184710 matches found
PT-2026-55991
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when the system attempts to allocate memory with sizes that exceed the maximum allowed value. Recommendations At the moment, there is no...
PT-2026-55976
Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.20.0 through 4.10.x Description OP-TEE is a Trusted Execution Environment TEE designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. A flaw in the subkey rollback...
PT-2026-55921
Recent FreeBSD security advisories detail severe flaws like CVE-2026-49420, CVE-2026-49429, and CVE-2026-49422. Patch immediately to stop attacks. FreeBSD Vulnerability CyberSecurity CVE202649420 https://t.co/WU1wVjaCN3...
PT-2026-55968
Name of the Vulnerable Software and Affected Versions ArcGIS Server versions prior to 12.0 Description An unrestricted file upload issue exists where an unauthenticated attacker can upload a crafted file to the affected endpoint. This could allow for arbitrary file upload, potentially enabling...
PT-2026-55938
Name of the Vulnerable Software and Affected Versions ownCloud Core versions prior to 10.15.3 Description The Updater component of the server-side file storage, synchronization, and sharing application contains an exposed dangerous method or function. Attackers with administrative privileges can...
PT-2026-55939
Name of the Vulnerable Software and Affected Versions SharePoint for ownCloud versions prior to 0.4.1 ownCloud 10 versions prior to 10.15.3 Description An attacker with administrative privileges can exploit a Server-Side Request Forgery SSRF in the SharePoint app to execute arbitrary code on the...
PT-2026-55904
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection issue exists in the Apache Camel IRC component due to improper input validation and...
PT-2026-55906
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection and authorization bypass issue exists in the Apache Camel Salesforce component. The...
PT-2026-55913
Name of the Vulnerable Software and Affected Versions Red Hat Advanced Cluster Security for Kubernetes affected versions not specified Description Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send...
PT-2026-55902
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel JIRA component allows for authorization bypass. The...
PT-2026-55941
Name of the Vulnerable Software and Affected Versions Anti-Virus for ownCloud versions prior to 1.2.3 ownCloud 10 versions prior to 10.15.3 Description Anti-Virus for ownCloud is an anti-virus application used for file storage, synchronization, and sharing. The application is susceptible to...
PT-2026-55863
The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...
PT-2026-55881
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.18.2 Description An argument injection issue exists in the Apache Camel Docling component. The component uses java.lang.ProcessBuilder to execute the external docling command-line tool. When custom CLI...
PT-2026-55901
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel DNS component leads to Server-Side Request Forgery SSR...
PT-2026-55893
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...
PT-2026-55888
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.3.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the camel-elasticsearch-rest-client component allows for authorization...
PT-2026-55971
Name of the Vulnerable Software and Affected Versions OpenAI Codex for macOS affected versions not specified Description The desktop application renders remote images from Markdown within model responses. An attacker can use indirect prompt injection—a technique where malicious instructions are...
PT-2026-56018
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in its mount method, allowing non-admin users to access the Updates settings page and potentially...
PT-2026-56059
Summary The fix for CVE-2026-40882 addressed only the Velbus asset import handler. The KNX asset import handler KNXProtocol processes user-uploaded ETS project ZIP files through Saxon XSLT and XMLInputFactory.newInstance with no XXE protection, allowing any authenticated user to read arbitrary...
PT-2026-55997
Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.24.0 Description A flaw in the rejection sampler during multi-request speculative decoding workloads allows the production of a recovered token equal to the model vocabulary size boundary value. This value is converted...
PT-2026-55896
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.10.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description An issue exists in the Apache Camel Neo4J component where the producer builds the Cypher WHERE clau...
PT-2026-55910
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...
PT-2026-55919
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...
PT-2026-55897
Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...
PT-2026-55920
Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...
PT-2026-55918
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...
PT-2026-55936
Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw exists in the PNM file format parser where the pnmscanner gettoken function contains an off-by-one error in its loop boundary check. When processing a specially crafted PNM file, the...
PT-2026-56055
Summary The SQLite databases are created at predictable static paths in /tmp. Any user can therefore create a symlink at these paths in /tmp pointing to arbitrary files. The monitoring scripts then follows these symlinks and then creates their database at the symlink target. This becomes really...
