187558 matches found
PT-2026-50128
Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...
PT-2026-56442
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authorization bypass exists in the Evaluations feature within the 'POST /workflows/workflowId/test-runs/new' endpoint. The system incorrect...
PT-2026-50180
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description The Compression node's Decompress operation expands attacker-controlled archives into memory without enforcing limits on the decompressed output size. An unauthenticated attacker can send a small...
PT-2026-49817
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-50035
Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
PT-2026-49836
Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing...
PT-2026-50144
Name of the Vulnerable Software and Affected Versions vLLM versions 0.3.0 through 0.21.0 Description An authentication bypass exists in the OpenAI API AuthenticationMiddleware due to improper trust in the reconstructed URL path from the ASGI scope. The url path is derived from a URL object...
PT-2026-49952
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description A flaw in the Security Framework component of Oracle WebCenter Portal allows a low privileged attacker with network access via HTTPS to compromis...
PT-2026-49903
Name of the Vulnerable Software and Affected Versions Oracle Application Development Framework ADF version 12.2.1.4.0 Oracle Application Development Framework ADF version 14.1.2.0.0 Description An issue exists in the ADF Shared Components of the Oracle Fusion Middleware. A high privileged attacke...
PT-2026-49703
Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution...
PT-2026-49788
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing bounds check in the decodeByePacket function of RtcpByePacket can lead to remote information disclosure. Exploitation requires user interaction and doe...
PT-2026-49829
Name of the Vulnerable Software and Affected Versions stable-diffusion.cpp versions prior to master-584-0a7ae07 Description The pickle .ckpt parser in src/model.cpp contains a heap buffer overflow in the BINUNICODE opcode handler. This occurs due to sign confusion on the opcode length field, wher...
PT-2026-50146
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.10 Description In the node:child process implementation on Windows, the escapeShellArg helper function fails to properly quote arguments containing cmd.exe metacharacters such as &, |, , ^, !, , and and does not...
PT-2026-49924
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...
PT-2026-49717
Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of a2ab6d4. As a workaround,...
PT-2026-50122
Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...
PT-2026-49819
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption may occur in the ParsePayloads function of AudioSdpParser.cpp due to type confusion, which is a situation where a program accesses a resource...
PT-2026-49914
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 Oracle WebCenter Enterprise Capture versions 14.1.2.0.0 Description An issue in the Client Bundle component of Oracle WebCenter Enterprise Capture allows an unauthenticated attacker with...
PT-2026-49714
A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network...
PT-2026-50044
Name of the Vulnerable Software and Affected Versions Oracle Process Manufacturing Process Planning versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Process Manufacturing Process Planning product of Oracle E-Business Suite. A low...
PT-2026-49705
Name of the Vulnerable Software and Affected Versions FactoryTalk Historian Site Edition affected versions not specified Description An authentication bypass issue exists where an attacker can obtain a valid authentication token by continually sending requests to the login endpoint. Recommendatio...
PT-2026-49955
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description An issue exists in the Runtime Tools component of Oracle WebCenter Portal. A low privileged attacker with network access via HTTPS can exploit th...
PT-2026-49749
Name of the Vulnerable Software and Affected Versions stable-diffusion.cpp versions prior to master-584-0a7ae07 Description An out-of-bounds read error exists during PyTorch checkpoint pickle opcode parsing. The pickle .ckpt parser in the src/model.cpp file fails to consistently verify that...
PT-2026-49709
In Zephyr's IPv4 IGMP implementation, igmp send in subsys/net/ip/igmp.c read the network interface back out of the packet via net pkt ifacepkt after the packet had been handed to net send data. On the successful-send path the packet's last reference may already have been released by the L2 driver...
PT-2026-49818
Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description An integer overflow in the numberOfReportBlocks of RtpSession.cpp can lead to an out-of-bounds write. This issue allows for remote escalation of privilege without requiring user...
