187421 matches found
PT-2026-50303
Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...
PT-2026-50503
Name of the Vulnerable Software and Affected Versions Connext Professional versions 7.4.0 through 7.6.x Connext Professional versions 7.0.0 through 7.3.1.2 Connext Professional versions 6.1.0 through 6.1.x Connext Professional versions 6.0.0 through 6.0.x Connext Professional versions 5.3.0 throu...
PT-2026-53071
Impact Three mutating endpoints in the evaluation test runs controller authorized state-changing actions using workflow:read instead of the action-appropriate workflow:execute scope. An authenticated user with project:viewer role on a project could start new evaluation test runs, cancel in-flight...
PT-2026-50421
Improper Control of Generation of Code 'Code Injection' vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21...
PT-2026-50436
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description Improper Access Control allows a low privileged attacker with remote access to potentially cause a denial of service, a condition where the system becomes unavailable to its...
PT-2026-50318
Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...
PT-2026-50324
Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.37 versions...
PT-2026-50445
Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexi XPay: from n/a through 8.3.1...
PT-2026-50313
CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...
PT-2026-50347
Subscriber SQL Injection in Cornerstone 7.8.8 versions...
PT-2026-50463
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description An improper neutralization of special elements used in an SQL command, known as SQL Injection, allows a low privileged attacker with adjacent network access to potentially caus...
PT-2026-50304
Unauthenticated Local File Inclusion in Malmö = 2.2 versions...
PT-2026-50409
Unauthenticated PHP Object Injection in Moderno 1.43 versions...
PT-2026-50431
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 4.8 Description An unauthenticated attacker with remote access can exploit the inclusion of functionality from an untrusted control sphere, which may lead to information disclosure. Recommendations Upda...
PT-2026-50426
Cross-site request forgery CSRF in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection...
PT-2026-50464
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description An improper neutralization of special elements used in an SQL command allows a low privileged attacker with adjacent network access to perform SQL injection, which could...
PT-2026-50418
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0...
PT-2026-50376
Name of the Vulnerable Software and Affected Versions HCL iControl affected versions not specified Description HCL iControl is affected by an inadequate session timeout issue. This occurs when a web application fails to automatically terminate user sessions after a period of inactivity, potential...
PT-2026-50248
Three NVIDIA NeMo vulnerabilities CVE-2026-24155, CVE-2026-24252, CVE-2026-24228 enable code execution. Update NeMo Framework to v2.7.3 now. NVIDIA NeMo CVE202624155 AISecurity InfoSec https://t.co/VykvC24Ed4 https://t.co/93wJfksSbS...
PT-2026-50440
Name of the Vulnerable Software and Affected Versions Python StateMachine versions 3.0.0 through 3.1.x Description An issue exists where the library evaluates expressions from SCXML documents unsafely. The SCXMLProcessor passes attacker-controlled expression strings from attributes through a call...
PT-2026-50553
e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize image, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...
PT-2026-50271
Unauthenticated Local File Inclusion in HomeRoofer = 2.11.0 versions...
PT-2026-50368
Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1...
PT-2026-50389
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account...
PT-2026-50441
DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed accoun...
PT-2026-50290
Unauthenticated Cross Site Scripting XSS in WPJobster = 6.3.5 versions...
PT-2026-50514
Name of the Vulnerable Software and Affected Versions RTI Connext Professional Web Integration Service versions 6.1.2 through 6.1.x RTI Connext Professional Web Integration Service versions 7.0.0 through 7.3.1.2 RTI Connext Professional Web Integration Service versions 7.4.0 through 7.x Descripti...
PT-2026-50586
Name of the Vulnerable Software and Affected Versions Gitea versions 1.25.0 and later Description Gitea is subject to stored cross-site scripting XSS through the built-in 3D file viewer, which utilizes the Online3DViewer library. The issue occurs when a .gltf file contains an unsupported extensio...
PT-2026-50572
TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...
PT-2026-50494
Name of the Vulnerable Software and Affected Versions @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 @mariozechner/pi-coding-agent versions 0.50.0 through 0.73.1 Description Pi is a minimal terminal coding harness that used predictable paths under the operating system temporary...
PT-2026-50603
Name of the Vulnerable Software and Affected Versions CakePHP Authentication versions prior to 2.11.1 CakePHP Authentication versions prior to 3.3.6 CakePHP Authentication versions prior to 4.1.1 Description The getLoginRedirect function contains a weakness to backslash bypasses. This allows...
PT-2026-50266
Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...
PT-2026-50405
Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...
PT-2026-50258
Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network attacker with registration access can introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the Hostname field of the configuration fil...
PT-2026-50465
Name of the Vulnerable Software and Affected Versions JimuReport versions prior to 2.3.5 Description Remote code execution is possible due to improper handling of Aviator expressions. The '/jmreport/executeSelectApi' endpoint passes user-supplied input directly to the Aviator expression engine...
PT-2026-50397
Unauthenticated Local File Inclusion in Solene Core = 2.3.2 versions...
PT-2026-50319
Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...
PT-2026-50336
Contributor PHP Object Injection in JetEngine = 3.8.9.1 versions...
PT-2026-50396
Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...
PT-2026-50245
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...
PT-2026-50329
Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...
PT-2026-50274
Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...
PT-2026-50307
Subscriber Arbitrary File Upload in Webenvo = 0.0.6 versions...
PT-2026-50342
Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...
PT-2026-50315
Unauthenticated Local File Inclusion in ChapterOne = 1.7 versions...
PT-2026-50353
Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...
PT-2026-50308
Author Broken Access Control in W3 Total Cache = 2.9.1 versions...
PT-2026-50501
Name of the Vulnerable Software and Affected Versions Splunk AI Toolkit versions prior to 5.7.4 Description A low-privileged user without "admin" or "power" Splunk roles can force the application to make outbound HTTP requests to an attacker-controlled server, potentially leading to data...
PT-2026-50542
Just landed my first CVE. CVE-2026-55675. A beautiful vulnerability, maybe the most beautiful. Many people are saying it. On to the next one. Thank you for your attention to this matter. 🫡 https://t.co/qko1fgRAVb...
PT-2026-50265
Cross-Site request forgery CSRF vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10...