187518 matches found
PT-2026-60623
OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower-trust callers to expose Bot Framework tokens. Attackers can access configured input paths to retrieve credentials that should remain within the trusted boundary...
PT-2026-60641
The Grav API plugin getgrav/grav-plugin-api before 1.0.6 contains an authorization bypass: API keys can be created with a restricted scopes array, but the ApiKeyAuthenticator class never reads or enforces these scopes. It loads and returns the owning user's full account object, so a key created...
PT-2026-60716
Improper Handling of Length Parameter Inconsistency CWE-130 vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of...
PT-2026-60715
Unsigned to Signed Conversion Error CWE-196 vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory...
PT-2026-60635
OpenClaw versions before 2026.5.18 contain an authorization bypass vulnerability in skill command dispatch that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can bypass tool policy restrictions through configured input paths to perform...
PT-2026-60808
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: fr...
PT-2026-60797
Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...
PT-2026-60780
HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parse date. parse date matches the date string against a chain of alternative regexes, and str2time delegates to it. Several of these patterns place unbounded quantifiers next to each other before a...
PT-2026-60794
Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison. The decode method compares the supplied signature to the recomputed HMAC with Perl's eq operator, which stops at the first differing byte, so the comparison time varies with the number of...
PT-2026-60815
HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality Forced Browsing vulnerability. Improper authorization checks may allow unauthorized users to access restricted administrative functionality by directly accessing protected application endpoints...
PT-2026-60817
HCL DevOps Loop is affected by missing HTTP security headers. Missing security headers may reduce browser protections against common web-based attacks such as clickjacking, MIME-type sniffing, and cross-site scripting...
PT-2026-60740
A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...
PT-2026-60752
HCL Aftermarket EPC is vulnerable to email flooding as the application does not have a proper mail limitation mechanism at Forget Password functionality. The actor could b e a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program...
PT-2026-60763
HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing CORS policy for this request that allows access from any domain -Wildcard...
PT-2026-60769
A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface...
PT-2026-60741
A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...
PT-2026-60751
Insertion of sensitive information into sent data vulnerability in IKAS Technology Inc. E-Commerce allows Retrieve Embedded Sensitive Data. This issue affects E-Commerce: through 03062026...
PT-2026-60772
A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...
PT-2026-60771
libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were discovered to contain an XML External Entity XXE vulnerability...
PT-2026-60756
HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forger...
PT-2026-60773
A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4 allows an attacker wit...
PT-2026-60774
Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...
PT-2026-60790
Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...
PT-2026-60762
HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...
PT-2026-60813
Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...
PT-2026-60777
SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header...
PT-2026-60789
Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...
PT-2026-60761
HCL Aftermarket EPC is vulnerable to attack since the application returns detailed error messages that leak information about the processing on the server. An attacker may use the contents of error messages to help launch another ,more focused attack...
PT-2026-60719
UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...
PT-2026-60718
The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomatic call google ai function' function. This...
PT-2026-60714
Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...
PT-2026-60616
OpenClaw versions before 2026.6.9 contain a missing authorization vulnerability in Discord moderation actions. In affected versions, a lower-trust caller or configured input path could perform moderation actions that should have required a stronger authorization or policy check. Practical impact...
PT-2026-60634
OpenClaw MS Teams before 2026.5.12 contain an authorization bypass vulnerability where the allowFrom feature binds to mutable display names. Attackers with lower-trust access can perform actions requiring stronger authorization by exploiting the mutable display name binding in the affected featur...
PT-2026-60732
Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo. An authenticated, but low-privileged user without system permissions may issue a remote command to gracefully shutdown system components compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver,...
PT-2026-60642
Grav before 2.0.4 contains a two-factor authentication bypass vulnerability in the login plugin where the regenerate2FASecret task checks only user existence, not authorization, during the pending TOTP challenge window. Attackers who know the victim's password can call this task without a CSRF...
PT-2026-60646
grav-plugin-login before 3.8.11 contains a cross-site request forgery CSRF vulnerability in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated session user without any anti-CSRF nonce or Origin/Referer check. Because Grav core...
PT-2026-60710
The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.17.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
PT-2026-60628
OpenClaw 2026.1.20 before 2026.5.27 contain an authorization bypass vulnerability in the device.pair.approve feature that allows lower-trust callers to bypass role-management checks. Attackers can perform actions requiring stronger authorization by reaching the affected feature through configured...
PT-2026-60713
HCL Traveler for Microsoft Outlook HTMO is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content...
PT-2026-60629
OpenClaw 2026.2.12 before 2026.5.26 contain an authorization bypass vulnerability in the hooks allowedAgentIds validation. A lower-trust caller or configured input path can bypass agent ID restrictions by submitting blank agent IDs, allowing actions that should require stronger authorization or...
PT-2026-60720
The NEX-Forms WordPress plugin before 9.2.3 does not sanitise and escape some submitted form data before storing it and outputting it back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability which could allow unauthenticated users to perform Stored Cross-Site Scripting...
PT-2026-60704
The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'digitalSignature' Field Value in all versions up to, and including, 2.4.18 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-60735
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer fee payer: true,...
PT-2026-60711
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.0.13 via the 'family' parameter. This makes it possible for authenticated attackers, with editor-level access and above, to delete...
PT-2026-60612
OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...
PT-2026-60627
OpenClaw 2026.5.14-beta.1 before 2026.5.27 contain an authorization flaw in the QQBot exec approvals feature. When the feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization, allowing...
PT-2026-60679
The Bricksforge plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.1.8.6. This is due to improper validation of the fieldIds parameter in the Pro Forms registration action, which allows attacker-supplied field IDs to be added to the trusted form-fie...
PT-2026-60644
Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write permission to create webhooks with file://, dict://, or gopher:// URLs. Attackers can trigger webhook events to read local files, access process information, or pivot to...
PT-2026-60633
OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in the device-pair approval feature that allows lower-trust callers to execute actions beyond their intended authorization. Attackers can exploit misconfigured input paths to execute or persist unauthorized actions when the...
PT-2026-60650
The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route JwtAuthenticator::extractBearerToken fallback. Because tokens are embedded in URLs, they are logged verbatim in web server access logs, leaked via th...