184569 matches found
PT-2026-54977
Subscriber Arbitrary File Upload in Zegen = 1.1.9 versions...
PT-2026-54984
Unauthenticated Local File Inclusion in Audrey = 1.5 versions...
PT-2026-54978
Unauthenticated Cross Site Scripting XSS in Automotive Listings = 18.6 versions...
PT-2026-55042
Name of the Vulnerable Software and Affected Versions Livemesh Addons for WPBakery Page Builder versions prior to 3.9.5 Description Cross Site Scripting XSS allows an attacker with contributor privileges to execute malicious scripts in the browser of other users. This occurs when the application...
PT-2026-55031
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
PT-2026-55044
Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...
PT-2026-54987
Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...
PT-2026-54980
Unauthenticated Cross Site Scripting XSS in TheFox = 3.9.76 versions...
PT-2026-55035
Name of the Vulnerable Software and Affected Versions Booked versions prior to 3.0.1 Description An unauthenticated Cross Site Request Forgery CSRF issue exists, which allows an attacker to induce a user to perform actions they did not intend to execute. Recommendations Update to a version newer...
PT-2026-54944
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'aspectRatio' Attribute in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. Th...
PT-2026-55293
Name of the Vulnerable Software and Affected Versions JuiceFS versions prior to 1.3.2 Description An authentication bypass exists due to improper handler registration on the shared http.DefaultServeMux. This allows unauthenticated remote attackers to access sensitive debug and metrics endpoints...
PT-2026-55304
Name of the Vulnerable Software and Affected Versions ardupilot versions prior to Plane-4.6.4 Description An out-of-bounds read issue exists in the GCS MAVLINK::handle serial control function within the libraries/GCS MAVLink/GCS serial control.cpp file. An out-of-bounds read occurs when a program...
PT-2026-55275
Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.3.0 Fiber versions prior to 2.52.14 Description The BalancerForward proxy helper in middleware/proxy/proxy.go uses the Header.Add function instead of Header.Set when injecting the X-Real-IP header. This behavior appen...
PT-2026-55247
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight...
PT-2026-55401
Command injection via dotfiles URI parameter combined with workspace auto-creation Summary The dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a crafted dotfiles uri value for example...
PT-2026-55396
Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node processes blocks past the checkpoint height non-finalized state is active. 3. The network has NU5 or later activated. All default configurations are affected. Summary Chain::push in the non-finalized sta...
PT-2026-55375
Summary A stored Cross-Site Scripting XSS vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views such as campaigns, emails, or forms, user-supplied project names are rendered without proper sanitization. An authenticate...
PT-2026-55253
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device...
PT-2026-55348
Summary OpenClaw nodes send lifecycle events back to the gateway. In affected releases, a paired node could send an exec lifecycle event that was accepted without enough provenance tying it to an authorized system.run request. This issue affects the node event boundary. It does not allow an...
PT-2026-55230
Name of the Vulnerable Software and Affected Versions Little Orbit GFAC affected versions not specified Description Improper validation and a NULL pointer dereference a condition where the software attempts to read from a memory address that is null, leading to a crash in the GFAC Sys x64.sys...
PT-2026-55297
Name of the Vulnerable Software and Affected Versions Dapr affected versions not specified Description Dapr Sentry's OIDC discovery endpoint /.well-known/openid-configuration derives the issuer and jwks uri from the request Host. When no allowed-hosts list is configured, the system honors an...
PT-2026-55386
Summary An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands. Impact An authenticated user with API access ca...
PT-2026-55327
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description A race condition leads to a use-after-free issue in LDAP...
PT-2026-55413
Summary EntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model. The subsequent author mutation path accepts attacker-supplied authors / author parameters and allows the change when the current user is one of the o...
PT-2026-55256
Name of the Vulnerable Software and Affected Versions obs tar scm source service versions prior to 0.12.4 Description A shellcode injection exists in the mercurial handler of the source service. Attackers who can provide a crafted service file can execute arbitrary code as the source service or t...
