184528 matches found
PT-2026-55261
Name of the Vulnerable Software and Affected Versions Dockwatch versions prior to 0.6.568 Description An unauthenticated OS command injection exists that allows remote attackers to execute arbitrary shell commands. The issue arises from a chain of two bugs: a missing exit function after an...
PT-2026-55036
Contributor Local File Inclusion in Shopify = 1.0.0 versions...
PT-2026-54972
Unauthenticated Cross Site Scripting XSS in Kids Life | Children School WordPress = 5.2 versions...
PT-2026-55357
Summary Stored XSS through wikitext can be performed by inserting malicious HTML into the overlays parameter of the display map parser function when using the leaflet service. Details The maps extension doesn't escape overlay names before passing them to leaflet. Leaflet then inserts them as HTML...
PT-2026-54991
Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...
PT-2026-55309
Name of the Vulnerable Software and Affected Versions react-native-receive-sharing-intent affected versions not specified Description A path traversal issue exists where a co-resident malicious application can write files outside the intended cache directory. This occurs when a crafted display na...
PT-2026-55029
Unauthenticated Broken Access Control in POS EntegratΓΆr = 3.7.103 versions...
PT-2026-55298
LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...
PT-2026-55462
Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.64.0 Description Langroid's ReadFileTool and WriteFileTool fail to properly enforce the working-directory boundary defined by curr dir. While the tools change the process working directory to curr dir, they do not...
PT-2026-55461
Name of the Vulnerable Software and Affected Versions langroid versions prior to 0.64.0 Description The SQLChatAgent in langroid implements a defense-in-depth layer via the validate query method, which uses a regex blocklist DANGEROUS SQL PATTERNS to prevent the execution of dangerous SQL...
PT-2026-55249
A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...
PT-2026-55240
Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description An authenticated actor with low privileges and network access can exploit multiple SQL Injection vulnerabilities to escalate privileges within UniFi OS devices or instances. SQL Injection is...
PT-2026-55233
Name of the Vulnerable Software and Affected Versions UniFi Access Application affected versions not specified Description An improper input validation issue allows a malicious actor with network access and low privileges to perform command injection on the host device. Recommendations At the...
PT-2026-55237
Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A Server-Side Request Forgery SSRF allows a malicious actor with low privileges and network access to escalate privileges within the system. SSRF is a flaw where an attacker can induce the...
PT-2026-55238
Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description An improper input validation issue allows a malicious actor with network access and low privileges to perform command injection on the host device. Command injection is a flaw that allows an...
PT-2026-55335
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.1 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists in the wgagent process. This flaw allows an authenticated privileged user to execute...
PT-2026-55459
Name of the Vulnerable Software and Affected Versions joserfc versions 1.6.7 and earlier Description An authentication bypass exists when the verification key provided to joserfc.jwt.decode is an empty string or None. This occurs because the HMACAlgorithm.verify and HMACAlgorithm.sign functions...
PT-2026-55200
PraisonAI before 0.1.7 fails to validate that project id in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...
PT-2026-55020
Unauthenticated SQL Injection in GeekyBot = 1.2.5 versions...
PT-2026-55055
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...
PT-2026-55560
These are all security issues fixed in the python311-mistune-3.3.2-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-54827
The Academy LMS β WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.8.1. This is due to the '/topics' REST API endpoint being registered with a permission callback set to ' return true',...
PT-2026-55021
Unauthenticated Insecure Direct Object References IDOR in Kirki = 6.0.11 versions...
PT-2026-55395
Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...
PT-2026-55322
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.8 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists in the networkd process. This...
PT-2026-55241
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service DoS attack on the application...
PT-2026-55339
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists where an unauthenticated...
PT-2026-55470
Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections network.listen addr is set, which is the default. 3. Your node's mempool is active node is synced near the chain tip. All default configurations are affected. Summary The...
PT-2026-55295
Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepath globpattern valu...
PT-2026-55286
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub 483ba0 component...
PT-2026-55260
Name of the Vulnerable Software and Affected Versions Flowmon ADS versions prior to 12.5.6 Flowmon ADS versions prior to 13.0.5 Description An authenticated low-privileged user in the Anomaly Detection System ADS can send specially crafted requests to gain unauthorized access to application data...
PT-2026-55289
Name of the Vulnerable Software and Affected Versions Cockpit CMS versions prior to 364 Description Unauthenticated attackers can read arbitrary files or execute PHP files due to a path traversal and local file inclusion issue. The application fails to perform containment checks when constructing...
PT-2026-55561
These are all security issues fixed in the python314-3.14.6-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-55235
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanup listen l2cap chan close removes the channel from conn-chan l, which must be done under conn-lock. cleanup listen runs under the parent sk lock, so acquiring conn-lock...
PT-2026-55248
A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device...
PT-2026-55292
LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS and updateTranslate methods filter target rows by message id alone, omitting the userId scope that sibli...
PT-2026-55387
Summary Langroid's ReadFileTool and WriteFileTool appear to treat curr dir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to curr dir and then operate on the user-supplied file path without resolving and enforcing that...
PT-2026-55325
Name of the Vulnerable Software and Affected Versions WatchGuard Mobile VPN with SSL client for Windows versions prior to 2026.3 Description A local privilege escalation issue allows an attacker with local access to the machine where the client is installed to elevate their privileges to NT...
PT-2026-55488
Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.31 PHP versions 8.3.0 through 8.3.31 PHP versions 8.4.0 through 8.4.22 PHP versions 8.5.0 through 8.5.7 Description The OpenSSL extension contains a buffer allocation flaw in the AES-WRAP-PAD algorithm...
PT-2026-54851
Ever wondered who's been trashing your submissions since 2017? Good news for anyone whose venue runs HotCRP: CCS, NDSS, S&P, USENIX... π We call it BetterOpenReviewβ’ CVE-2026-55493: now every review is an open review Don't worry if you've rejected someone, it's patched. https://t.co/saAUrCSkbQ...
PT-2026-55277
Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete Summary All HTTP routes under /api/documents/ in mcp-memory-service are served without any authentication dependency, even when the server is configured with an API key MCP API KEY or OAuth. An...
PT-2026-54877
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
PT-2026-55001
Unauthenticated Cross Site Scripting XSS in Customize My Account for WooCommerce = 4.3.9 versions...
PT-2026-54997
Subscriber Cross Site Scripting XSS in JetReviews = 3.0.0.1 versions...
PT-2026-54969
Unauthenticated Cross Site Scripting XSS in Kids Zone - Children WordPress Theme = 5.4 versions...
PT-2026-55316
Name of the Vulnerable Software and Affected Versions Libreswan affected versions not specified Description Libreswan fails to correctly verify the DER encoding of the ASN.1 digest within the IKEv2 AUTH payload when using RSASSA-PKCS1-v1 5. This occurs in the RSA authenticate hash signature pkcs1...
PT-2026-55476
Impact In JSONata = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. References...
PT-2026-55314
Name of the Vulnerable Software and Affected Versions Libreswan affected versions not specified Description An invalidly formatted IKEv2 fragment can cause the pluto daemon to crash and restart, leading to a denial of service. The issue occurs within the reassemble v2 incoming fragments function,...
PT-2026-54983
Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...
PT-2026-55263
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...