PT-2026-48161

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf opus parse packet header function media tools/av parsers.c. bThis vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

PT-2026-47701

UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity...

PT-2026-48197

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48226

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...

PT-2026-48297

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

PT-2026-47984

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A failure in the Mark of the Web MOTW protection mechanism allows an unauthorized attacker to bypass a security feature over a network, which can affect the system. Recommendations At the...

PT-2026-47810

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via...

PT-2026-48144

InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2026-48167

Name of the Vulnerable Software and Affected Versions bookcars version 8.3 Description A lack of cryptographic signature verification in the validateAccessToken function allows attackers to bypass authentication by using a forged JSON Web Token JWT, which is a compact, URL-safe means of...

PT-2026-48322

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

PT-2026-48078

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

PT-2026-47769

KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kc ad' parameter in base.css.php or kittycatfish.php to extract...

PT-2026-48047

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

PT-2026-47973

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting XSS, a condition where malicious scripts are injected into trusted websites...

PT-2026-47977

Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...

PT-2026-47889

Name of the Vulnerable Software and Affected Versions Windows Hotpatch Monitoring Service affected versions not specified Description An out-of-bounds write in the Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally. An out-of-bounds write occurs when a program...

PT-2026-48341

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

PT-2026-48163

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

PT-2026-47642

In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service DoS condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11...

PT-2026-47790

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the drm/nouveau component when aperture remove conflicting pci devices fails during the probe process. The error path returns immediately without releasing the nv...

PT-2026-47539

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the...

PT-2026-48301

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description The ldapQueryPassword parameter, when configured using the runtime setParameter command, causes the new password to be recorded in plain text within the mongod.log file. Recommendations At th...

PT-2026-47819

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description Insufficient input validation allows authenticated administrators connected to the local network to make unauthorized modifications to router software and functionality...

PT-2026-47765

Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the...

PT-2026-48178

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the Go parameter of the ask to reboot function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

PT-2026-48180

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48596

These are all security issues fixed in the libIex-3 4-33-3.4.12-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-47829

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description An integer truncation in the ASN.1 decoder occurs when parsing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes in length. This issue specifically affects...

PT-2026-48218

Name of the Vulnerable Software and Affected Versions SQLite versions prior to 3.53.2 Description A heap-based buffer overflow exists in the FTS5 full-text search extension. An attacker can cause a crash or execute arbitrary code by providing a crafted database containing malicious continuation...

PT-2026-47830

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description PKCS12 file processing fails to perform sufficient input validation for files using the Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism. This allows an attacker to...

PT-2026-47856

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A heap out-of-bounds read can occur during CMS password-based decryption RFC 3211 / PWRI key unwrap when processing attacker-supplied CMS data. The issue arises in the kek unwrap key function...

PT-2026-47927

Name of the Vulnerable Software and Affected Versions Windows DWM Core Library affected versions not specified Description A use after free issue in the Windows DWM Core Library allows an authorized attacker to elevate privileges locally. Use after free is a memory corruption flaw that occurs whe...

PT-2026-47641

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...

PT-2026-47734

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected system includes a binary that is configured with the cap dac override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access...

PT-2026-47940

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

PT-2026-48302

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authorized user can cause a server crash by executing a query using a 2dsphere index on a field containing a GeoJSON GeometryCollection. The issue occurs when...

PT-2026-48151

Name of the Vulnerable Software and Affected Versions Microsoft PC Manager affected versions not specified Description Improper link resolution before file access and missing authentication for a critical function allow an authorized attacker to elevate privileges locally. Recommendations At the...

PT-2026-47912

Name of the Vulnerable Software and Affected Versions Windows Deployment Services affected versions not specified Description A use after free issue in Windows Deployment Services allows an unauthorized remote attacker to execute arbitrary code over a network, potentially affecting the entire...

PT-2026-47803

Name of the Vulnerable Software and Affected Versions Zoom Workplace versions prior to 7.0.4 for Android Zoom Workplace versions prior to 7.0.3 for iOS Description Improper authorization in the handler for custom URL schemes allows an unauthenticated user to perform an escalation of privilege via...

PT-2026-47938

Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

PT-2026-47538

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

PT-2026-48195

Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the qossetting function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48029

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

PT-2026-47736

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

PT-2026-48238

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

PT-2026-48171

A markdown based cross-site scripting XSS vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice content parameter...

PT-2026-48212

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48014

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally...

PT-2026-48170

An uncaught exception in the /application/job/update/id endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module task:job:update permission to cause a Denial of Service DoS via manipulating the func field of scheduled tasks...

PT-2026-47896

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally...