184719 matches found
PT-2026-55653
Name of the Vulnerable Software and Affected Versions Notification API affected versions not specified Description The Notification API leaks private issue metadata after access has been revoked. Recommendations At the moment, there is no information about a newer version that contains a fix for...
PT-2026-55635
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based versions prior to 150.0.4078.48 Description A type confusion flaw occurs when a program accesses a resource using an incompatible type. In Microsoft Edge Chromium-based, this issue allows an unauthorized attacker ...
PT-2026-55547
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55511
⚠️⚠️ CVE-2026-57149 CVSS 9.9 + CVE-2026-55247 CVSS 9.1 + CVE-2026-55248 CVSS 9.1: Plone patch bundle — Classic portlet TALES injection to RCE auth + portlet mgmt required plus https://t.co/LxbkPExsow.event DoS/SSRF/XSS issues. 🔗FOFA Link: https://t.co/t449MXCZyx 🎯17.7K+ Results are found on...
PT-2026-55654
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated Regular Expression Denial of Service ReDoS exists due to improper pattern matching within the CODEOWNERS file processing. This allows a remote...
PT-2026-55619
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper input validation allows an unauthorized attacker to execute code over a network. Input validation is the process of ensuring that a program operates on clean,...
PT-2026-55577
Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp versions prior to 6.0.5 Description A double free issue exists in the PLY Model Handler component within the Assimp::Exporter::ExportToBlob function located in the code/AssetLib/Ply/PlyLoader.cpp file. This fla...
PT-2026-55600
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description A flaw allows a user to change the primary email address of another user. Recommendations Update to version 1.25.5 or later...
PT-2026-55656
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authentication bypass exists when using a malformed SSH sub-verb during LFS Large File Storage operations. This flaw allows unauthorized read access to privat...
PT-2026-55590
Name of the Vulnerable Software and Affected Versions Gitea version 1.26.2 Description Fork synchronization continues even after a parent repository is changed from public to private. This behavior allows a fork to maintain access and synchronize data from a repository that should no longer be...
PT-2026-55606
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software uses release tag names and asset names as filesystem path components during the process of dumping release assets. This behavior allows specially crafted names to manipulate the resulting...
PT-2026-55535
Name of the Vulnerable Software and Affected Versions Net::IP::LPM versions prior to 1.11 Description An issue exists where a heap out-of-bounds read can occur due to an unbounded prefix length. The add function passes a prefix string to the addPrefixToTrie function without verifying it against t...
PT-2026-55541
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55655
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper authorization occurs during the OAuth sign-in callback process, which allows accounts that were previously disabled by an administrator to be silently...
PT-2026-55510
⚠️⚠️ CVE-2026-57149 CVSS 9.9 + CVE-2026-55247 CVSS 9.1 + CVE-2026-55248 CVSS 9.1: Plone patch bundle — Classic portlet TALES injection to RCE auth + portlet mgmt required plus https://t.co/LxbkPExsow.event DoS/SSRF/XSS issues. 🔗FOFA Link: https://t.co/t449MXCZyx 🎯17.7K+ Results are found on...
PT-2026-55626
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A use after free issue exists that allows an unauthorized attacker to execute arbitrary code over a network. Use after free is a memory corruption flaw that occurs when ...
PT-2026-55641
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A type confusion issue occurs when a resource is accessed using an incompatible type. This flaw allows an unauthorized attacker to bypass a security feature over a...
PT-2026-55629
Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
PT-2026-55587
Name of the Vulnerable Software and Affected Versions Gitea versions 1.5.0 through 1.26.2 Description A defect in the Time-based One-Time Password TOTP single-use enforcement allows a valid TOTP code to be accepted multiple times. This issue affects web two-factor authentication flows and the Bas...
PT-2026-55659
Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description Improper access control allows an unauthorized attacker to bypass a security feature over a network. Recommendations At the moment, there is no information about a newer...
PT-2026-55607
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.3 Description Git LFS Large File Storage object reuse allows users with repository access to authorize private source objects even if they lack Code-unit access. Recommendations Update Gitea to version 1.26.3 or...
PT-2026-55588
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Insufficient permission checks occur when listing tracked time entries. Recommendations Update to version 1.25.5 or later...
PT-2026-55579
Name of the Vulnerable Software and Affected Versions RT-Thread versions prior to 5.0.3 Description A stack-based buffer overflow exists in the recvmsg function within the bsp/loongson/ls1cdev/libraries/ls1c can.h library of the ls1c CAN Handler component. This issue requires local access to be...
PT-2026-55631
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description An issue exists where access to a resource using an incompatible type, known as type confusion, allows an unauthorized attacker to execute code over a network. Type...