PT-2026-55271
Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtls packet demux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtls packet demux gen server process to route incoming UD...
PT-2026-55319
Name of the Vulnerable Software and Affected Versions Azure OpenAI affected versions not specified Description A server-side request forgery SSRF issue exists in Azure OpenAI. This flaw allows an authorized attacker to elevate privileges over a network. SSRF is a vulnerability where an attacker c...
PT-2026-55236
A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device...
PT-2026-55284
Name of the Vulnerable Software and Affected Versions TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress versions prior to 3.6.14 Description Insufficient file path validation in the delete converted image size function allows authenticated attackers with author-level access or...
PT-2026-55019
Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce = 12.10.3 versions...
PT-2026-55451
Impact A command injection vulnerability exists in electerm's file system operations rmrf, mv, cp in src/app/lib/fs.js. These functions construct shell commands by interpolating file paths directly into command strings without escaping shell metacharacters. Vulnerable functions: - rmrf - Uses rm...
PT-2026-55255
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate privileges within the UniFi Talk Application...
PT-2026-54880
Name of the Vulnerable Software and Affected Versions GeoWebPlayer affected versions not specified Description The GeoWebPlayer websocket server, used as an addon for GeoVision software such as GV-VMS and GV-Cloud, contains a memory corruption issue. The handle connection info function, which...
PT-2026-54940
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
PT-2026-54947
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
PT-2026-54936
Name of the Vulnerable Software and Affected Versions Eclipse Parsson versions prior to 1.1.8 Description The JSON parser does not enforce a default maximum on the number of characters consumed when parsing a single JSON document. This allows an attacker to provide specially crafted JSON document...
PT-2026-54942
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.2 via the 'service id' parameter due to missing validation on a user controlled key. This makes it possible for...
PT-2026-54882
Name of the Vulnerable Software and Affected Versions GeoWebPlayer affected versions not specified Description The GeoWebPlayer websocket server, used as an addon for GeoVision software such as GV-VMS and GV-Cloud, contains a memory corruption issue. The handle connection info function, which...
PT-2026-54878
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
PT-2026-54946
The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
PT-2026-54943
The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...
PT-2026-55455
Kiwi TCMS provides the /init-db/ page as part of its setup mechanism for administrators who prefer a browser instead of the command line. In previous versions of Kiwi TCMS this page still renders and responds to requests even after first use. Impact The /init-db/ page does not require any user...
PT-2026-55342
Summary All Steeltoe actuator endpoints default to EndpointPermissions.Restricted, which is mapped to Cloud Foundry's read basic data permission granted to Space Auditors and similar low-trust roles. Sensitive actuators including heap dump, environment, and thread dump do not raise this to...
PT-2026-55273
A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...
PT-2026-55353
We have identified an authorization issue in Craft CMS where a forced folder move can delete a conflicting destination folder without destination delete permission. Description Craft CMS’s craftcontrollersAssetsController::actionMoveFolder supports moving an asset folder into a destination parent...
PT-2026-54871
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
PT-2026-55303
Name of the Vulnerable Software and Affected Versions ntopng versions prior to 6.7 Description Predictable session identifiers can lead to session hijacking. The issue occurs because HTTP session identifiers in the src/HTTPserver.cpp file use weak time-seeded pseudo-randomness during session...
PT-2026-55482
Summary An unauthenticated path traversal in the LaunchServer HTTP file server FileServerHandler lets any remote actor read any file readable by the LaunchServer process e.g. ../../../../etc/passwd. This is a generic arbitrary-file-read primitive, so the fix must address the traversal itself, not...
PT-2026-55266
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...
PT-2026-55423
Summary Combined POSIX shell options could confuse exec revalidation. In affected versions, a command request using combined shell flags could parse approval-time and execution-time shell options differently. This advisory is scoped to the named feature and configuration. It does not change...