175420 matches found
PT-2026-48281
CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to...
PT-2026-48183
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service DoS via a HTTP request...
PT-2026-47850
Name of the Vulnerable Software and Affected Versions FreeSWITCH versions prior to 1.11.1 Description In the mod verto module, the JSON-RPC handler binds the connection to the client-supplied sessid during the first frame before the authentication gate. This binding process inserts the connection...
PT-2026-48053
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
PT-2026-48080
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
PT-2026-48192
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
PT-2026-48172
An arbitrary file deletion vulnerability in the /api/delete-temp-license/file endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences...
PT-2026-48177
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wl radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
PT-2026-48094
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...
PT-2026-48077
Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier Description A DOM-based Cross-Site Scripting XSS issue allows an attacker to execute malicious JavaScript within the victim's browser by manipulating the Document Object...
PT-2026-48081
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect Open Redirect vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this iss...
PT-2026-48079
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
PT-2026-48245
Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 through 26.001.21651 Description An out-of-bounds write occurs during TIF file parsing due to an integer overflow. This issue allows for arbitrary code execution in the context of the current user, provided...
PT-2026-47982
Name of the Vulnerable Software and Affected Versions Windows SDK affected versions not specified Description A use after free issue allows an authorized attacker to elevate privileges locally, which can affect the system. Use after free is a memory corruption flaw that occurs when an application...
PT-2026-47812
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not...
PT-2026-48066
Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...
PT-2026-48189
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
PT-2026-48111
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. Secure Boot is a security standard developed by members of the PC...
PT-2026-48236
21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...
PT-2026-47794
Name of the Vulnerable Software and Affected Versions Netcad Software Inc. E-İmar versions 2.10.1.0 through 3.0.1 Description Improper neutralization of special elements used in an SQL command allows for SQL injection, a technique where malicious SQL statements are inserted into entry fields for...
PT-2026-48071
Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...
PT-2026-47528
SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...
PT-2026-48068
Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...
PT-2026-48312
Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...
PT-2026-48033
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
PT-2026-48343
Description CVE-2024-50340 GHSA-x8vp-gf4q-mw5j addressed an issue where, with register argc argv=On, a crafted query string let an unauthenticated GET change the kernel environment and debug flag by feeding --env/--no-debug through $ SERVER'argv'. The fix shipped in symfony/runtime 5.4.46 / 6.4.1...
PT-2026-48224
Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...
PT-2026-48344
Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINAL COMMANDS whitelist and achieving full Remote Code Executio...
PT-2026-47833
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status request extension. This triggers a double-free in the client's certificate verification pa...
PT-2026-48085
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
PT-2026-47741
Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Editors with permissions to create or modify page content can include HTML markup in page titles. These titles are stored in the search index withou...
PT-2026-47695
Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
PT-2026-48113
Name of the Vulnerable Software and Affected Versions Windows Kernel affected versions not specified Description A use-after-free condition in the Windows Kernel allows an authorized attacker to perform a local elevation of privilege, enabling them to gain administrative access to the system...
PT-2026-48184
Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save list data parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
PT-2026-47835
Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...
PT-2026-48209
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
PT-2026-48063
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
PT-2026-48220
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2026-47972
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
PT-2026-47808
Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.9.0.1 Ivanti EPMM versions prior to 12.8.0.3 Ivanti EPMM versions prior to 12.7.0.2 Description An OS command injection issue allows a remote authenticated attacker to execute arbitrary commands with root...
PT-2026-47887
Name of the Vulnerable Software and Affected Versions Windows RDP affected versions not specified Description An out-of-bounds read in Windows Remote Desktop Protocol RDP allows an unauthorized attacker to disclose information over a network. This issue enables unauthenticated snooping of sensiti...
PT-2026-47757
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the tap get user xdp function. When a frame is shorter than ETH HLEN, the function returns -EINVAL; similarly, it returns -ENOMEM if build skb fails. In both...
PT-2026-47719
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An information disclosure issue exists in the io uring subsystem during the IORING OP WAITID operation. The io waitid finish function copies the info field from struct io waitid to...
PT-2026-47792
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the 9p filesystem implementation, the v9fs apply options function incorrectly applies parsed mount flags using a bitwise OR operation instead of replacing existing flags. For 9P2000.L...
PT-2026-47948
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...
PT-2026-48311
Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...
PT-2026-48052
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
PT-2026-47739
Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users with file writ...
PT-2026-47820
Name of the Vulnerable Software and Affected Versions NETGEAR router models affected versions not specified Description Insufficient input validation allows an authenticated administrator with local network access to submit crafted input. This action bypasses intended management interface...
PT-2026-48221
Name of the Vulnerable Software and Affected Versions Substance3D Sampler versions 6.0.0 and earlier Description An out-of-bounds write occurs when the software processes a malicious file. This issue can lead to arbitrary code execution within the context of the current user and requires user...