184452 matches found
PT-2026-56241
Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.0 commit dd692d9 Description A heap buffer overflow occurs in the html quote string function within src/convert.c. A remote attacker can trigger memory corruption by providing a crafted HTML attribute containing...
PT-2026-56238
Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.1 Description A heap buffer underread exists in the clean metalink string function within src/metalink.c. This occurs when the software processes a Metalink document containing a URL consisting only of whitespac...
PT-2026-56240
Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.0 commit c2640fe Description A heap buffer overflow occurs in the convert fname function within src/url.c. This issue is triggered when a server-supplied filename requires character set conversion and the output...
PT-2026-56149
Name of the Vulnerable Software and Affected Versions WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell versions prior to 3.12.8 Description Unauthenticated attackers can achieve Remote Code Execution by sending unsanitized values through the postData parameter. The plug...
PT-2026-56278
Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and the presence of hard-coded credentials in the firmware...
PT-2026-56211
Name of the Vulnerable Software and Affected Versions New API versions prior to 0.12.0-alpha.1 Description An issue exists where the default Server-Side Request Forgery SSRF protection configuration fails to apply IP filtering to hostnames. Because the ApplyIPFilterForDomain setting is disabled b...
PT-2026-56172
Name of the Vulnerable Software and Affected Versions SSSD affected versions not specified Description A path traversal flaw exists in the AD GPO provider of SSSD. The ad gpo extract smb components function fails to sanitize .. sequences within the gPCFileSysPath LDAP attribute. This allows an...
PT-2026-56171
A flaw was found in SSSD's LDAP sudo provider. When the ldap sudo search base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo...
PT-2026-56479
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Handshakes using Encrypted Client Hello ECH, a mechanism designed to encrypt the initial handshake of a TLS connection to protect client privacy, could be...
PT-2026-56187
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-56283
Name of the Vulnerable Software and Affected Versions FreeType versions prior to commit 5a280ecde6f324de0d226261036e736e0cb49a71 Description An out-of-bounds read occurs in the TT Get Var Design implementation, which is utilized by FT Get Var Design Coordinates. This issue is located within the...
PT-2026-56243
Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.7.0 Description A missing authorization issue allows a shared user with user access on a budget file to perform file management actions reserved for the owner or an administrator. This occurs because the...
PT-2026-56265
Name of the Vulnerable Software and Affected Versions OpenWrt versions prior to 25.12.5 Description An integer underflow occurs in the handle send a function of the Emergency Access Daemon. An unauthenticated attacker on the local network can trigger this by sending a single crafted UDP packet,...
PT-2026-56258
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The public dashboard deletion endpoint does not enforce organization isolation. This allows an Org Admin from one organization to delete public dashboards...
PT-2026-56195
Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.6 Django versions 5.2 through 5.2.15 Description UpdateCacheMiddleware and the cache page decorator cache responses that vary on cookies when the incoming request contains unrelated cookies. This behavior allows...
PT-2026-56196
Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.6 Django versions 5.2 through 5.2.15 Description An issue exists where django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object. This can lead to the disclosure of...
PT-2026-56690
Summary Installing files through .install files do not check symlinks resolution of the target path, and so can bypass sandboxing. Exploit Let's imagine a test package whose test.install file looks like the following: share root: "test" "blah/pwnd" and test.opam file: opam-version: "2.0" install:...
PT-2026-56272
Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.650 Description Code injection is possible via a caller-influenced Profile attribute. When a string is assigned to this attribute, the software splits it into path, package, and arguments, then interpolates the package...
PT-2026-56204
Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions prior to 12.2 Description Esri Portal for ArcGIS on Windows, Linux, and Kubernetes contains a flaw where a critical function lacks proper authentication. This allows a remote, unauthenticated attacker to access ...
PT-2026-55862
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/my account.php?my wishlist. The manipulation of the argument delete wishlist results in sql injection. The attack can be launched remotely. The exploit has been released t...
PT-2026-55931
Imager versions before 1.032 for Perl have a heap out-of-bounds read in the bundled Imager::File::SGI reader via a 16-bit RLE literal run in read rgb 16 rle. read rgb 16 rle guards each literal run with if count data left, but count is a pixel count while every 16-bit sample consumes two bytes. T...
PT-2026-55859
A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. This affects an unknown part of the file /apartment-visitor/report.php. Performing a manipulation of the argument fromdate results in sql injection. It is possible to initiate the attack remotely. The exploit has been...
