184508 matches found
PT-2026-55693
myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v ftp user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in...
PT-2026-55740
Name of the Vulnerable Software and Affected Versions code-projects Online Job Portal version 1.0 Description A remote SQL injection exists in the login.php file. This occurs when the txtUser and txtPass arguments are manipulated, allowing an attacker to interfere with the database queries...
PT-2026-55733
Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An issue exists in the /admin/mensproductdeletequery.php file where improper handling of the user id variable allows for SQL injection. This allows a remote attacker t...
PT-2026-55737
Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description An SQL injection flaw exists in the Database Query Handler component due to improper processing of the /lecturer/marking-scheme.php endpoint. A remote attacker can exploit this by...
PT-2026-55699
In the Linux kernel, the following vulnerability has been resolved: af unix: Set gc in progress to true in unix gc. Igor Ushakov reported that unix gc could run with gc in progress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -------- -------- -------- unix...
PT-2026-55678
picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...
PT-2026-55720
Name of the Vulnerable Software and Affected Versions kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7 Description A remote attack can be initiated through the manipulation of the shopping cart argument in the getCartItems function within the...
PT-2026-55707
Name of the Vulnerable Software and Affected Versions ForceInjection AI-fundermentals versions 2.0 through 3.0 Description The Memory Recall Handler component contains an issue within the get conversation history function located in the 08 agentic system/memory/langchain/code/smart customer...
PT-2026-55736
Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description Cross site scripting occurs due to the manipulation of the ID argument within the '/admin/remove-user.php' endpoint. This issue allows a remote attacker to execute malicious scripts i...
PT-2026-55725
Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description Remote SQL injection is possible due to improper handling of the ID argument within the /edit class2.php endpoint. SQL injection is a technique where an attacker inserts...
PT-2026-55674
picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...
PT-2026-55689
Name of the Vulnerable Software and Affected Versions jairiidriss restaurant-website-php-mysql versions up to 521428b5b612449df0cf4a5d15ee40cba67f3d35 Description A missing authentication flaw exists in the AJAX Endpoint component. A remote attacker can manipulate the '/admin/ajax files' endpoint...
PT-2026-55698
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM SEV implementation where the software scratch area is not required to reside in the GHCB shared buffer when GHCB v2+ is used. This allows a malicious SNP guest...
PT-2026-55739
Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A remote SQL injection exists in the /patientappointment.php file. This occurs when the patiente argument is manipulated, allowing an attacker to execute arbitrary SQL commands on...
PT-2026-55705
Name of the Vulnerable Software and Affected Versions Trail of Bits fickling versions prior to 0.1.12 Description An issue exists where the UnsafeImportsML analysis pass unconditionally calls the AnalysisContext.shorten codenode function on every import node. This action populates a shared...
PT-2026-55684
A vulnerability was detected in Open5GS up to 2.7.7. Affected by this vulnerability is the function amf nnrf handle nf discover of the file src/amf/nnrf-handler.c of the component AMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public an...
PT-2026-55727
A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test input of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible t...
PT-2026-55694
A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui gateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released t...
PT-2026-55687
A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...
PT-2026-55745
Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.07.04 Description Improper sanitization of output when using the --write-link option allows for downstream command injection. This occurs because shortcut file data is not properly validated and sanitized before...
PT-2026-55710
A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MY Controller.php of the component Subscribed Emails Admin Page. Such manipulatio...
PT-2026-55708
A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MY Controller.php of the component Trusted Backend Interface. The manipulation of the argument...
PT-2026-55728
Name of the Vulnerable Software and Affected Versions code-projects Online Voting System version 1.0 Description A remote SQL injection is possible through the manipulation of the voterName, voterEmail, voterID, or selectedCandidate variables within the test input function of the '/saveVote.php'...
PT-2026-55711
A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Multi-Image Endpoint. Performing ...
