184508 matches found
PT-2026-55589
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software lacks validation constraints for fields used during repository creation. This includes a lack of length limits for template fields and missing validation for trust model or object format...
PT-2026-55602
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.3 Description Repository RSS and Atom feed endpoints bypass API access token scope checks. This allows tokens that lack the necessary repository scope to access commit data from private repositories. Recommendation...
PT-2026-55597
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software fails to correctly persist the OAuth2 PKCE S256 challenge method during the authorization process. This flaw allows for token exchange without the required verifier check. PKCE Proof Key...
PT-2026-55598
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description LFS push and sync mirror operations do not utilize the migration HTTP transport. This behavior allows LFS requests to bypass the configured migration transport protections. Recommendations Update Gite...
PT-2026-55609
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A spoofing issue exists in Microsoft Edge Chromium-based, which could allow an attacker to impersonate a trusted entity or website to deceive users. Recommendations At t...
PT-2026-55521
Name of the Vulnerable Software and Affected Versions Destekz versions through 02062026 Description Improper neutralization of input during web page generation allows Reflected Cross-Site Scripting XSS, a flaw where malicious scripts are reflected off a web application to the victim's browser...
PT-2026-55653
Name of the Vulnerable Software and Affected Versions Notification API affected versions not specified Description The Notification API leaks private issue metadata after access has been revoked. Recommendations At the moment, there is no information about a newer version that contains a fix for...
PT-2026-55635
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based versions prior to 150.0.4078.48 Description A type confusion flaw occurs when a program accesses a resource using an incompatible type. In Microsoft Edge Chromium-based, this issue allows an unauthorized attacker ...
PT-2026-55660
Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.31 Description An issue exists in the Streaming Reasoning Tag Filter component within the GatewayStreamConsumer. filter and accumulate function located in the gateway/stream consumer.py file...
PT-2026-55547
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55511
⚠️⚠️ CVE-2026-57149 CVSS 9.9 + CVE-2026-55247 CVSS 9.1 + CVE-2026-55248 CVSS 9.1: Plone patch bundle — Classic portlet TALES injection to RCE auth + portlet mgmt required plus https://t.co/LxbkPExsow.event DoS/SSRF/XSS issues. 🔗FOFA Link: https://t.co/t449MXCZyx 🎯17.7K+ Results are found on...
PT-2026-55606
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software uses release tag names and asset names as filesystem path components during the process of dumping release assets. This behavior allows specially crafted names to manipulate the resulting...
PT-2026-55535
Name of the Vulnerable Software and Affected Versions Net::IP::LPM versions prior to 1.11 Description An issue exists where a heap out-of-bounds read can occur due to an unbounded prefix length. The add function passes a prefix string to the addPrefixToTrie function without verifying it against t...
PT-2026-55541
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55655
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper authorization occurs during the OAuth sign-in callback process, which allows accounts that were previously disabled by an administrator to be silently...
PT-2026-55510
⚠️⚠️ CVE-2026-57149 CVSS 9.9 + CVE-2026-55247 CVSS 9.1 + CVE-2026-55248 CVSS 9.1: Plone patch bundle — Classic portlet TALES injection to RCE auth + portlet mgmt required plus https://t.co/LxbkPExsow.event DoS/SSRF/XSS issues. 🔗FOFA Link: https://t.co/t449MXCZyx 🎯17.7K+ Results are found on...
PT-2026-55537
Name of the Vulnerable Software and Affected Versions Prospero Flow CRM versions prior to 5.5.3 Description An authorization bypass exists in the CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php via the GET '/calendar/event/delete/id' endpoint. A remot...
PT-2026-55640
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A use after free issue exists that allows an unauthorized attacker to execute arbitrary code over a network. Use after free is a memory corruption flaw that occurs when ...
PT-2026-55610
Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Edge Chromium-based allows an authorized attacker to disclose information locally...
PT-2026-55642
Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description An issue in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. Recommendations At the moment, there is no...
PT-2026-55596
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software does not consistently enforce the expiry and single-use requirement of OAuth2 authorization codes during the token exchange process. OAuth2 is a standard for access delegation, allowing...
PT-2026-55648
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting XSS, a condition where malicious scripts are injected into trusted websites. Th...