PT-2026-55925
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...
PT-2026-55857
A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...
PT-2026-55873
Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password...
PT-2026-55932
Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i readjpeg wiol. i readjpeg wiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptc itext = mymalloc... and overwrites the previous...
PT-2026-55851
Name of the Vulnerable Software and Affected Versions Mojo::JSON versions prior to 9.47 Description The pure-Perl decoder allows memory exhaustion due to unbounded recursion. Specifically, the decode path where decode value dispatches to decode array and decode object lacks a depth limit, enablin...
PT-2026-56052
Summary Formie Hidden fields could evaluate request-derived values as Twig during front-end form rendering. When a Hidden field used a dynamic default value such as HTTP User Agent, Referer URL, Current URL, Query Parameter, or Cookie Value, the value was copied from the incoming request and late...
PT-2026-55838
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the r str word get0set function within the libr/util/str.c file. This issue allows a local attacker to trigger the overflow through specific manipulation...
PT-2026-55864
The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...
PT-2026-55985
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when invoking device input/output control operations for mapping and unmapping persistent memory buffers. This issue is caused by improp...
PT-2026-55986
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when processing multiple IOCTL Input/Output Control calls that use the same buffer file descriptor input. This issue is caused by a...
PT-2026-55944
pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secrets dir. When secrets nested subdir=True, a directory entry inside secrets dir that is a symbolic link pointing outside secrets d...
PT-2026-55929
A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf isom nalu sample rewrite of the file src/isomedia/avc ext.c of the component MP4Box. This manipulation of the argument nalu out bs causes double free. It is possible to launch the attack on the local...
PT-2026-55955
Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 3.0.0-M4 Description Untrusted Java deserialization occurs in the SvmDoccatModel.deserializeInputStream function. The function uses java.io.ObjectInputStream to read an attacker-controlled stream and calls...
PT-2026-55912
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation exists in the camel-aws2-sns component. The Sns2HeaderFilterStrategy...
PT-2026-55850
A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function r core bin load of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly a...
PT-2026-55852
A vulnerability was detected in radareorg radare2 up to 6.1.6. Affected by this issue is some unknown functionality of the file libr/bin/format/mdmp/mdmp.c of the component Memory64ListStream Parser. Performing a manipulation results in stack-based buffer overflow. The attack requires a local...
PT-2026-55868
The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...
PT-2026-55861
A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /apartment-visitor/visitor-entry.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit is...
PT-2026-55926
Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets. 'Elixir.HPAX.Types':decode...
PT-2026-55837
A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...
PT-2026-55854
A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...
PT-2026-55860
A vulnerability was determined in CodeAstro Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /apartment-visitor/edit-apartment.php. Executing a manipulation of the argument editid can lead to sql injection. It is possible to launch the attack remotely...
PT-2026-56053
Name of the Vulnerable Software and Affected Versions @xhmikosr/decompress versions prior to 10.2.1 @xhmikosr/decompress versions prior to 11.1.3 decompress versions prior to 4.3.0 Description When extracting archives to a directory, a crafted archive can read or write files outside that director...
PT-2026-55879
Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description An authentication bypass issue exists due to insufficient validation of the sessionId parameter within certain Thrift RPC query handlers. An attacker can forge the sessionId to bypass the...
PT-2026-55886
☕ Apache Camel critical alert: CVE-2026-43867 hits the camel-pqc component. Post-quantum key metadata deserialized via ObjectInputStream with zero ObjectInputFilter — unauthenticated RCE risk at CVSS 9.8. Check your Camel builds now. AppSec Apache https://t.co/iaMBNrOfI0 https://t.co/mkIJ19Sd5Y...
PT-2026-55899
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection and Server-Side Request Forgery SSRF issue exists in the Apache Camel Solr component. T...
PT-2026-56212
Name of the Vulnerable Software and Affected Versions xWiki versions prior to 17.10.5 xWiki versions prior to 18.2.0 Description When used with Jetty 12+, a user can craft a URL to access any resource the Jetty instance is permitted to access. This allows for the unauthorized download of sensitiv...
PT-2026-56058
Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to v2.4.4-rc.2 Description The scheduler's v1 gRPC service is vulnerable to an unauthenticated Server-Side Request Forgery SSRF. A remote attacker can force the scheduler to make HTTP GET requests to arbitrary internal...