PT-2026-49712
In Zephyr's native IPv4 stack, icmpv4 handle echo request in subsys/net/ip/icmpv4.c builds an echo-reply packet reply, hands it to net try send data, and then, on success, calls net stats update icmp sentnet pkt ifacereply. net try send data transfers ownership of reply to the TX path net if try...
PT-2026-50104
Unauthenticated PHP Object Injection in Santé = 1.5.1 versions...
PT-2026-49789
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A heap buffer overflow in the decodeRtcpChunk function of RtcpChunk can lead to an out-of-bounds read. This issue allows for remote information disclosure withou...
PT-2026-50085
Contributor PHP Object Injection in Avada = 3.15.3 versions...
PT-2026-50164
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The safe eval expression function in the computed fields feature uses an AST Abstract Syntax Tree validator that only blocks attributes starting with an underscore. Because Python generator and fram...
PT-2026-50143
Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0 through 3.7.2 Description An issue in the SNICheck domain-fronting protection allows an unauthenticated client to bypass mutual TLS mTLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rul...
PT-2026-49831
Name of the Vulnerable Software and Affected Versions Real Testimonials Pro affected versions not specified Product Slider Pro for WooCommerce affected versions not specified Smart Post Show Pro affected versions not specified Description A supply chain compromise occurred where attackers...
PT-2026-49977
Name of the Vulnerable Software and Affected Versions MySQL Shell versions 8.4.0 through 8.4.9 MySQL Shell versions 9.0.0 through 9.7.0 Description An issue exists in the Shell: Dump and Load component of Oracle MySQL. An unauthenticated attacker with network access via multiple protocols can...
PT-2026-49764
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description Insufficient scope validation in the Active Memory write scope allows Gateway operators with operator.write access to modify global configuration. This privilege escalation enables users to apply...
PT-2026-50817
CVE-2026-12412 - Rejected reason: loading template... CVE ID :CVE-2026-12412 Published : June 16, 2026, 5:16 p.m. | 43 minutes ago Description :Rejected reason: loading template... Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-49656
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...
PT-2026-49825
Name of the Vulnerable Software and Affected Versions PowerSchool Employee Access Center version 23.10 Description Improper Neutralization of Input During Web Page Generation allows Cross-Site Scripting XSS, a flaw where malicious scripts are injected into otherwise trusted websites. An attacker...
PT-2026-49980
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Install. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle...
PT-2026-50119
Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...
PT-2026-49738
Name of the Vulnerable Software and Affected Versions NLTK versions prior to 3.10.0-rc1 Description The nltk.data.load function is subject to path traversal when using the nltk: URL scheme. The issue arises because the UNSAFE NO PROTOCOL RE regex check is performed on the raw resource string befo...
PT-2026-49960
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Metadata Plugin component of the Oracle Enterprise Manager Base Platform. A low privileged attacker wi...
PT-2026-50025
Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel CRM Cloud Applications versions 17.0 through 26.5 Description An issue exists in the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications. An unauthenticated attacker with network access via HTTP can...
PT-2026-49706
A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions...
PT-2026-50166
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.9 Description The Docker API server fails to apply Server-Side Request Forgery SSRF destination checks to proxy addresses, only validating the crawl target URL. Because the Docker API is unauthenticated by defaul...
PT-2026-49925
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Generic Unix Connector. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
PT-2026-49838
Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Oracle Fusion Middleware WebLogic Server versions 15.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. An unauthenticated attacker with network...
PT-2026-50179
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An authenticated user with workflow edit access can provide a malicious filter value within the MongoDB node's Find And Replace operation. Because the value is not validated before being used as a query...
PT-2026-49736
Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...
PT-2026-50157
Name of the Vulnerable Software and Affected Versions Hugo versions 0.91.0 through 0.161.1 Description The resources.GetRemote function enforces the security.http.urls policy on the initial URL provided, but it fails to re-validate intermediate URLs during HTTP 3xx redirects. This allows a truste...
PT-2026-53026
Unknown description...