184481 matches found
PT-2026-56301
Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0. - At least one OAuth client served by their application's authorization server requests the offline access scope, so refresh toke...
PT-2026-56297
Name of the Vulnerable Software and Affected Versions better-auth versions prior to 1.6.11 Description The legacy oidcProvider and mcp plugins expose an OAuth 2.0 token endpoint that fails to authenticate confidential clients during the refresh token grant. The system authenticates requests based...
PT-2026-56298
Name of the Vulnerable Software and Affected Versions @better-auth/sso versions 0.1.0 through 1.6.10 @better-auth/sso versions 1.7.0-beta.x Description An SSRF flaw exists in the provider registration flow where OpenID Connect OIDC endpoint URLs are accepted without proper validation. When...
PT-2026-56302
Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0, or enables the legacy oidc-provider or mcp plugins from better-auth/plugins. - Their application exposes /api/auth/oauth2/token o...
PT-2026-56145
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redis password, keydb password, dragonfly password, clickhouse admin user, clickhouse admin password, postgres user, mysql user are validated onl...
PT-2026-56210
Summary A critical vulnerability has been identified in EGroupware that may lead to Remote Code Execution RCE. The issue allows an authenticated attacker to execute arbitrary commands on the server. If user self-registration is enabled, the vulnerability may be exploitable without prior...
PT-2026-56217
Summary The function processes image URLs embedded in an HTML email body without validating or restricting URI schemes. The check !str starts with$myUrl, 'http' evaluates to true for file:// URIs, causing file get contents$basedir . urldecode$myUrl to read arbitrary files from the server filesyst...
PT-2026-56213
Summary An authenticated administrator can achieve OS-level Remote Code Execution RCE by uploading a malicious eTemplate XML file .xet to the VFS /etemplates mount. The Widget::expand name method passes template widget attribute values directly into a PHP eval call with only double-quote escaping...
PT-2026-56284
An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component...
PT-2026-56179
Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.3.0 Description An authorization bypass occurs when a user with permission to read a specific Dag can disclose the source code of other Dags located within the same source file. This issue affects deployments...
PT-2026-56175
Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.3.0 Description A bug in the BaseSerialization.deserialize function allows unrestricted import string of attacker-controlled class paths when the Scheduler or API Server loads a serialized DAG. A DAG author c...
PT-2026-56203
Name of the Vulnerable Software and Affected Versions Jastow affected versions not specified Description Jastow is susceptible to Cross-Site Scripting XSS, a flaw where malicious scripts are injected into trusted websites. This occurs due to improper input handling of unsanitized URIs when a...
PT-2026-56190
A stored XPATH injection vulnerability exists in opnsense's trust module. Any user if given just System: CA Manager permissions can use a bool side channel/oracle to slowly leak any secret in config.xml character by character. the injection point is in the refid field of a ca object. Write-up for...
PT-2026-56307
Summary pkg/scalers/postgresql scaler.go builds libpq-style connection strings by concatenating key=value pairs separated by spaces. Each tenant-controllable field host, port, userName, dbName, sslmode is passed through escapePostgreConnectionParameter: go func escapePostgreConnectionParameterstr...
PT-2026-56158
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...
PT-2026-56242
Name of the Vulnerable Software and Affected Versions Serena versions prior to 1.5.2 Description The built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port. This API lacks authentication, Cross-Site Request Forgery CSRF protection, and Host header validation. A D...
PT-2026-56283
Name of the Vulnerable Software and Affected Versions FreeType versions prior to commit 5a280ecde6f324de0d226261036e736e0cb49a71 Description An out-of-bounds read occurs in the TT Get Var Design implementation, which is utilized by FT Get Var Design Coordinates. This issue is located within the...
PT-2026-56243
Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.7.0 Description A missing authorization issue allows a shared user with user access on a budget file to perform file management actions reserved for the owner or an administrator. This occurs because the...
PT-2026-56164
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Reflected XSS. This issue affects Access Control System GKS: before Version 2...
PT-2026-56160
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
PT-2026-56165
Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Collect Data from Common Resource Locations. This issue affects Access Control System GKS: before Version 2...
