187471 matches found
PT-2026-50119
Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...
PT-2026-50049
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
PT-2026-52878
This update for buildah rebuilds it against the current go security release...
PT-2026-49738
Name of the Vulnerable Software and Affected Versions NLTK versions prior to 3.10.0-rc1 Description The nltk.data.load function is subject to path traversal when using the nltk: URL scheme. The issue arises because the UNSAFE NO PROTOCOL RE regex check is performed on the raw resource string befo...
PT-2026-52880
The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.86 version of the Mozilla certificate authority bundle...
PT-2026-52687
This update for containerized-data-importer rebuilds the current sources against latest go security release and the images against the latest released updates...
PT-2026-49960
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Metadata Plugin component of the Oracle Enterprise Manager Base Platform. A low privileged attacker wi...
PT-2026-49792
In smmu attach dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-50025
Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel CRM Cloud Applications versions 17.0 through 26.5 Description An issue exists in the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications. An unauthenticated attacker with network access via HTTP can...
PT-2026-49706
A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions...
PT-2026-50166
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.9 Description The Docker API server fails to apply Server-Side Request Forgery SSRF destination checks to proxy addresses, only validating the crawl target URL. Because the Docker API is unauthenticated by defaul...
PT-2026-49925
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Generic Unix Connector. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
PT-2026-49838
Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Oracle Fusion Middleware WebLogic Server versions 15.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. An unauthenticated attacker with network...
PT-2026-50179
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An authenticated user with workflow edit access can provide a malicious filter value within the MongoDB node's Find And Replace operation. Because the value is not validated before being used as a query...
PT-2026-49736
Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...
PT-2026-50157
Name of the Vulnerable Software and Affected Versions Hugo versions 0.91.0 through 0.161.1 Description The resources.GetRemote function enforces the security.http.urls policy on the initial URL provided, but it fails to re-validate intermediate URLs during HTTP 3xx redirects. This allows a truste...
PT-2026-53026
Unknown description...
PT-2026-50161
Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description An issue exists where forward auth copy headers deletes client-supplied identity headers before copying trusted values from an authentication gateway. However, when requests are processed via php...
PT-2026-50162
Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description Caddy is an extensible server platform that uses TLS by default. The stripHTML template function, specifically within the funcStripHTML function, cannot reliably remove all HTML tags from input string...
PT-2026-49828
Name of the Vulnerable Software and Affected Versions OpenStack Nova versions prior to 33.0.2 Description The server create API does not strip certain hint data, which results in the created instance having no Placement allocation. Recommendations Update to version 33.0.2...
PT-2026-50074
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...
PT-2026-49984
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...
PT-2026-49949
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...
PT-2026-49982
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue in the Core component of Oracle VM VirtualBox allows a high-privileged attacker with logon access to the infrastructure where the software executes to compromise the system. Successful...
PT-2026-49902
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with access to the infrastructure where the software executes can compromise the system. This may...
PT-2026-49729
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.2 Description An attacker can craft a PDF file that results in long runtimes. This occurs when accessing a stream that utilizes the /FlateDecode filter with a PNG predictor. Recommendations Update to version 6.12.2...
PT-2026-49724
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description On Windows, Python uses the VPATH variable to locate landmarks, such as 'Modules/setup.local', to determine if it is running in a source tree and adjust the default sys.path. In certain...
PT-2026-49657
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes DoS. All versions are believed to be vulnerable. This project is unmaintained at...
PT-2026-49686
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description A memory safety bug exists in the software, which could lead to unexpected behavior or crashes when handling memory operations. Recommendations Update to version 152...
PT-2026-49685
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description A mitigation bypass exists within the DOM security component...
PT-2026-49730
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that causes excessive memory consumption. This occurs when extracting text from a page containing a form XObject a reusable PDF...
PT-2026-49769
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description A scope containment bypass exists in the device re-pairing process. Authenticated operators can restore or retain broader scopes than intended by submitting re-pairing requests with empty scope...
PT-2026-50055
Vulnerability in the Oracle Property Manager product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Property...
PT-2026-50172
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description A prototype pollution issue allows a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. Prototype polluti...
PT-2026-49845
Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...
PT-2026-49826
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands e.g. system reboot...
PT-2026-52868
Summary Bleach 6.3.0 exposes a documented email-linkification path through bleach.linkify..., parse email=True. The implementation scans attacker-controlled text with EMAIL RE.finditer over the full character token and has no length, timeout, or linear prefilter before applying the dot-atom email...
PT-2026-53034
Impact An authenticated user with permission to create or modify workflows containing a Python Code node could bypass the AST security validator and access the task executor module namespace. On self-hosted instances where N8N BLOCK RUNNER ENV ACCESS=false is set, this extended to disclosure of...
PT-2026-49946
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description An issue exists in the Security Framework component of the Oracle WebCenter Portal product of Oracle Fusion Middleware. A low privileged attacker...
PT-2026-49763
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.29 Description A path traversal issue exists in the install helper where workspace .env files can override the npm execpath configuration used for bundled runtime dependency installation. This allows an attack...
PT-2026-49624
Happy to share that I recently discovered and responsibly reported security vulnerabilities in OpenKM Document Management System v6.3.12. These issues have now been assigned the following CVE IDs: CVE-2026-30502 CVE-2026-30503 CyberSecurity CVE SecurityResearch dharmstm https://t.co/Zge3oCAHeT...
PT-2026-49631
Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...
PT-2026-49608
The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...
PT-2026-49632
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot...
PT-2026-49759
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where workspace .env files can influence the Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can manipulate...
PT-2026-49873
Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 Oracle Fusion Middleware WebLogic Server versions 14.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. This flaw allows an unauthenticated attacker...
PT-2026-49815
In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-49751
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...
PT-2026-49775
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where the STATE DIRECTORY variable in a workspace .env file can influence bundled runtime dependency roots. This allows attackers to manipulate STATE...
PT-2026-49779
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description A bootstrap token replay issue allows callers with access to a pending bootstrap token to reuse it before approval with a broader requested scope. This can lead to the escalation of pairing...