184462 matches found
PT-2026-56254
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The ShareSecretManage component uses a hardcoded default share link signature key. An attacker who obtains a passwordless share for a resource and user can use the known key link-pwd-fit2cloud to...
PT-2026-56250
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record. When the record is subsequently deleted, the backend concatenates this store...
PT-2026-56246
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description Authenticated users can perform unauthorized actions on export tasks belonging to other users by manipulating the task ID parameter. Affected actions include downloading files via the...
PT-2026-56245
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description A share mode chart data interface fails to validate whether the tableId and field IDs provided in the request body belong to the shared resource. It only verifies that the sceneId matches the...
PT-2026-56206
AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...
PT-2026-56173
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...
PT-2026-56189
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-56275
Name of the Vulnerable Software and Affected Versions String::Util versions prior to 1.36 Description String::Util for Perl is susceptible to a regular expression denial of service. The trim and rtrim functions use a regular expression to strip trailing whitespace. Because the s pattern matches...
PT-2026-56176
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description The Bulk Variables API fails to pass the variable's key to the redactor. This prevents the should hide value for key function from identifying secret-suffixed key names, such as password, toke...
PT-2026-56153
MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3...
PT-2026-56192
This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...
PT-2026-56304
Summary RaTeX’s recursive-descent parser recurses one or more native stack frame per nesting level at , left, sqrt, ^, etc, with no maximum depth limit. A short, 10 KB input of nested groups overflows the 8 MB main-thread stack and aborts the process. With panic = "abort" Cargo.toml:48, and becau...
PT-2026-56147
The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...
PT-2026-56234
9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...
PT-2026-56140
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...
PT-2026-56209
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...
PT-2026-56260
Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0 Description An issue exists where the endpoint "/api/core/ai/record/getRecord" authenticates the caller but fails to implement team scoping when loading LLM request and response traces. By providing a known...
PT-2026-56186
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-56299
Am I affected? Users are affected if all of the following are true: - Their application uses better-auth with the organization plugin import organization from "better-auth/plugins/organization". - Their application enables a sign-up surface that allows arbitrary unverified email registration. Mos...
PT-2026-56150
The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users...
PT-2026-56148
Name of the Vulnerable Software and Affected Versions uncanny-automator-pro WordPress plugin versions prior to 7.3.0.6 Description The software was distributed with malicious code following a compromise of the vendor's update and distribution infrastructure. This supply chain compromise introduce...
PT-2026-56183
Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...
PT-2026-56280
Name of the Vulnerable Software and Affected Versions mem0 openmemory/api affected versions not specified Description The openmemory/api component allows unauthenticated access to API routers that lack authentication middleware. This enables attackers to read, write, and delete arbitrary user...
PT-2026-56279
Name of the Vulnerable Software and Affected Versions Cap affected versions not specified Description The 'GET /api/video/ai' endpoint fails to validate user ownership or membership. This allows authenticated attackers to provide arbitrary video IDs to access private AI metadata, such as titles,...
PT-2026-56191
Name of the Vulnerable Software and Affected Versions AMP for WP versions prior to 1.1.13 Description An Arbitrary File Write issue exists due to unsafe ZIP file extraction within the ampforwp save local font function, coupled with inadequate cleanup that fails to remove nested directories and...
PT-2026-56232
Name of the Vulnerable Software and Affected Versions HTTP::Tiny versions prior to 0.095 Description When a server returns a 3xx redirect, the maybe redirect function follows the Location: header and the prepare headers and cb function re-merges the caller's headers argument into the new request...
PT-2026-56235
An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system...
PT-2026-56157
Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...
PT-2026-56137
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source tool for managing servers, applications, and databases. An authenticated member can execute commands as root on managed servers by injecting shell metacharacters in...
PT-2026-56136
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. An authenticated user can execute commands on managed servers when a resource is deleted...
PT-2026-56300
Am I affected? Users are affected if all of the following are true: - Their application uses better-auth at a version 1.6.11 on the stable line, or any current next pre-release. - emailAndPassword.enabled: true is set in their application's betterAuth ... configuration. - At least one OAuth or SS...