PT-2026-55507
Name of the Vulnerable Software and Affected Versions resource api versions 1.5.0 through 1.9.1 resource api version 2.0.0 Puppet Core versions prior to 8.20.0 Puppet Enterprise 2023.8 versions prior to 2023.8.10 Puppet Enterprise 2025 versions prior to 2025.11.0 Description The resource api does...
PT-2026-55577
Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp versions prior to 6.0.5 Description A double free issue exists in the PLY Model Handler component within the Assimp::Exporter::ExportToBlob function located in the code/AssetLib/Ply/PlyLoader.cpp file. This fla...
PT-2026-55603
Name of the Vulnerable Software and Affected Versions Gitea version 1.25.5 Description The software caches a branch-specific write-permission result across multiple refs during a single pre-receive hook session. This behavior allows a user with a per-branch maintainer-edit grant to reuse that...
PT-2026-55523
Name of the Vulnerable Software and Affected Versions Eclipse Theia versions 1.8.1 and later Description The browser backend exposes privileged terminal RPC over WebSocket endpoints '/services/shell-terminal' and '/services/terminals/:id' without service-level authentication. The WebSocket origin...
PT-2026-55601
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Draft release data or attachments can be accessed by users who do not possess the necessary write permissions. Recommendations Update to version 1.25.5 or later...
PT-2026-55529
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55536
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55545
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55546
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain LTS2026 release versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain LTS2025 release versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data...
PT-2026-55538
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55496
Name of the Vulnerable Software and Affected Versions AR for WooCommerce versions prior to 8.41 Description The plugin is subject to Directory Traversal, allowing unauthenticated attackers to read arbitrary files on the server that may contain sensitive information. This is possible via the file...
PT-2026-55494
Name of the Vulnerable Software and Affected Versions Ninja Forms - File Uploads versions prior to 3.3.30 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attackers to read all...
PT-2026-55584
New one on the board: CVE-2026-59185. Found an IDOR in https://t.co/wRdLpTtMzO where you could claim someone else's GitHub App install just by sending its id. server never checked ownership. Fixed + credited. appsec research infosec https://t.co/IsUHJTv4aK...
PT-2026-55491
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...
PT-2026-55583
IBM i Transport Layer Security TLS has a vulnerability related to the selection of a less-secure algorithm during negotiation, identified as CVE-2026-4942. Vulnerability Details - CVEID: CVE-2026-4942 - Description: IBMi could allow a remote attacker to send a specifically crafted message,...
PT-2026-55518
Name of the Vulnerable Software and Affected Versions GenerateBlocks versions prior to 2.2.2 Description The GenerateBlocks plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-lev...
PT-2026-55620
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A use after free issue exists in Microsoft Edge Chromium-based. This flaw allows an unauthorized attacker to execute arbitrary code over a network. Use after free is a...
PT-2026-55652
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Server-Side Request Forgery SSRF occurs during the repository migration process via HTTP Redirect. SSRF is a flaw that allows an attacker to induce the...
PT-2026-55638
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper input validation allows an unauthorized attacker to execute code over a network. Recommendations At the moment, there is no information about a newer version th...
PT-2026-55622
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A relative path traversal issue exists that allows an unauthorized attacker to execute code over a network. Path traversal is a flaw that allows an attacker to access...
PT-2026-55618
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A use after free issue exists in Microsoft Edge Chromium-based. This flaw allows an unauthorized attacker to execute arbitrary code over a network. Use after free is a...
PT-2026-55531
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55503
Name of the Vulnerable Software and Affected Versions HPLIP HP Linux Imaging and Printing Software affected versions not specified Description An integer overflow exists in the hpcups processing path when handling specially crafted print data. This flaw, which resulted from an incomplete fix of a...
PT-2026-55527
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55614
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A type confusion issue occurs when a resource is accessed using an incompatible type. This flaw allows an unauthorized attacker to execute arbitrary code over a network...
PT-2026-55550
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the ClientResource component of the admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator with limited control...
PT-2026-55657
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw exists that allows for a permanent fork pull request workflow approval gate bypass. This issue enables an attacker to circumvent the required approval...
PT-2026-55600
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description A flaw allows a user to change the primary email address of another user. Recommendations Update to version 1.25.5 or later...