PT-2026-49165

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

PT-2026-49172

A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0. This affects an unknown function of the component utcp-gql/utcp-websocket. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may b...

PT-2026-49175

A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launche...

PT-2026-49178

A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been...

PT-2026-49174

A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit h...

PT-2026-49176

A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...

PT-2026-49177

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file duk api bytecode.c. Executing a manipulation of the argument count instr can lead to memory corruption. The attack requires local access. The exploit has been made available to...

PT-2026-49171

A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is...

PT-2026-49170

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

PT-2026-49149

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.21 Description A path traversal issue exists in the API Endpoint component. A remote attacker can manipulate the cache path relative argument within the userfiles path function of the '/api nosession/thumbnail...

PT-2026-49173

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2 Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been...

PT-2026-49163

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

PT-2026-49167

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file appmodulesmedicalportrestcontrollersPatientController.php of the component HTTP REST API. The manipulation of the argument ID results ...

PT-2026-49151

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

PT-2026-49166

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data table entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

PT-2026-49164

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

PT-2026-49150

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

PT-2026-49133

Name of the Vulnerable Software and Affected Versions nanoMODBUS versions prior to 1.23.1 Description An off-by-one buffer overflow exists in the recv msg header function of the Modbus/TCP server. Remote unauthenticated attackers can write one controlled byte beyond the 260-byte receive buffer by...

PT-2026-49144

Name of the Vulnerable Software and Affected Versions GL.iNet GL-MT3000 versions prior to 4.7 Description A command injection flaw exists in the Tor Proxy Service Configuration Handler. The issue is located within the replace country function in the /usr/lib/oui-httpd/rpc/tor library, allowing a...

PT-2026-49135

Name of the Vulnerable Software and Affected Versions LiamBindle MQTT-C versions prior to 1.1.7 Description A heap-based out-of-bounds read and integer underflow exist in the mqtt unpack publish response function within src/mqtt.c. A remote unauthenticated attacker who controls an MQTT broker or...

PT-2026-49134

Name of the Vulnerable Software and Affected Versions Linux-PAM versions prior to 1.7.3 Description A timing discrepancy exists in the pam userdb module's plaintext-password comparison path within modules/pam userdb/pam userdb.c. A local or network-adjacent attacker can recover the plaintext...

PT-2026-49110

Name of the Vulnerable Software and Affected Versions GL.iNet GL-MT3000 versions prior to 4.7 Description An issue in the Online Firmware Upgrade Handler component allows for remote command injection via the /usr/bin/one click upgrade file. Command injection is a flaw that allows an attacker to...

PT-2026-49140

https://t.co/ZOGahg11lj CVE-2026-49082 chatway-live-chat CVSS Score 4.3 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity at…...

PT-2026-49136

driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle 0x27 SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a...

PT-2026-49115

https://t.co/RAZnKBCICk CVE-2026-49104 cf7-infusionsoft CVSS Score 8.1 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomic…...

PT-2026-49114

https://t.co/10sEWRUxJA CVE-2026-49081 user-registration-stripe CVSS Score 5.3 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking …...

PT-2026-49142

https://t.co/ZpNU5whYl0 CVE-2026-49766 wp-user-manager CVSS Score 8.1 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomice…...

PT-2026-49141

https://t.co/6mAVIoxHog CVE-2026-49083 latepoint CVSS Score 8.8 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge cybersec…...

PT-2026-49107

https://t.co/IW3KHXK4Hc CVE-2026-49085 cf7-insightly CVSS Score 8.1 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge …...

PT-2026-49139

https://t.co/JGfJRrFLp3 CVE-2026-49079 jet-search CVSS Score 7.5 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge cyber…...

PT-2026-49117

https://t.co/48KSBDojzs CVE-2026-9691 cf7-active-campaign CVSS Score 8.1 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity at…...

PT-2026-49112

Name of the Vulnerable Software and Affected Versions GALAYOU Y4 version 1.0.0 Description A buffer overflow occurs in the Web Server component due to the manipulation of an unknown function. This issue is exploitable only within the local network. Recommendations At the moment, there is no...

PT-2026-49116

https://t.co/vJsFa6H0jX CVE-2026-49112 shared-files CVSS Score 5.3 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge …...

PT-2026-49113

Name of the Vulnerable Software and Affected Versions VS Revo RevoUninstaller versions 2.5.x through 2.6.x Description A heap-based buffer overflow exists in the IOCtl Handler function within the RevoDetector.sys library of the IOCTL Handler component. This issue requires local access to be...

PT-2026-49138

We have just added an important vulnerability affecting Yealink SIP-T46U CVE-2026-12222 https://t.co/x4Ur9ZbUqm...

PT-2026-49137

The severity is increased for this new vulnerability affecting Yealink SIP-T46U CVE-2026-12221 https://t.co/oQ62lCuBBZ...

PT-2026-49148

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

PT-2026-49105

In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information such as iSCSI credentials. The PATCH outcome is a security issue; the POST outcome is not a security issue...

PT-2026-49109

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in make filehandle. Config::IniFiles:: make filehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd",...

PT-2026-49106

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

PT-2026-49104

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

PT-2026-49111

A new vulnerability with increased severity was disclosed for Comma AI Openpilot CVE-2026-12191 https://t.co/PFz30AwDSj...

PT-2026-49145

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/grit entity controller.rb of the component GritEntityController. Performing a manipulation results in sql injection. T...

PT-2026-49146

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

PT-2026-49169

https://t.co/wj4EqkT3J3 CVE-2026-49078 wp-travel-engine CVSS Score 5.3 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity ato…...

PT-2026-49147

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

PT-2026-49168

runc shipped 1.4.3, 1.3.6, and 1.5.0-rc.3 on June 13, all fixing CVE-2026-41579: a container image with a /dev symlink could get limited write access to the host filesystem. Low severity, but it sits in rootfs setup. How fast do low-sev runtime CVEs move through your pipeline?...

PT-2026-49143

https://t.co/fv3edYsdpW CVE-2026-8385 wp-google-maps CVSS Score 5.3 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomiced…...

PT-2026-49102

CVE-2025-55642 CVE-2025-55642 https://t.co/tMqpcm5EoF Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd...

PT-2026-49118

These are all security issues fixed in the python311-tornado6-6.5.7-1.1 package on the GA media of openSUSE Tumbleweed...