184419 matches found
PT-2026-56544
Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.82.0-stable Description LiteLLM is a proxy server that acts as an AI Gateway for calling LLM APIs. A flaw exists in the production create and update paths of the Custom Code Guardrails, which failed to apply the sam...
PT-2026-56580
Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization for multipart/form-data endpoints, causing the amount of work to grow quadratically with the number of...
PT-2026-56495
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...
PT-2026-56486
repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...
PT-2026-56484
OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv files can override provider credentials. Attackers with lower-trust access to configured input paths can expose sensitive data and credentials that should remain within trusted boundaries...
PT-2026-56605
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, check function argument names rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...
PT-2026-56567
Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by sending PUT requests to the revoke access and undo revoke access actions without seller ownership...
PT-2026-56469
repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...
PT-2026-56600
Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...
PT-2026-56587
GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to imprope...
PT-2026-56655
Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...
PT-2026-56549
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...
PT-2026-56551
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...
PT-2026-56550
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...
PT-2026-56474
U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp rx state machine net/tcp.c when CONFIG PROT TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field...
PT-2026-56757
Aaron Rainbolt discovered that the cautious-launcher utility in the mailcap package did not properly restrict the execution of certain file types. An attacker could use this issue to escape a sandboxed application and execute arbitrary code on the host operating system...
PT-2026-56527
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.14.0 Description An attacker can craft a PDF containing repeated malformed cross-reference streams. This causes the library to spend excessive runtimes attempting to recover broken cross-reference table entries, leadi...
PT-2026-56562
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...
PT-2026-56537
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...
PT-2026-56566
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...
PT-2026-56458
A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...
PT-2026-56556
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...
PT-2026-56576
HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...
PT-2026-56603
Name of the Vulnerable Software and Affected Versions libp2p versions prior to 16.0.0 Description In the @libp2p/gossipsub module, the defaultDecodeRpcLimits configuration sets maxIhaveMessageIDs and maxIwantMessageIDs to Infinity. This allows oversized IHAVE and IWANT control message arrays in...
PT-2026-56574
Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2025.0.8 MOVEit Transfer versions 2025.1.0 through 2025.1.3 Description Progress MOVEit Transfer contains a path equivalence issue within its File Upload modules. This flaw has been targeted by numerous...
PT-2026-56514
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...
PT-2026-56494
Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.18 Description The tar.replace function accepts a checksum-valid tar header containing a negative base-256 encoded entry size. This causes the archive scanner to enter a loop where it repeatedly parses the same...
PT-2026-56493
Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.19 Description Insufficient enforcement of hard upper bounds on total decompressed data, entry counts, or decompression ratio within extraction and parsing paths, such as src/extract.ts, allows a crafted gzip bom...
PT-2026-56419
Name of the Vulnerable Software and Affected Versions Omnissa Workspace ONE® Tunnel for Windows affected versions not specified Description A local privilege escalation issue exists that allows a malicious actor with local access to a device to elevate their privileges. Recommendations At the...
PT-2026-56575
Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component allow an unauthenticated attacker with network access to cause a denial of service DoS condition or...
PT-2026-56456
Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions 2026.0.0 through 2026.0.0 MOVEit Transfer versions 2025.1.0 through 2025.1.3 MOVEit Transfer versions 2025.0.0 through 2025.0.7 Description Stored cross-site scripting XSS occurs in the Ad Hoc module due to improper...
PT-2026-56470
OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...
PT-2026-56507
Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...
PT-2026-56553
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...
PT-2026-56497
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends...
PT-2026-56482
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...
PT-2026-56498
Name of the Vulnerable Software and Affected Versions Immutable.js versions prior to 4.3.9 Immutable.js versions prior to 5.1.8 Description Certain functions mishandle an index or size within the range 2 30 to 2 31 in the setListBounds function located in src/List.js. This can lead to an empty Li...
PT-2026-56464
An OS command injection vulnerability exists in the start lltd function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine name configuration parameter is not properly sanitized, which could allow an authenticated remote...
PT-2026-56477
IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update...
PT-2026-56557
A flaw was found in guardrails-detectors, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service ReDoS, allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,...
PT-2026-56491
js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11 SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...
PT-2026-56492
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPathentry.path.split'/' to throw an uncaught TypeError. This issue is...
PT-2026-56434
FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman channel close and dvcman call on receive due to improper synchronization of channel callback access. A malicious RDP server can trigger a race condition by sending DYNVC DATA and DYNVC CLOSE messages concurrently, causing...
PT-2026-56499
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...
PT-2026-56592
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...
PT-2026-56591
Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...
PT-2026-56643
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description Insufficient policy enforcement in the Passwords component allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or...
PT-2026-56651
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description An uninitialized use in the V8 engine allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. V8 is the open-source JavaScript and...
PT-2026-56627
Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. Chromium security severity: High...
PT-2026-56649
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description Insufficient policy enforcement in the Navigation component allows a remote attacker to bypass site isolation by using a crafted HTML page. Site isolation is a security feature that...