177178 matches found
PT-2026-40081
Uncontrolled search path for some AI Playground software before version 3.0.0 alpha within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This...
PT-2026-40103
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion...
PT-2026-40089
Null pointer dereference for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...
PT-2026-40083
Improper input validation for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...
PT-2026-40055
Name of the Vulnerable Software and Affected Versions nexent version 1.7.5.2 Description The backend service contains an issue in its file management API where the 'DELETE /storage/object name:path' endpoint lacks authentication, authorization, and input validation. Unauthenticated remote attacke...
PT-2026-40050
Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800...
PT-2026-40053
The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...
PT-2026-40058
The load model function in the neural magic training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line...
PT-2026-40062
The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...
PT-2026-40065
The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 2025-58-24 contains a critical command injection vulnerability CWE-78 in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system without proper...
PT-2026-40049
Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...
PT-2026-40051
Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800...
PT-2026-40033
A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...
PT-2026-40067
Name of the Vulnerable Software and Affected Versions Pandora FMS versions 777 through 800 Description Improper neutralization of special elements used in an SQL command allows SQL Injection via the graph container parameter. SQL Injection is a technique where an attacker inserts malicious SQL co...
PT-2026-40054
Name of the Vulnerable Software and Affected Versions nexent version 1.7.5.2 Description The backend service contains an unauthorized arbitrary file deletion issue within its ElasticSearch service interface. The 'DELETE /index name/documents' endpoint lacks proper authentication and authorization...
PT-2026-40056
Name of the Vulnerable Software and Affected Versions optimate versions prior to commit a6d302f912b481c94370811af6b11402f51d377f Description The load model function in the neural magic training.py script allows arbitrary code execution. When a directory path is supplied via the --model command-li...
PT-2026-40066
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...
PT-2026-40061
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weights only=True parameter. This default behavior allows...
PT-2026-40064
The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parse op part function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Althoug...
PT-2026-40036
Name of the Vulnerable Software and Affected Versions consul-template versions prior to 0.42.0 Description A sandbox path bypass exists in the file template helper, which may allow an attacker to read files located outside of the intended sandbox directory. Recommendations Update to version 0.42....
PT-2026-40041
Name of the Vulnerable Software and Affected Versions Ivanti Virtual Traffic Manager versions prior to 22.9r4 Description OS command injection allows a remote authenticated attacker with admin privileges to achieve remote code execution. Recommendations Update to version 22.9r4 or later...
PT-2026-40040
Name of the Vulnerable Software and Affected Versions Ivanti Xtraction versions prior to 2026.2 Description External control of a file name allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory. This can lead to information disclosure and...
PT-2026-40035
Name of the Vulnerable Software and Affected Versions Pocket ID versions prior to 2.6.0 Description The createTokenFromRefreshToken function in oidc service.go validates the cryptographic integrity of refresh tokens but fails to re-verify the user's current authorization state before issuing new...
PT-2026-40045
Name of the Vulnerable Software and Affected Versions LWP::UserAgent versions prior to 6.83 Description LWP::UserAgent leaks Authorization and Proxy-Authorization headers during cross-origin redirects. When a 3xx response is received, the redirect handler only removes the Host and Cookie headers...
PT-2026-40037
Name of the Vulnerable Software and Affected Versions Schneider Electric EcoStruxure Panel Server affected versions not specified Description An insecure default resource initialization issue exists that may cause credentials to revert to initial settings under rare circumstances. This allows...
PT-2026-40044
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU6 Description SQL injection in the web console allows a remote authenticated attacker to achieve remote code execution. SQL injection is a type of flaw where an attacker can interfere with the...
PT-2026-40039
Name of the Vulnerable Software and Affected Versions Ivanti Secure Access Client versions prior to 22.8R6 Description A race condition allows a locally authenticated user to escalate privileges to SYSTEM. A race condition is a situation where the system's substantive behavior is dependent on the...
PT-2026-40038
Name of the Vulnerable Software and Affected Versions Ivanti Secure Access Client versions prior to 22.8R6 Description An incorrect permission assignment for a critical resource allows a local authenticated user to read or modify sensitive log data. This is possible through write access to a shar...
PT-2026-40213
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally...
PT-2026-40201
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...
PT-2026-40198
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
PT-2026-40199
Access of resource using incompatible type 'type confusion' in Microsoft Office Word allows an unauthorized attacker to execute code locally...
PT-2026-40205
Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description External control of a file name or path allows an authorized attacker to execute arbitrary code over a network, which can affect the system. Recommendations At the moment, there is no...
PT-2026-40212
Integer underflow wrap or wraparound in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...
PT-2026-40219
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network...
PT-2026-40188
Name of the Vulnerable Software and Affected Versions Microsoft Office Click-To-Run affected versions not specified Description Insufficient granularity of access control in the Click-to-Run C2R technology of Microsoft Office and Microsoft 365 Apps for Enterprise allows an authorized attacker to...
PT-2026-40228
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...
PT-2026-40225
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A use after free issue in the Windows TCP/IP stack allows an unauthorized attacker to execute code over a network. Use after free is a memory corruption flaw that occurs when an application...
PT-2026-40189
Name of the Vulnerable Software and Affected Versions Windows Admin Center affected versions not specified Description Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. This issue can be triggered by abusing the update path,...
PT-2026-40194
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
PT-2026-40231
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network...
PT-2026-40221
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...
PT-2026-40191
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
PT-2026-40223
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network...
PT-2026-40224
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network...
PT-2026-40209
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack...
PT-2026-40229
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...
PT-2026-40192
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
PT-2026-40216
Name of the Vulnerable Software and Affected Versions Windows Hyper-V affected versions not specified Description A use after free issue in Windows Hyper-V allows an unauthorized attacker to perform a guest-to-host attack to elevate privileges locally to SYSTEM level. Use after free is a memory...
PT-2026-40220
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...