PT-2026-55585
Name of the Vulnerable Software and Affected Versions keras-team/keras version 3.14.0 Description Improper handling of deserialization in the Lambda layer allows for arbitrary OS-level code execution in the context of the server or user process. The raise for lambda deserialization function fails...
PT-2026-55645
Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description A time-of-check time-of-use TOCTOU race condition exists, which is a software bug where a system checks the state of a resource before using it, but the state changes betwe...
PT-2026-55493
Name of the Vulnerable Software and Affected Versions WP Import Export Lite versions prior to 3.9.31 Description An issue exists in the wpie import upload file from url AJAX action. The plugin initially uses wp safe remote get to download files, which blocks private IP ranges. However, if this ca...
PT-2026-55658
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An HMAC ambiguity in Gitea Actions Artifacts V4 signed URLs allows for cross-repository artifact reading and cross-task upload-state writing. HMAC Hash-based Message Authentication Code is a...
PT-2026-55537
Name of the Vulnerable Software and Affected Versions Prospero Flow CRM versions prior to 5.5.3 Description An authorization bypass exists in the CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php via the GET '/calendar/event/delete/id' endpoint. A remot...
PT-2026-55642
Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description An issue in Microsoft Edge for Android allows an unauthorized attacker to disclose private personal information over a network. Recommendations At the moment, there is no...
PT-2026-55596
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software does not consistently enforce the expiry and single-use requirement of OAuth2 authorization codes during the token exchange process. OAuth2 is a standard for access delegation, allowing...
PT-2026-55648
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting XSS, a condition where malicious scripts are injected into trusted websites. Th...
PT-2026-55603
Name of the Vulnerable Software and Affected Versions Gitea version 1.25.5 Description The software caches a branch-specific write-permission result across multiple refs during a single pre-receive hook session. This behavior allows a user with a per-branch maintainer-edit grant to reuse that...
PT-2026-55523
Name of the Vulnerable Software and Affected Versions Eclipse Theia versions 1.8.1 and later Description The browser backend exposes privileged terminal RPC over WebSocket endpoints '/services/shell-terminal' and '/services/terminals/:id' without service-level authentication. The WebSocket origin...
PT-2026-55601
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Draft release data or attachments can be accessed by users who do not possess the necessary write permissions. Recommendations Update to version 1.25.5 or later...
PT-2026-55529
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55545
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55546
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain LTS2026 release versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain LTS2025 release versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data...
PT-2026-55496
Name of the Vulnerable Software and Affected Versions AR for WooCommerce versions prior to 8.41 Description The plugin is subject to Directory Traversal, allowing unauthenticated attackers to read arbitrary files on the server that may contain sensitive information. This is possible via the file...
PT-2026-55584
New one on the board: CVE-2026-59185. Found an IDOR in https://t.co/wRdLpTtMzO where you could claim someone else's GitHub App install just by sending its id. server never checked ownership. Fixed + credited. appsec research infosec https://t.co/IsUHJTv4aK...
PT-2026-55518
Name of the Vulnerable Software and Affected Versions GenerateBlocks versions prior to 2.2.2 Description The GenerateBlocks plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Authenticated attackers with contributor-lev...
PT-2026-55620
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A use after free issue exists in Microsoft Edge Chromium-based. This flaw allows an unauthorized attacker to execute arbitrary code over a network. Use after free is a...
PT-2026-55652
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Server-Side Request Forgery SSRF occurs during the repository migration process via HTTP Redirect. SSRF is a flaw that allows an attacker to induce the...
PT-2026-55638
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper input validation allows an unauthorized attacker to execute code over a network. Recommendations At the moment, there is no information about a newer version th...
PT-2026-55622
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A relative path traversal issue exists that allows an unauthorized attacker to execute code over a network. Path traversal is a flaw that allows an attacker to access...
PT-2026-55538
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...
PT-2026-55507
Name of the Vulnerable Software and Affected Versions resource api versions 1.5.0 through 1.9.1 resource api version 2.0.0 Puppet Core versions prior to 8.20.0 Puppet Enterprise 2023.8 versions prior to 2023.8.10 Puppet Enterprise 2025 versions prior to 2025.11.0 Description The resource api does...
PT-2026-55640
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A use after free issue exists that allows an unauthorized attacker to execute arbitrary code over a network. Use after free is a memory corruption flaw that occurs when ...
PT-2026-55512
Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.6.2 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Unauthenticated...
PT-2026-55497
Name of the Vulnerable Software and Affected Versions Ultimate Member versions prior to 2.11.5 Description The Ultimate Member plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because of insufficient input sanitization and output escaping when handling the about me...