184462 matches found
PT-2026-56160
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
PT-2026-56165
Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Collect Data from Common Resource Locations. This issue affects Access Control System GKS: before Version 2...
PT-2026-56163
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Stored XSS. This issue affects Access Control System GKS: before Version 2...
PT-2026-56154
Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...
PT-2026-56156
Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3...
PT-2026-56152
MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords OTP to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3...
PT-2026-56125
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title parameter in all versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-56142
An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...
PT-2026-56162
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows XSS Targeting HTML Attributes. This issue affects Access Control System GKS: before Version 2...
PT-2026-56161
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
PT-2026-56188
A critical IBM Power HMC vulnerability CVE-2026-12943 allows unauthenticated attackers to execute commands. Patch your systems immediately. IBMPowerHMC Vulnerability CyberSecurity CVE202612943 Infosec https://t.co/vq3sOqaB4q...
PT-2026-56126
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentinel token setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...
PT-2026-56261
Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta4 Description The HTTP-tool OpenAPI schema importer validates only the top-level URL before passing it to SwaggerParser.bundle. The remote reference resolver within this bundle fetches $ref URLs without...
PT-2026-56262
Name of the Vulnerable Software and Affected Versions Hasura versions prior to 2.49.2 Hasura versions prior to 2.45.5 Description A flaw exists where a user can employ a where clause on a table computed field that returns SETOF some table to infer row values. This occurs even when those rows shou...
PT-2026-56264
Name of the Vulnerable Software and Affected Versions FastGPT versions prior to v4.15.0-beta5 Description Two file handlers fail to verify if a requested S3 object key belongs to the caller's team. Since S3 object keys are global within a bucket and only include the tenant ID as a path segment, a...
PT-2026-56256
Name of the Vulnerable Software and Affected Versions FluxInk Color Management Driver versions 1.0.7.2 through 1.0.7.5 Description The Color Management Driver TcnPeripheral64.sys allows a standard user account to achieve local privilege escalation. This is possible through arbitrary physical memo...
PT-2026-56257
Name of the Vulnerable Software and Affected Versions LocalAI affected versions not specified Description An unauthenticated server-side request forgery SSRF exists in the 'POST /models/apply' endpoint. This occurs because the endpoint passes unsanitized gallery URL fields to the...
PT-2026-56303
Summary The public parser entrypoint ratex parser::parse&str panics on the 9-byte input verbéxé i.e. verb followed by the non-ASCII delimiter é. When handling a verb command, the parser slices the verbatim argument with byte indices arg1..arg.len - 1; if the delimiter character is multibyte UTF-8...
PT-2026-56131
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Terminal websocket bootstrap routes only verify authentication but fail to enforce terminal authorization. This allows a low-privileged team member to connect to these routes and execute...
PT-2026-56166
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description Information regarding this issue is limited to its discovery through AI-driven research workflows focused on Web3 security. Recommendations At the moment, there is no information about a newer...
PT-2026-56143
Uncaught Exception CWE-248 in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior to vCR9.50.260616a distributed in 9.50.1587MR1 9.40 prior to...
PT-2026-56144
Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...
PT-2026-56255
Name of the Vulnerable Software and Affected Versions Cognee versions prior to 1.2.0 Description Improper access control allows unauthenticated attackers to overwrite the global LLM provider configuration. By self-registering an account and calling the '/api/v1/settings' endpoint, which lacks adm...
PT-2026-56248
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An issue exists in the H2 database JDBC URL validation logic where special Unicode characters can be used to bypass security checks. This occurs because the case-conversion behavior of these...
PT-2026-56168
A flaw was found in GIMP's PSD parser. An integer overflow in read RLE channel can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or...
PT-2026-56861
These are all security issues fixed in the libsuricata8 0 5-8.0.5-2.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-56128
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...
PT-2026-56135
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated user can inject additional shell statements that execute on the remote server during deployment. This occurs because pre-deployment and post-deployment commands are...
PT-2026-56138
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...
PT-2026-56167
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...
PT-2026-56129
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...
PT-2026-56237
Name of the Vulnerable Software and Affected Versions Chevereto versions 3.7.5 through 4.5.3 Description An issue exists in the self-hosted media-sharing platform where the /json AJAX listing endpoint fails to enforce private profile restrictions. While the profile HTML route /username correctly...
PT-2026-57131
The golang.org/x/crypto/openpgp package is unsafe by design, has numerous known security issues, is not maintained, and should not be used. If you are required to interoperate with OpenPGP systems and need a maintained package, consider github.com/ProtonMail/go-crypto/openpgp which is a maintaine...
PT-2026-56182
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary...
PT-2026-56281
Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearb...
PT-2026-56130
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources...
PT-2026-56177
A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...
PT-2026-56146
The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...
PT-2026-56305
Summary Project.AddFile, Project.EditFile, Project.RemoveFile, and Project.Edit in cmd/server/api/project/handler.go accept a project or project-file row id from the JSON body and act on it without checking that the project belongs to the caller's namespace. The corresponding...
PT-2026-56294
Summary Authenticated Kite users with any role can request /api/v1/overview for a cluster that their roles do not permit by selecting that cluster with x-cluster-name. The overview route is registered before middleware.RBACMiddleware and GetOverview only checks lenuser.Roles 0, so it returns...
PT-2026-56295
Summary From v1.13.2 through v1.18.0, oasdiff did not enforce --allow-external-refs=false library: openapi3.Loader.IsExternalRefsAllowed = false when loading a spec from a git revision the rev:path form, e.g. main:openapi.yaml. External $refs were resolved on that load path even when external ref...
PT-2026-56306
Click here to jump to the Simplified Chinese version 点击跳转到简体中文版本 Goploy System Arbitrary File Read Vulnerability Basic Information - Vulnerability Name: Goploy Endpoints Arbitrary File Read via Path Traversal - Vulnerability Type: Path Traversal CWE-22 / Arbitrary File Read - Affected Product:...
PT-2026-56199
A logic vulnerability was found in GStreamer's webrtcbin component. The check sdp crypto function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An...
PT-2026-56215
Name of the Vulnerable Software and Affected Versions Open Neural Network Exchange ONNX versions 1.9.0 through 1.21.0 Description Processing an untrusted model with an Upsample node containing zero inputs can lead to an unrecoverable denial of service. The issue occurs when the onnx.version...
PT-2026-56159
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...
PT-2026-56151
Name of the Vulnerable Software and Affected Versions Excelize versions prior to 2.11.0 Description The checkSheet function in the library uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Excel row limit. A...
PT-2026-56478
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description On Unix systems, opening a file in an os.Root improperly follows symbolic links to locations outside of the Root. This occurs when the final path component of a...
PT-2026-56252
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated user capable of creating or modifying chart definitions, or submitting chart data requests containing quota filters, can inject SQL into queries executed against configured...
PT-2026-56214
Name of the Vulnerable Software and Affected Versions New API versions prior to 0.12.0-alpha.1 Description The email and WeChat account binding endpoints use GET requests for state-changing account operations. In deployments where session cookies are sent on cross-site navigations, an attacker ca...
PT-2026-56268
Name of the Vulnerable Software and Affected Versions mem0 affected versions not specified Description Unauthenticated config API endpoints expose LLM API keys in plaintext and enable server-side request forgery SSRF, a technique where an attacker induces the server to make requests to an...