PT-2026-55692
Name of the Vulnerable Software and Affected Versions omec-project amf versions 2.0.2 and 2.1.1 Description A remote manipulation of the NGSetupRequest Handler component within the file /go/src/amf/ngap/handler.go can lead to a denial of service. Recommendations For versions 2.0.2 and 2.1.1, depl...
PT-2026-55680
picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...
PT-2026-55696
Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.31 Description A weakness in the HTTP API component allows a remote attacker to cause a denial of service. The issue exists within the AIAgent.run conversation function located in the run...
PT-2026-55666
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect malicious pickle files that utilize the runcode function within the idlelib.run.Executive class inside reduce methods. This allows attackers to embed hidden code in...
PT-2026-55730
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation. When...
PT-2026-55668
picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck. main .run autograd prof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...
PT-2026-55701
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. This occurs when consent...
PT-2026-55672
picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...
PT-2026-55718
Name of the Vulnerable Software and Affected Versions Plack::Middleware::OAuth versions prior to 0.11 Description Plack::Middleware::OAuth for Perl fails to support the OAuth 2.0 state parameter. The RequestTokenV2 function builds the provider authorization redirect without issuing a state value,...
PT-2026-55683
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...
PT-2026-55723
A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit ha...
PT-2026-55702
A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter. is allowed user of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack ca...
PT-2026-55741
Name of the Vulnerable Software and Affected Versions HdrHistogram versions prior to 2.2.3 Description An issue exists in the decodeFromCompressedByteBuffer function within the org.HdrHistogram.AbstractHistogram class. Local manipulation of the lengthOfCompressedContents argument can lead to...
PT-2026-55719
Name of the Vulnerable Software and Affected Versions Dancer2::Plugin::Auth::OAuth::Provider versions prior to 0.23 Description The software fails to support the OAuth 2.0 state parameter. The authentication url method creates a provider authorization redirect without a state value, and the...
PT-2026-55691
Name of the Vulnerable Software and Affected Versions omec-project amf versions prior to 2.1.2 Description A remote manipulation of the RRCInactiveTransitionReport function within the NGAP Message Handler component can lead to a denial of service. Recommendations Apply patch...
PT-2026-55685
PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations...
PT-2026-55724
Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit course.php endpoint where manipulation of the ID variable allows for remote SQL injection. SQL injection is a technique where malicious SQL...
PT-2026-55738
Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description An issue exists in the /lecturer/marking-scheme.php file where improper handling of the smarksrange variable allows for remote SQL injection. SQL injection is a technique where an...
PT-2026-55686
Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A flaw in the /medicine.php file allows for remote exploitation via SQL injection. This occurs when the editid variable is manipulated, potentially allowing an attacker to interfe...
PT-2026-55742
A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory...
PT-2026-55688
3 CVEs in spice-vdagent macOS/BSD, session info create returns NULL without systemd-logind... so auth just gets skipped entirely. Any local process connects as trusted agent. The "if auth fails, don't auth" classic 😂 + heap overflow via integer wraparound + path traversal: malicious host writes...
PT-2026-55703
A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit i...
PT-2026-55732
Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An SQL injection issue exists in the Admin Login component within the /admin/login.php endpoint. The flaw allows remote attackers to manipulate the Username variable t...
PT-2026-55700
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ip6 append data function during the paged-allocation process triggered by MSG MORE, NETIF F SG, or large fragment lengths. When fraggap is non-zero and the...
PT-2026-55704
Name of the Vulnerable Software and Affected Versions Trail of Bits fickling versions 0.1.10 and earlier Description An improper input validation issue exists in the denylist logic used to analyze pickle opcode imports. The UNSAFE IMPORTS denylist in fickle.py fails to include critical Python...
PT-2026-55513
Name of the Vulnerable Software and Affected Versions The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x versions prior to 2.2.15 Description Unauthenticated attackers can execute arbitrary shortcodes because the software fails to properly validate a value before running the...