184419 matches found
PT-2026-57454
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57431
Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...
PT-2026-57462
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57478
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57479
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57460
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57437
PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...
PT-2026-57449
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57469
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57448
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57466
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57451
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57455
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57438
PraisonAI Platform praisonai-platform before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign lead id to their o...
PT-2026-57465
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57472
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57463
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57428
Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer app RPC function that returns distinct error messages for existing versus non-existing app IDs. Unauthenticated attackers can enumerate valid app IDs by observing error message differences when calling...
PT-2026-57458
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57468
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57471
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57475
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57461
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57474
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57423
The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve setOpt function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-lev...
PT-2026-57432
PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outside secret.txt or absolute paths in project command files to exfiltrate process-readable...
PT-2026-57453
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57409
The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...
PT-2026-57427
Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path plan valid expression and th...
PT-2026-57377
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter in all versions up to, and including, 1.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
PT-2026-57436
PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...
PT-2026-57425
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
PT-2026-57457
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57456
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57435
PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...
PT-2026-57473
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57470
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57452
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57459
A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...
PT-2026-57480
The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap broadcast assistant.c reassembled remote Broadcast Receive State data into a single file-static net buf simple att buf, BT ATT MAX ATTRIBUTE LEN = 512 bytes shared by all connection instances, while the BUSY flag,...
PT-2026-57485
A new vulnerability with increased severity was disclosed for Trendnet TEW-635BRM CVE-2026-15480 https://t.co/Jr8yZofWNZ...
PT-2026-57430
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...
PT-2026-57445
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...
PT-2026-57447
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service...
PT-2026-57443
ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...
PT-2026-57444
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...
PT-2026-57446
ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution...
PT-2026-57374
The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
PT-2026-57391
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'b width map' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
PT-2026-57381
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the get type template function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...