PT-2026-47163

Name of the Vulnerable Software and Affected Versions onedev versions prior to 15.0.6 Description Improper authorization exists in the Parent Project Handler component within the '/projects/' file. A remote attacker can manipulate the project.parentId argument to bypass authorization controls...

PT-2026-47167

Name of the Vulnerable Software and Affected Versions clash-verge-service-ipc versions prior to 2.3.0 Description The software contains a world-reachable IPC Inter-Process Communication endpoint, which is a mechanism that allows different processes to communicate. This configuration allows for...

PT-2026-47148

Name of the Vulnerable Software and Affected Versions Protocol::HTTP2 versions prior to 1.13 Description The software is susceptible to an HTTP/2 Bomb, where a small request can expand into large server memory consumption. This occurs because the inbound HPACK path lacks a header-list size limit...

PT-2026-48345

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

PT-2026-48347

Summary The Klever seednode REST API starts a Gin engine with Engine.RunrestAPIInterface. In Gin v1.9.1, Engine.Run calls Go's default http.ListenAndServe, which constructs an HTTP server without application-level ReadHeaderTimeout, ReadTimeout, or MaxHeaderBytes limits. An unauthenticated client...

PT-2026-48346

Summary networkMessenger.directMessageHandler in network/p2p/libp2p/netMessenger.go spawns a fresh goroutine for every incoming direct message before the antiflood layer makes an admission decision. There is no semaphore, throttler, or bound on concurrent in-flight spawns. A single connected libp...

PT-2026-49061

Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom i.e. supplied by an attacker tags can therefore make ingestion spend more time than intended writing tag rows. Bugsink uses a single-writer database...

PT-2026-49060

Summary OAuth access and refresh tokens were not revoked when the user changed, reset, or recovered their password, leaving an attacker-issued OAuth grant valid after the user believed they had locked the attacker out. Details revokeAllOAuthTokensByUser in the users service was an empty stub bein...

PT-2026-46905

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...

PT-2026-46904

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

PT-2026-46903

All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...

PT-2026-46906

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

PT-2026-46909

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

PT-2026-46927

Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege...

PT-2026-46925

Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information...

PT-2026-46926

Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information...

PT-2026-46919

Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations...

PT-2026-46930

In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user...

PT-2026-46928

Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory...

PT-2026-46914

Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files...

PT-2026-46929

Name of the Vulnerable Software and Affected Versions libinput affected versions not specified Description A flaw in libinput allows a local attacker with access to '/dev/uinput' to inject arbitrary udev properties via the libinput-device-group helper. This injection can lead to root code...

PT-2026-46922

Name of the Vulnerable Software and Affected Versions Samsung Assistant versions prior to 9.3.14 Description Improper export of android application components in the SmartHomeWidgetReceiver allows a local attacker to execute arbitrary scripts via intent redirection. Intent redirection occurs when...

PT-2026-46911

Name of the Vulnerable Software and Affected Versions Product Slider Pro for WooCommerce versions prior to 3.5.3 Description Improper validation of the specified quantity in input allows for the implantation of malicious software. A backdoor in the plugin enables unauthenticated remote attackers ...

PT-2026-46921

Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability...

PT-2026-46916

Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information...

PT-2026-46917

Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function...

PT-2026-46913

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

PT-2026-46924

Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration...

PT-2026-46918

Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

PT-2026-46923

Name of the Vulnerable Software and Affected Versions Samsung Assistant versions prior to 9.3.14 Description Improper export of Android application components in the ExpressHomeWidgetReceiver allows a local attacker to execute arbitrary script. Recommendations Update to version 9.3.14 or later...

PT-2026-46915

Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

PT-2026-46920

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

PT-2026-46935

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...

PT-2026-46931

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

PT-2026-46933

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure CWE-228 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the...

PT-2026-46934

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...

PT-2026-46944

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

PT-2026-46932

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

PT-2026-46946

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate hash key of the file src/Runtime/python/torch onnxmlir/src/torch onnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An...

PT-2026-46967

Improper Access Control, Missing Authorization vulnerability in HAVELSAN Inc. Geographic Tracking System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Geographic Tracking System: before v0.0.2...

PT-2026-46965

Observable response discrepancy vulnerability in HAVELSAN Inc. Geographic Tracking System allows System Footprinting. This issue affects Geographic Tracking System: before v0.0.2...

PT-2026-46960

Name of the Vulnerable Software and Affected Versions tittuvarghese CollegeManagementSystem affected versions not specified Description A remote SQL injection can be triggered by manipulating the department code argument within an unknown function of the file 'dashboard page/forms/fetch.php'. SQL...

PT-2026-46966

Authorization bypass through User-Controlled key vulnerability in HAVELSAN Inc. Geographic Tracking System allows Exploitation of Trusted Identifiers. This issue affects Geographic Tracking System: before v0.0.2...

PT-2026-46957

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

PT-2026-46950

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description An unauthenticated stored cross-site scripting issue exists in the log viewer due to unescaped template variables. This allows attackers to execute arbitrary scripts in users' browsers by injecting...

PT-2026-46952

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

PT-2026-46962

sanic-cors version 2.2.0 and prior contains an improper regular expression in the try match function in sanic cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...

PT-2026-46961

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session start of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiatio...

PT-2026-46964

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer overflow in the SquashFS ReadBlock function allows an attacker-controlled node.Offset value to bypass...

PT-2026-46948

The Comment API GET /api/Comment and POST /api/Comment in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference IDOR vulnerability allows any authenticated...