Versions Trivy versions prior to 0.71.1 Description Trivy improperly trusts the org.opencontainers.image.title annotation in an OCI artifact manifest, using it as the destination filename when downloading content without proper validation or...
PT-2026-50272
Unauthenticated Cross Site Scripting XSS in Sonaar = 4.27.4 versions...
PT-2026-50412
Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...
PT-2026-50601
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.5 Description A Deno program opening a client WebSocket connection can be crashed by a remote server. During the WebSocket handshake response, Deno parsed the 'Sec-WebSocket-Protocol' and 'Sec-WebSocket-Extensions'...
PT-2026-50310
Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...
PT-2026-50344
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...
PT-2026-50374
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6...
PT-2026-50287
Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...
PT-2026-50340
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
PT-2026-50327
Unauthenticated Cross Site Scripting XSS in Profile Builder Pro = 3.15.0 versions...
PT-2026-50239
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in the transfer function of the PackageInstaller.Session class within frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java allows for a memory...
PT-2026-50350
Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...
PT-2026-50387
Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1...
PT-2026-50400
Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...
PT-2026-50457
Name of the Vulnerable Software and Affected Versions Katello of Red Hat Satellite affected versions not specified Description Insufficient authorization checks in the ContentUploadsController within the content upload functionality allow authenticated users with the edit products permission to...
PT-2026-50379
Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or...
PT-2026-50254
The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...
PT-2026-50279
Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...
PT-2026-50390
Unauthenticated Cross Site Scripting XSS in Avante 3.0.5 versions...
PT-2026-50299
Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...
PT-2026-50568
Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Encryption versions 4.0.0 through 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where configuring the encrypt:rsa:algorithm variable with...
PT-2026-50356
Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...
PT-2026-50381
Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITYSYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...
PT-2026-50270
Unauthenticated Local File Inclusion in Joly = 1.22.0 versions...
PT-2026-50311
Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...
PT-2026-50273
Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...
PT-2026-50317
Subscriber Arbitrary File Upload in Restaurant Zone = 0.7.8 versions...
PT-2026-50534
Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.7.2 Description The MCP SSE server allows unauthenticated cross-origin MCP tool invocation because the server defaults to an empty secret and the isAuthorized function returns true when the secret is empty. While...
PT-2026-50605
Name of the Vulnerable Software and Affected Versions handlebars versions prior to 4.5.2 Description Applications that pass user-controlled input to the Handlebars.compile function using a FileTemplateLoader or ClassPathTemplateLoader are susceptible to arbitrary file read. This occurs when web...
PT-2026-50458
Name of the Vulnerable Software and Affected Versions Autodesk Revit affected versions not specified Description A NULL Pointer Dereference occurs when the application attempts to read a memory address that is NULL, typically resulting in a crash. This issue is triggered when a maliciously crafte...
PT-2026-50596
Name of the Vulnerable Software and Affected Versions langchain4j-mariadb versions prior to 1.2.1-beta8 langchain4j-mariadb versions prior to 1.5.1-beta11 langchain4j-mariadb versions prior to 1.11.8-beta19 langchain4j-mariadb versions prior to 1.16.3-beta26 langchain4j-pgvector versions prior to...
PT-2026-50537
Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. User-supplied...
PT-2026-50330
Name of the Vulnerable Software and Affected Versions JetSmartFilters versions prior to 3.8.2 Description An unauthenticated SQL Injection allows an attacker to interfere with the queries that an application makes to its database. This occurs in the JetSmartFilters WordPress plugin. Recommendatio...
PT-2026-50433
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description A missing authentication for critical function issue exists. An unauthenticated attacker with adjacent network access could exploit this to achieve code execution, denial of...
PT-2026-50292
Unauthenticated Cross Site Request Forgery CSRF in WordPress Dating Theme = 11.2.0 versions...
PT-2026-50544
Name of the Vulnerable Software and Affected Versions PHP Standard Library PSL versions 6.1.0 through 6.1.1 PHP Standard Library PSL version 6.2.0 Description The PslH2ServerConnection function does not validate that the total bytes received in DATA frames match the content-length header declared...
PT-2026-50535
Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.2 Description A stored Cross-Site Scripting XSS issue exists in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside ...
PT-2026-50539
Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.4 Description Tinyproxy fails to reject requests containing multiple Content-Length headers with differing values. The software forwards all duplicate headers to the backend but uses only the first value to...
PT-2026-50530
Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.3 commit 09312a1 Description Improper validation of the Host header during stathost detection allows unauthenticated attackers to access the statistics page by injecting a matching Host header or bypassing...
PT-2026-50448
Name of the Vulnerable Software and Affected Versions OpenStack Horizon versions prior to 25.7.4 Description OpenStack Horizon produces scripts for OpenStack RC file downloading that may contain a crafted project name with shell metacharacters. Shell metacharacters are special characters...
PT-2026-50249
Name of the Vulnerable Software and Affected Versions snes9x version 1.63 Description An out-of-bounds write occurs when loading a ROM alongside a crafted .ups patch file, which can lead to a denial of service and cause the emulator to crash. Recommendations At the moment, there is no information...
PT-2026-50238
A vulnerability in nltk.app.wordnet app up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request /SHUTDOWN%20THE%20SERVER to...
PT-2026-50196
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in the Passwords component allows a remote attacker to leak cross-origin data, which is data from a different domain than the one serving the current...
PT-2026-50205
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Tab Strip component. This occurs when a program continues to use a pointer after it has been freed, which can lead to heap corruption a memory...
PT-2026-50202
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description A use after free issue in the Downloads component allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free occurs when an...
PT-2026-50215
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An object lifecycle issue in Metrics allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use of a...
PT-2026-50190
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in DigitalCredentials on Windows allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free occurs when an...
PT-2026-53079
Local Privilege Escalation via LIBMOUNT FORCE MOUNT2 Environment Variable - nosuid/noexec Bypass in SUID mount8...