184508 matches found
PT-2026-55613
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description An integer overflow or wraparound occurs, which allows an unauthorized attacker to execute arbitrary code over a network. An integer overflow happens when an arithmetic...
PT-2026-55575
webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...
PT-2026-55591
Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...
PT-2026-55502
Name of the Vulnerable Software and Affected Versions IMS affected versions not specified Description An out-of-bounds read occurs due to a missing bounds check. This flaw allows a remote attacker to cause a denial of service, which is a condition where the system becomes unavailable to its...
PT-2026-55582
Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description An authorization bypass exists in the POST Handler component. Remote exploitation is possible by manipulating the ID variable within the...
PT-2026-55548
Name of the Vulnerable Software and Affected Versions FreeIPA ipa-otpd daemon affected versions not specified Description Two off-by-one errors exist in the OAuth2 device authorization handler of the ipa-otpd daemon. These errors can lead to out-of-bounds memory access when the daemon processes a...
PT-2026-55650
Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp versions prior to 6.0.6 Description A heap-based buffer overflow occurs in the CSM File Handler component. The issue resides in the Assimp::CSMImporter::InternReadFile function within the...
PT-2026-55639
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description An issue exists where external control of a file name or path allows an unauthorized attacker to execute code over a network. Recommendations At the moment, there is no...
PT-2026-55444
Name of the Vulnerable Software and Affected Versions AR for WordPress versions prior to 8.41 Description An unauthenticated directory traversal flaw exists in the file handling logic of the plugin. The issue occurs when the public AJAX functionality accepts a user-controlled file parameter witho...
PT-2026-55508
Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.57 Description Stored Cross-Site Scripting occurs when the plugin fails to properly escape output in the getCommentAuthor function. This happens because the comment author url value, provided in the guest comment...
PT-2026-55443
Name of the Vulnerable Software and Affected Versions Cookie Banner for GDPR / CCPA – WPLP Cookie Consent versions prior to 4.3.6 Description This issue is a generic SQL Injection, which occurs when an application fails to properly sanitize user input, allowing an attacker to interfere with the...
PT-2026-55586
Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description A remote manipulation issue exists in the processing logic that leads to session fixation, a condition where an attacker can hijack or predetermin...
PT-2026-55651
Name of the Vulnerable Software and Affected Versions DeepMyst Mysti versions prior to 0.4.0 Description Remote manipulation of the workspacePath argument within the initProjectMemory function, located in the src/managers/MemoryManager.ts file of the Per-Project Auto-Memory Handler component, can...
PT-2026-55628
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper access control allows an unauthorized attacker to perform spoofing over a network. Recommendations At the moment, there is no information about a newer version...
PT-2026-55524
Name of the Vulnerable Software and Affected Versions Eclipse Theia versions 1.26.0 and later Description The backend /services/request-service RPC accepts a URL controlled by an attacker from any client connected to the standard /services messaging endpoint. The server performs the HTTP request...
PT-2026-55501
Name of the Vulnerable Software and Affected Versions Printcart Web to Print Product Designer for WooCommerce versions prior to 2.5.3 Description Insufficient path validation in the store design data function allows unauthenticated attackers to delete arbitrary files on the server. The issue occu...
PT-2026-55654
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated Regular Expression Denial of Service ReDoS exists due to improper pattern matching within the CODEOWNERS file processing. This allows a remote...
PT-2026-55634
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A use after free issue exists that allows an unauthorized attacker to execute arbitrary code over a network. Use after free is a memory corruption flaw that occurs when ...
PT-2026-55646
Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description An absolute path traversal issue exists that allows an unauthorized attacker to disclose information locally. Path traversal is a flaw that allows an attacker to access fil...
PT-2026-55549
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An issue in the administrative interface occurs when Fine-Grained Admin Permissions FGAP v2 are enabled. An administrator with permission to view a specific role can access a list of all...
PT-2026-55542
Name of the Vulnerable Software and Affected Versions pardus-software versions prior to 1.0.5 Description Improper neutralization of argument delimiters in a command allows for argument injection. This occurs when the software fails to properly sanitize input used as command-line arguments,...
PT-2026-55590
Name of the Vulnerable Software and Affected Versions Gitea version 1.26.2 Description Fork synchronization continues even after a parent repository is changed from public to private. This behavior allows a fork to maintain access and synchronize data from a repository that should no longer be...