PT-2026-56088
Summary flyto-core's SSRF protection validate url ssrf / is private ip in src/core/utils.py blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded PRIVATE IP RANGES list. That list contains only the native RFC 1918 / loopback /...
PT-2026-55922
Recent FreeBSD security advisories detail severe flaws like CVE-2026-49420, CVE-2026-49429, and CVE-2026-49422. Patch immediately to stop attacks. FreeBSD Vulnerability CyberSecurity CVE202649420 https://t.co/WU1wVjaCN3...
PT-2026-55855
Name of the Vulnerable Software and Affected Versions Formbricks version 5.0.0 Description Improper access controls exist within the Survey Handler component, specifically affecting a function in the apps/web/modules/survey/link/actions.ts file. This flaw allows for remote exploitation...
PT-2026-56032
Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The PayPalEmail payment adapter fails to validate the amount supplied via PayPal IPN Instant Payment Notification callbacks, specifically the mc gross variable, against the actual invoice total...
PT-2026-56081
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The AgentLogLine dashboard component uses the ansi-to-html library without the escapeXML: true setting and...
PT-2026-56082
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The subdomain-based workspace app proxy allows a bypass of the same-owner Cross-Origin Resource Sharing CO...
PT-2026-55993
Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon affected versions not specified Description Memory corruption occurs when updating prepared commands using invalid port indices derived from user space input that exceed the supported read client limits. Recommendations At...
PT-2026-55994
Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon affected versions not specified Description Memory corruption occurs when processing invalid HT40 channel layouts during dynamic channel switching operations. HT40 refers to a High Throughput mode in wireless networking tha...
PT-2026-55974
Name of the Vulnerable Software and Affected Versions OP-TEE versions 4.5.0 through 4.10.x Description The RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver uses a non-constant-time memcmp function for label hash verification and contains multiple distinguishable error...
PT-2026-56010
Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.0 through 0.7.2 Description An unauthenticated payment bypass exists in the IPN callback endpoint /ipn.php. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit the...
PT-2026-56005
Name of the Vulnerable Software and Affected Versions Terraform Enterprise versions prior to 2.0.4 Terraform Enterprise versions prior to 1.2.4 Description An issue exists in the version control system VCS ingestion of registry modules where the intended boundary on packaged module content is not...
PT-2026-55972
Name of the Vulnerable Software and Affected Versions OP-TEE versions 4.5.0 through 4.10.x Description The RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses a non-constant-time memcmp function for label hash verification and contains multiple distinguishable error paths...
PT-2026-56013
Name of the Vulnerable Software and Affected Versions showdown affected versions not specified Description An issue exists in metadata title handling that allows the injection of arbitrary HTML and JavaScript. When the completeHTMLDocument option is enabled, unescaped less-than and greater-than...
PT-2026-55959
Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.10.0 through 4.10.x Description OP-TEE is a Trusted Execution Environment TEE designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. An unbounded recursion can cause the...
PT-2026-56019
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated user with permissions to add file storage can execute arbitrary commands when storage is saved. This occurs because the LocalFileVolume::saveStorageOnServer function...
PT-2026-55950
Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support and Privileged Remote Access versions prior to 26.2.1 BeyondTrust Remote Support and Privileged Remote Access versions prior to 25.3.3 Description A critical pre-authentication flaw exists in the authentication...
PT-2026-55973
Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.9.0 through 4.10.x Description The RSA-OAEP decryption implementation in the NXP CAAM crypto driver uses a non-constant-time memcmp function for label hash verification and contains multiple distinguishable error paths. This...
PT-2026-56072
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description The tailnet coordinator fails to validate that an agent's AllowedIPs derive from its authenticated UUID,...
PT-2026-55894
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel Lucene Component allows for authorization bypass throu...
PT-2026-55892
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the camel-nats component allows a client to inject arbitrary Camel...
PT-2026-56062
SQLChatAgent validate query dangerous-pattern regex is bypassable via quoted/commented/qualified function names Summary The SQLChatAgent SQL-injection mitigation, with default allow dangerous operations=False, combines a raw-text regex blocklist DANGEROUS SQL PATTERNS with a sqlglot SELECT-only...
PT-2026-56015
Name of the Vulnerable Software and Affected Versions Leantime affected versions not specified Description An OIDC login CSRF issue exists in the verifyState function, which unconditionally returns true without validating state parameters. This allows attackers to craft malicious callback URLs...