PT-2026-56301
Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0. - At least one OAuth client served by their application's authorization server requests the offline access scope, so refresh toke...
PT-2026-56297
Name of the Vulnerable Software and Affected Versions better-auth versions prior to 1.6.11 Description The legacy oidcProvider and mcp plugins expose an OAuth 2.0 token endpoint that fails to authenticate confidential clients during the refresh token grant. The system authenticates requests based...
PT-2026-56298
Name of the Vulnerable Software and Affected Versions @better-auth/sso versions 0.1.0 through 1.6.10 @better-auth/sso versions 1.7.0-beta.x Description An SSRF flaw exists in the provider registration flow where OpenID Connect OIDC endpoint URLs are accepted without proper validation. When...
PT-2026-56302
Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0, or enables the legacy oidc-provider or mcp plugins from better-auth/plugins. - Their application exposes /api/auth/oauth2/token o...
PT-2026-56145
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redis password, keydb password, dragonfly password, clickhouse admin user, clickhouse admin password, postgres user, mysql user are validated onl...
PT-2026-56210
Summary A critical vulnerability has been identified in EGroupware that may lead to Remote Code Execution RCE. The issue allows an authenticated attacker to execute arbitrary commands on the server. If user self-registration is enabled, the vulnerability may be exploitable without prior...
PT-2026-56217
Summary The function processes image URLs embedded in an HTML email body without validating or restricting URI schemes. The check !str starts with$myUrl, 'http' evaluates to true for file:// URIs, causing file get contents$basedir . urldecode$myUrl to read arbitrary files from the server filesyst...
PT-2026-56213
Summary An authenticated administrator can achieve OS-level Remote Code Execution RCE by uploading a malicious eTemplate XML file .xet to the VFS /etemplates mount. The Widget::expand name method passes template widget attribute values directly into a PHP eval call with only double-quote escaping...
PT-2026-56284
An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component...
PT-2026-56179
Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.3.0 Description An authorization bypass occurs when a user with permission to read a specific Dag can disclose the source code of other Dags located within the same source file. This issue affects deployments...
PT-2026-56175
Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.3.0 Description A bug in the BaseSerialization.deserialize function allows unrestricted import string of attacker-controlled class paths when the Scheduler or API Server loads a serialized DAG. A DAG author c...
PT-2026-56203
Name of the Vulnerable Software and Affected Versions Jastow affected versions not specified Description Jastow is susceptible to Cross-Site Scripting XSS, a flaw where malicious scripts are injected into trusted websites. This occurs due to improper input handling of unsanitized URIs when a...
PT-2026-56190
A stored XPATH injection vulnerability exists in opnsense's trust module. Any user if given just System: CA Manager permissions can use a bool side channel/oracle to slowly leak any secret in config.xml character by character. the injection point is in the refid field of a ca object. Write-up for...
PT-2026-56307
Summary pkg/scalers/postgresql scaler.go builds libpq-style connection strings by concatenating key=value pairs separated by spaces. Each tenant-controllable field host, port, userName, dbName, sslmode is passed through escapePostgreConnectionParameter: go func escapePostgreConnectionParameterstr...
PT-2026-56158
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...
PT-2026-56242
Name of the Vulnerable Software and Affected Versions Serena versions prior to 1.5.2 Description The built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port. This API lacks authentication, Cross-Site Request Forgery CSRF protection, and Host header validation. A D...
PT-2026-56283
Name of the Vulnerable Software and Affected Versions FreeType versions prior to commit 5a280ecde6f324de0d226261036e736e0cb49a71 Description An out-of-bounds read occurs in the TT Get Var Design implementation, which is utilized by FT Get Var Design Coordinates. This issue is located within the...
PT-2026-56243
Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.7.0 Description A missing authorization issue allows a shared user with user access on a budget file to perform file management actions reserved for the owner or an administrator. This occurs because the...
PT-2026-56164
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Reflected XSS. This issue affects Access Control System GKS: before Version 2...