PT-2026-48274

Name of the Vulnerable Software and Affected Versions Adobe Campaign Classic ACC versions prior to 7.4.3 build 9395 Description A Server-Side Request Forgery SSRF issue exists where the server can be coerced into making unauthorized requests. This can lead to privilege escalation or arbitrary cod...

PT-2026-47684

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the six storage get user info and six storage update profile AJAX actions. This is due to the six storage getUserInfo...

PT-2026-47689

A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the...

PT-2026-47637

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotes options subpanel function. This makes it possible for unauthenticated attackers to update...

PT-2026-48211

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48190

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48185

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wl radio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48067

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

PT-2026-48051

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

PT-2026-48082

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

PT-2026-48194

Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the SafeMacFilter function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48207

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48084

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

PT-2026-48095

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

PT-2026-48073

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

PT-2026-48075

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier Description A DOM-based Cross-Site Scripting XSS issue exists where an attacker can manipulate the Document Object Model DOM environment to execute malicious JavaScript in...

PT-2026-48069

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...

PT-2026-48215

Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...

PT-2026-47985

Name of the Vulnerable Software and Affected Versions Windows Ancillary Function Driver for WinSock affected versions not specified Description A use after free issue in the afd.sys driver allows an authorized attacker to perform a local elevation of privilege. Use after free is a memory corrupti...

PT-2026-48275

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

PT-2026-48191

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-47987

Name of the Vulnerable Software and Affected Versions Windows Ancillary Function Driver for WinSock affected versions not specified Description A use-after-free issue in the Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Use-after-free i...

PT-2026-47728

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions, SIPROTEC 5 6MD89 CP300 All versions, SIPROTEC 5 6MU85 CP300 All versions,...

PT-2026-47919

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally...

PT-2026-48321

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

PT-2026-47725

Name of the Vulnerable Software and Affected Versions Prime Elementor Addons versions prior to 1.3.4 Description Insufficient input sanitization and output escaping in the Widget HTML Tag Settings allow authenticated attackers with contributor-level access or higher to perform Stored Cross-Site...

PT-2026-48261

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 through 26.001.21651 Description A heap-based buffer overflow occurs when a program writes more data to a heap-allocated memory block than it can hold. This issue could result in arbitrary code execution in...

PT-2026-48262

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 and 26.001.21651 and earlier Description A Use After Free issue exists where the software continues to use a memory pointer after it has been freed. This could result in arbitrary code execution in the...

PT-2026-48258

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions prior to 26.001.21652 Description An integer overflow or wraparound occurs when an application attempts to store a numeric value that is too large for the allocated memory space, causing the value to wrap around to a...

PT-2026-47766

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space id parameter. Attackers can send GET requests to the booking-page endpoint with...

PT-2026-48058

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...

PT-2026-47696

DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-47920

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally...

PT-2026-47898

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

PT-2026-48246

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 through 26.001.21651 Description A Use After Free issue exists in the font handling component, which could lead to arbitrary code execution in the context of the current user. This occurs when a victim open...

PT-2026-47662

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

PT-2026-47665

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

PT-2026-47651

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

PT-2026-48299

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A flaw in the BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The issue stems from uncontrolled mutual recursio...

PT-2026-47673

The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping in the rxstg shortcode function, which...

PT-2026-48044

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A DOM-based Cross-Site Scripting XSS issue allows an attacker to execu...

PT-2026-48112

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. Secure Boot is a security standard that ensures a device boots using...

PT-2026-47533

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

PT-2026-47791

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the DAMON Data Access MONitor subsystem allows the use of unaligned region address ranges. This occurs because the sysfs interface can emit a min region sz value that is not a...

PT-2026-47937

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network...

PT-2026-47946

Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally...

PT-2026-47950

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

PT-2026-47967

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...

PT-2026-47936

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...

PT-2026-47536

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...