PT-2026-55544
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain LTS2026 release versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain LTS2025 release versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data...
PT-2026-55500
Name of the Vulnerable Software and Affected Versions JSON API User versions prior to 4.1.1 Description The JSON API User plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the post comment function fails to properly sanitize input, allowing the comment content...
PT-2026-55441
Name of the Vulnerable Software and Affected Versions weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot versions prior to 2.3.1 Description Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access and above to perform...
PT-2026-55616
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A use after free issue exists that allows an unauthorized attacker to execute arbitrary code over a network. Use after free is a memory corruption flaw that occurs when ...
PT-2026-55594
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Improper path resolution occurs during the generation of template repositories. This allows template processing to read or write data through symlinks or other non-regular paths, potentially leading t...
PT-2026-55595
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software fails to scope the lookup of tracked-time entries to the specific issue provided in the request URL when searching by time ID. This flaw allows an attacker to attempt the deletion of time...
PT-2026-55592
Name of the Vulnerable Software and Affected Versions Gitea version 1.26.2 Description Unauthorized users can access labels associated with private organizations. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-2026-55656
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authentication bypass exists when using a malformed SSH sub-verb during LFS Large File Storage operations. This flaw allows unauthorized read access to privat...
PT-2026-55528
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55533
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain LTS2026 release versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain LTS2025 release versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data...
PT-2026-55625
Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
PT-2026-55499
Name of the Vulnerable Software and Affected Versions MotoPress Appointment Booking versions prior to 2.4.5 Description The plugin contains an authorization bypass issue allowing unauthenticated users to modify booking details. The POST /motopress/appointment/v1/bookings endpoint is accessible to...
PT-2026-55522
Name of the Vulnerable Software and Affected Versions RTMKit versions prior to 2.0.8 Description The RTMKit rometheme-for-elementor plugin for WordPress contains a Local File Inclusion flaw. This occurs because the render templates AJAX endpoint does not properly validate the template parameter...
PT-2026-55520
Name of the Vulnerable Software and Affected Versions Destekz versions through 02062026 Description An SQL injection issue exists where user input is passed into database queries without proper sanitization. This allows a remote, unauthenticated attacker to inject arbitrary SQL commands over the...
PT-2026-55504
Name of the Vulnerable Software and Affected Versions Apache Lucene.Net.Replicator versions 4.8.0-beta00005 through 4.8.0-beta00017 Description A path traversal issue exists in the Lucene.Net.Replicator library due to improper input validation and sanitization of filesystem paths. This allows...
PT-2026-55497
Name of the Vulnerable Software and Affected Versions Ultimate Member versions prior to 2.11.5 Description The Ultimate Member plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because of insufficient input sanitization and output escaping when handling the about me...
PT-2026-55627
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Server-side request forgery SSRF allows an unauthorized attacker to perform spoofing over a network. SSRF is a flaw where an attacker can induce the server-side...
PT-2026-55540
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain LTS2026 release versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain LTS2025 release versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data...
PT-2026-55506
The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, 2.0.7 This is due to insufficient output escaping on the 'background text heading' setting in the render function, which...
PT-2026-55534
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain LTS2026 release versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain LTS2025 release versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data...
PT-2026-55498
Name of the Vulnerable Software and Affected Versions CM Business Directory versions prior to 1.5.8 Description Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access and above to perform Stored Cross-Site Scripting. This occurs when...
PT-2026-55492
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...
PT-2026-55615
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting XSS, a condition where malicious scripts are injected into trusted websites. Th...
PT-2026-55611
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A heap-based buffer overflow occurs when a program writes more data to a heap memory block than it can hold, potentially corrupting memory. This flaw allows an...
PT-2026-55644
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting XSS, a condition where malicious scripts are injected into trusted websites. Th...
PT-2026-55526
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55515
Name of the Vulnerable Software and Affected Versions Dell Client Platform BIOS affected versions not specified Description An authentication bypass exists that allows an unauthenticated attacker with physical access to the system to potentially exploit the flaw, resulting in information...
PT-2026-55580
Name of the Vulnerable Software and Affected Versions RT-Thread versions prior to 5.0.3 Description A stack-based buffer overflow occurs in the SWM341 CAN Handler component within the CAN Receive function located in the bsp/synwit/libraries/SWM341 CSL/CMSIS/DeviceSupport/SWM341.h library. This...