175874 matches found
PT-2026-49227
Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...
PT-2026-49231
https://t.co/EdDlGrgM8o CVE-2026-49113 cornerstone CVSS Score 8.8 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge cybe…...
PT-2026-49229
Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...
PT-2026-49195
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...
PT-2026-49210
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
PT-2026-49236
Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...
PT-2026-49221
WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...
PT-2026-49209
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...
PT-2026-49533
Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...
PT-2026-49514
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
PT-2026-49532
Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...
PT-2026-49343
Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.7.13 Description An unauthenticated PHP Object Injection exists in the software. PHP Object Injection occurs when user-supplied input is passed to the PHP unserialize function without proper validation,...
PT-2026-49531
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...
PT-2026-49520
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout = 1.8.2 versions...
PT-2026-49528
Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys e.g. via i18next-http-middleware's missingKeyHandler exposed to untrusted input. Backend.writeFile splits each queued missing-key string on the configured...
PT-2026-49534
Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read full body/3...
PT-2026-49526
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...
PT-2026-49315
An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input...
PT-2026-49313
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...
PT-2026-49271
A heap use-after-free in the gf node get tag function scenegraph/base scenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
PT-2026-49320
An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service DoS via a crafted POST request...
PT-2026-49280
A segmentation violation in the Track SetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
PT-2026-49171
A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted element is an unknown function of the file src/filters/index.js of the component Template Filter Handler. Such manipulation leads to improperly controlled modification of object prototype attributes. It is...
PT-2026-49523
Subscriber SQL Injection in WCMultiShipping = 3.0.2 versions...
PT-2026-49525
Unauthenticated Path Traversal in FastDup = 2.7.2 versions...
PT-2026-49167
A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file appmodulesmedicalportrestcontrollersPatientController.php of the component HTTP REST API. The manipulation of the argument ID results ...
PT-2026-49214
WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete backup file and download backup file parameters in tools.php. Attackers can exploit insufficient input validation...
PT-2026-49200
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...
PT-2026-49192
The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485...
PT-2026-49191
When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arbitrary code execution...
PT-2026-49196
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with a branch location, but the client IP address is derived from the HTTP...
PT-2026-49339
A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...
PT-2026-49259
Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description A flaw in the web UI of Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage allows an authenticated, remote attacker to create or overwrite any file on the underlying...
PT-2026-49264
LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...
PT-2026-49491
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
PT-2026-49521
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
PT-2026-49522
Unauthenticated Insecure Direct Object References IDOR in VikRentCar = 1.4.5 versions...
PT-2026-49519
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...
PT-2026-49515
Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...
PT-2026-49504
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...
PT-2026-49412
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...
PT-2026-49424
Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...
PT-2026-49516
Customer Privilege Escalation in Dokan = 5.0.2 versions...
PT-2026-49352
Unauthenticated Cross Site Scripting XSS in Elis WordCents adSense Widget with Analytics = 1.3.03.27 versions...
PT-2026-49455
Unauthenticated Broken Access Control in AI Product Search for WooCommerce Motive Commerce Search = 1.38.2 versions...
PT-2026-49464
Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...
PT-2026-49486
Unauthenticated Broken Access Control in TrueBooker = 1.1.9 versions...
PT-2026-49418
Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...
PT-2026-49490
Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...
PT-2026-49347
Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...