PT-2026-56163
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Stored XSS. This issue affects Access Control System GKS: before Version 2...
PT-2026-56154
Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...
PT-2026-56156
Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3...
PT-2026-56152
MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords OTP to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3...
PT-2026-56125
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title parameter in all versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-56142
An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...
PT-2026-56162
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows XSS Targeting HTML Attributes. This issue affects Access Control System GKS: before Version 2...
PT-2026-56161
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
PT-2026-56188
A critical IBM Power HMC vulnerability CVE-2026-12943 allows unauthenticated attackers to execute commands. Patch your systems immediately. IBMPowerHMC Vulnerability CyberSecurity CVE202612943 Infosec https://t.co/vq3sOqaB4q...
PT-2026-56126
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentinel token setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...
PT-2026-56261
Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta4 Description The HTTP-tool OpenAPI schema importer validates only the top-level URL before passing it to SwaggerParser.bundle. The remote reference resolver within this bundle fetches $ref URLs without...
PT-2026-56262
Name of the Vulnerable Software and Affected Versions Hasura versions prior to 2.49.2 Hasura versions prior to 2.45.5 Description A flaw exists where a user can employ a where clause on a table computed field that returns SETOF some table to infer row values. This occurs even when those rows shou...
PT-2026-56264
Name of the Vulnerable Software and Affected Versions FastGPT versions prior to v4.15.0-beta5 Description Two file handlers fail to verify if a requested S3 object key belongs to the caller's team. Since S3 object keys are global within a bucket and only include the tenant ID as a path segment, a...
PT-2026-56256
Name of the Vulnerable Software and Affected Versions FluxInk Color Management Driver versions 1.0.7.2 through 1.0.7.5 Description The Color Management Driver TcnPeripheral64.sys allows a standard user account to achieve local privilege escalation. This is possible through arbitrary physical memo...
PT-2026-56257
Name of the Vulnerable Software and Affected Versions LocalAI affected versions not specified Description An unauthenticated server-side request forgery SSRF exists in the 'POST /models/apply' endpoint. This occurs because the endpoint passes unsanitized gallery URL fields to the...
PT-2026-56303
Summary The public parser entrypoint ratex parser::parse&str panics on the 9-byte input verbéxé i.e. verb followed by the non-ASCII delimiter é. When handling a verb command, the parser slices the verbatim argument with byte indices arg1..arg.len - 1; if the delimiter character is multibyte UTF-8...
PT-2026-56131
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Terminal websocket bootstrap routes only verify authentication but fail to enforce terminal authorization. This allows a low-privileged team member to connect to these routes and execute...
PT-2026-56166
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description Information regarding this issue is limited to its discovery through AI-driven research workflows focused on Web3 security. Recommendations At the moment, there is no information about a newer...
PT-2026-56143
Uncaught Exception CWE-248 in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior to vCR9.50.260616a distributed in 9.50.1587MR1 9.40 prior to...
PT-2026-56255
Name of the Vulnerable Software and Affected Versions Cognee versions prior to 1.2.0 Description Improper access control allows unauthenticated attackers to overwrite the global LLM provider configuration. By self-registering an account and calling the '/api/v1/settings' endpoint, which lacks adm...
PT-2026-56248
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An issue exists in the H2 database JDBC URL validation logic where special Unicode characters can be used to bypass security checks. This occurs because the case-conversion behavior of these...
PT-2026-56168
A flaw was found in GIMP's PSD parser. An integer overflow in read RLE channel can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or...
PT-2026-56861
These are all security issues fixed in the libsuricata8 0 5-8.0.5-2.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-56128
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...
PT-2026-56135
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated user can inject additional shell statements that execute on the remote server during deployment. This occurs because pre-deployment and post-deployment commands are...
PT-2026-56138
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...
PT-2026-56167
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...
PT-2026-56129
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...
PT-2026-56237
Name of the Vulnerable Software and Affected Versions Chevereto versions 3.7.5 through 4.5.3 Description An issue exists in the self-hosted media-sharing platform where the /json AJAX listing endpoint fails to enforce private profile restrictions. While the profile HTML route /username correctly...