177197 matches found
PT-2026-40149
Name of the Vulnerable Software and Affected Versions Windows Message Queuing affected versions not specified Description A heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker located on an adjacent network to execute arbitrary code. A heap-based buffer overflow...
PT-2026-40171
Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2026-40137
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
PT-2026-40152
Name of the Vulnerable Software and Affected Versions Windows Server 2025 affected versions not specified Description A use after free issue in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network. This occurs via NVMe-oF NVMe over Fabrics, a network protocol...
PT-2026-40157
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally...
PT-2026-40139
Name of the Vulnerable Software and Affected Versions Azure SDK for Java affected versions not specified Description Improper authentication in the Azure SDK for Java allows an unauthorized attacker to bypass a security feature over a network. Recommendations At the moment, there is no informatio...
PT-2026-40182
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A heap-based buffer overflow in the Windows GDI Graphics Device Interface, which is the graphics subsystem of Windows, allows an unauthorized attacker to execute code locally. Recommendations...
PT-2026-40143
Name of the Vulnerable Software and Affected Versions Windows Cloud Files Mini Filter Driver affected versions not specified Description A use after free issue in the Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. Use after free is a memory...
PT-2026-40177
Name of the Vulnerable Software and Affected Versions Windows Ancillary Function Driver for WinSock affected versions not specified Description A use after free issue in the Windows Ancillary Function Driver for WinSock AFD.sys allows an authorized attacker to elevate privileges locally. A use...
PT-2026-40174
After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2026-40147
Name of the Vulnerable Software and Affected Versions Windows Win32K affected versions not specified Description A use after free issue in ICOMP allows an authorized attacker to elevate privileges locally to SYSTEM level. Use after free is a memory corruption flaw that occurs when an application...
PT-2026-40159
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally...
PT-2026-40150
Name of the Vulnerable Software and Affected Versions Windows Win32K - GRFX affected versions not specified Description An integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally to SYSTEM level. Recommendations At the moment, there is n...
PT-2026-40233
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
PT-2026-40168
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2026-40138
Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Deserialization of untrusted data allows an authorized attacker to execute code over a network. Recommendations At the moment, there is no information about a newer versio...
PT-2026-40196
Name of the Vulnerable Software and Affected Versions Microsoft Office 2019 affected versions not specified Microsoft Office 2021 affected versions not specified Microsoft 365 Apps affected versions not specified Microsoft Outlook affected versions not specified Microsoft Word affected versions n...
PT-2026-40207
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally...
PT-2026-40190
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
PT-2026-40222
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally...
PT-2026-40230
Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...
PT-2026-40215
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally...
PT-2026-40357
Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0 Description An integer divide-by-zero issue exists in the UFS/UFS2 filesystem image parser. This occurs when opening a specially crafted UFS image where the superblock field fs ipg inodes per...
PT-2026-40360
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled BitmapSize field in the...
PT-2026-40356
Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0 Description A null-pointer dereference exists in the UFS/UFS2 filesystem image parser. This occurs when opening a specially crafted UFS image where the root inode inode 2 is set to IFLNK symlink...
PT-2026-40355
Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0 Description An uncontrolled recursion issue exists in the Electron Archive ASAR parser. When opening a specially crafted .asar file containing deeply nested JSON in the header, the...
PT-2026-40428
An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed...
PT-2026-40361
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...
PT-2026-40432
Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation of the group IDs supplied. The resolver passes the caller's arguments straight to the model without...
PT-2026-40423
Name of the Vulnerable Software and Affected Versions Pulpy versions prior to 0.1.1 Description Pulpy injects a pulpy.fs JavaScript API into packaged web applications to provide host filesystem access. The validateFsPath function, intended to sandbox this access, contains an incomplete blocklist...
PT-2026-40429
An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...
PT-2026-40433
nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowed non write users: $...
PT-2026-40416
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing. are affected by an Improper Input...
PT-2026-40414
Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions 0.78.2 and earlier Description Improper Input Validation can result in an application denial-of-service, allowing an attacker to crash the application. This issue does not require user interaction...
PT-2026-40417
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...
PT-2026-40413
Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions 0.7.0 through 0.78.2 Description An uncontrolled resource consumption issue exists that could lead to an application denial-of-service. An attacker can exhaust system resources to cause this condition without...
PT-2026-40424
Name of the Vulnerable Software and Affected Versions dalfox versions prior to 2.12.0 Description When running in REST API server mode dalfox server, the software binds to 0.0.0.0:6664 by default without requiring authentication. An unauthenticated attacker can send a request to the '/scan'...
PT-2026-40415
Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions 0.78.2, 0.7.0 and earlier Description An integer overflow or wraparound occurs, which can lead to an application denial-of-service. An attacker can exploit this issue to crash the application without requiring...
PT-2026-40418
Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions 0.78.2 and 0.7.0 and earlier Description Improper Input Validation can result in an application denial-of-service, allowing an attacker to crash the application. This issue does not require user interaction...
PT-2026-40421
Name of the Vulnerable Software and Affected Versions openclaude versions prior to 0.5.1 Description A security issue exists where the dangerouslyDisableSandbox parameter is exposed within the BashTool input schema. This allows a Large Language Model LLM, which is considered an untrusted principa...
PT-2026-40427
Name of the Vulnerable Software and Affected Versions Fuji Tellus affected versions not specified Description The installation of Fuji Tellus adds a driver to the kernel that grants all users read and write permissions. This improper driver permission allows for privilege escalation from a user...
PT-2026-40348
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections...
PT-2026-40405
Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions 0.78.2, 0.7.0 and earlier Description An Integer Underflow Wrap or Wraparound issue exists where a value decreases below its minimum possible representation, potentially causing the application to crash. This c...
PT-2026-40409
Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions 0.78.2 and earlier Description An Integer Overflow or Wraparound occurs, which can lead to an application denial-of-service. This allows an attacker to crash the application without requiring any user...
PT-2026-40395
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources,...
PT-2026-40391
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...
PT-2026-40400
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may...
PT-2026-40402
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may...
PT-2026-40388
Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in arbitrary code execution in AMD Secure Processor ASP and loss of the SEV-SNP guest's confidentiality and integrity...
PT-2026-40397
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the...