187506 matches found
PT-2026-49648
Unauthenticated Sensitive Data Exposure in GetGenie = 4.4.1 versions...
PT-2026-50089
Unauthenticated Local File Inclusion in Thegov Core 2.0.23 versions...
PT-2026-50079
Unauthenticated Local File Inclusion in Learnify = 1.15.0 versions...
PT-2026-49739
Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.4.6 Description The spreadAttributes function in the server-side rendering pipeline iterates over object keys and passes them to the addAttribute function, which interpolates the key into the HTML output without...
PT-2026-49784
Name of the Vulnerable Software and Affected Versions vpu ioctl.c affected versions not specified Description A race condition in multiple functions of vpu ioctl.c can lead to a use after free, which is a scenario where a program continues to use a pointer after it has been freed. This issue may...
PT-2026-49731
Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.3.3 Description When a component utilizes a client: directive, the software inserts named slot content into a data-astro-template attribute without performing HTML escaping on the slot name. This allows an attacker to...
PT-2026-49633
Name of the Vulnerable Software and Affected Versions WooCommerce Stripe Payment Gateway versions prior to 10.7.1 Description The plugin is subject to unauthorized data modification because the ajax pay for order function lacks a capability check. Specifically, the wc stripe pay for order WC-AJAX...
PT-2026-49651
The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfb hide review and wprp save review admin AJAX handlers combined with insufficient path validation in the wpfb...
PT-2026-50103
Unauthenticated PHP Object Injection in NeoBeat = 1.7 versions...
PT-2026-52879
This update for container-suseconnect rebuilds it against the current go security release...
PT-2026-49743
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.0 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that triggers an infinite loop. This occurs when merging a file containing outlines into a writer. Recommendations Update to...
PT-2026-50105
Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...
PT-2026-50082
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
PT-2026-50072
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the Core component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Successful...
PT-2026-50175
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description When @n8n/mcp-browser is operated in HTTP transport mode using the --transport http flag, the MCP endpoint allows session initialization and tool invocation requests without...
PT-2026-50073
Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Public...
PT-2026-49908
Name of the Vulnerable Software and Affected Versions Oracle Unified Directory version 12.2.1.4.0 Oracle Unified Directory version 14.1.2.1.0 Description An issue exists in the OUD Core component of the Oracle Unified Directory product of Oracle Fusion Middleware. An unauthenticated attacker with...
PT-2026-50015
Name of the Vulnerable Software and Affected Versions Oracle JD Edwards EnterpriseOne Accounts Payable version 9.2 Description A flaw in the Accounts Payable component allows a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation can lead to a ful...
PT-2026-50117
Unauthenticated PHP Object Injection in Behold = 1.5 versions...
PT-2026-49727
Name of the Vulnerable Software and Affected Versions Perry versions prior to 0.5.1166 Description An issue in the JWT validation process allows remote attackers to bypass token expiration. This occurs because the verify decode helper within the stdlib JWT verification path unconditionally sets...
PT-2026-50041
Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Cost Management versions 12.2.3 through 12.2.15 Description An issue exists in the Cost Planning component of the Oracle Cost Management product. A high privileged attacker with network access via HTTP can exploi...
PT-2026-49828
Name of the Vulnerable Software and Affected Versions OpenStack Nova versions prior to 33.0.2 Description The server create API does not strip certain hint data, which results in the created instance having no Placement allocation. Recommendations Update to version 33.0.2...
PT-2026-53034
Impact An authenticated user with permission to create or modify workflows containing a Python Code node could bypass the AST security validator and access the task executor module namespace. On self-hosted instances where N8N BLOCK RUNNER ENV ACCESS=false is set, this extended to disclosure of...
PT-2026-52687
This update for containerized-data-importer rebuilds the current sources against latest go security release and the images against the latest released updates...
PT-2026-52878
This update for buildah rebuilds it against the current go security release...
PT-2026-52868
Summary Bleach 6.3.0 exposes a documented email-linkification path through bleach.linkify..., parse email=True. The implementation scans attacker-controlled text with EMAIL RE.finditer over the full character token and has no length, timeout, or linear prefilter before applying the dot-atom email...
PT-2026-52880
The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.86 version of the Mozilla certificate authority bundle...
PT-2026-49686
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description A memory safety bug exists in the software, which could lead to unexpected behavior or crashes when handling memory operations. Recommendations Update to version 152...
PT-2026-50149
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.8.1 Description The node:crypto.checkPrime and crypto.checkPrimeSync functions failed to perform Miller-Rabin rounds when the options.checks variable was left at its default value of 0. In this state, the software only...
PT-2026-50177
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with permissions to create or modify workflows can pollute the sandbox used by the Merge node's SQL Query mode. Since the sandbox context is cached and...
PT-2026-50057
Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Subledger Accounting versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Subledger Accounting product. A low privileged attacker with network access via...
PT-2026-49922
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content within Oracle Fusion Middleware. An unauthenticated attacker with network access via HTTP can compromise the...
PT-2026-49755
Name of the Vulnerable Software and Affected Versions LangGraph SQLite Checkpoint versions prior to 4.1.1 Description The JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. If an unauthorized party modifies checkpoint bytes at rest in the backing store, the...
PT-2026-49654
Name of the Vulnerable Software and Affected Versions NPort W2150A-W4/W2250A-W4 Series versions prior to 1.5.1 Description A stack-based buffer overflow occurs due to insufficient input validation of user-supplied input in the Server location parameter on the Basic settings page. An authenticated...
PT-2026-50050
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
PT-2026-49635
Unauthenticated Broken Access Control in JupiterX Core = 4.14.1 versions...
PT-2026-57168
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The Docker API server contains a server-side request forgery SSRF issue where the server makes requests to internal services due to a lack of destination validation for webhook URLs. This can lead t...
PT-2026-49867
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
PT-2026-49634
Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...
PT-2026-49951
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description An issue exists in the Security Framework component of the Oracle WebCenter Portal product of Oracle Fusion Middleware. A low privileged attacker...
PT-2026-49986
Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. An unauthenticated attacker with network access via JDENET can compromise th...
PT-2026-50064
Name of the Vulnerable Software and Affected Versions Oracle Universal Work Queue versions 12.2.3 through 12.2.15 Description An issue exists in the Work Provider Site Level Administration component of the Oracle Universal Work Queue product within Oracle E-Business Suite. A low privileged attack...
PT-2026-49942
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
PT-2026-50060
Name of the Vulnerable Software and Affected Versions Oracle Project Portfolio Analysis versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Project Portfolio Analysis product within Oracle E-Business Suite. A low privileged attacker with...
PT-2026-57550
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.8 Description The Docker API server contains credential exfiltration flaws due to improper input validation and insecure configuration handling. Unauthenticated attackers can redirect LLM API calls to external...
PT-2026-49734
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into a single comma-separated value. According to RFC 6265, each cookie must be its own...
PT-2026-50101
Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...
PT-2026-50147
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.12 Description When running in BYONM mode nodeModulesDir: "manual", the module resolver fails to validate that a package's resolved entrypoint remains within its node modules// directory. A malicious package.json...
PT-2026-49620
Name of the Vulnerable Software and Affected Versions Abandoned Contact Form 7 versions prior to 2.3 Description The plugin allows unauthenticated attackers to permanently delete arbitrary posts, pages, or other content on a site. This occurs because the action remove abandoned function, register...
PT-2026-49890
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content within Oracle Fusion Middleware. An unauthenticated attacker with...