184508 matches found
PT-2026-55406
Summary Embedded runner policy could be confused by provider aliases. In affected versions, a request using provider aliases could compare policy against an alias instead of the canonical provider identity. This advisory is scoped to the named feature and configuration. It does not change...
PT-2026-55297
Name of the Vulnerable Software and Affected Versions Dapr affected versions not specified Description Dapr Sentry's OIDC discovery endpoint /.well-known/openid-configuration derives the issuer and jwks uri from the request Host. When no allowed-hosts list is configured, the system honors an...
PT-2026-55457
Summary The fix for CVE-2026-46339 unauthenticated RCE via unprotected MCP plugin routes introduced a local-only access gate in src/dashboardGuard.js that restricts spawn-capable routes /api/mcp/, /api/tunnel/, /api/cli-tools/ to loopback requests. The gate determines "local" by inspecting the Ho...
PT-2026-55052
Name of the Vulnerable Software and Affected Versions WP EasyCart versions prior to 5.9.1 Description An issue exists that allows users with contributor privileges to perform a SQL Injection. SQL Injection is a technique where malicious SQL statements are inserted into entry fields for execution,...
PT-2026-55282
Name of the Vulnerable Software and Affected Versions Eclipse Wakaama versions prior to snapshot/2026-05-26 Description An unbounded memory allocation issue exists in the CoAP Block1 handler within the coap/block.c file. Unauthenticated remote attackers can cause a denial of service by sending a...
PT-2026-55267
Observable Response Discrepancy vulnerability in Erlang OTP ssh ssh sftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSH FXP REALPATH handler in ssh sftpd calls relate file name/3 with Canonicalize=false,...
PT-2026-55410
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...
PT-2026-54974
Name of the Vulnerable Software and Affected Versions NativeChurch versions prior to 4.8.8.3 Description An unauthenticated Cross Site Scripting XSS issue exists, allowing attackers to execute malicious scripts without authentication. Recommendations Update NativeChurch to a version newer than...
PT-2026-55022
Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...
PT-2026-55559
These are all security issues fixed in the perl-List-SomeUtils-XS-0.590.0-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-55239
Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A path traversal issue exists in certain devices running UniFi OS. A malicious actor with network access can exploit this to bypass authentication on the affected devices or instances. Path...
PT-2026-55323
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists in the CLI, where an...
PT-2026-55203
Missing authentication for critical function vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...
PT-2026-55471
Am I affected You are affected if: 1. You run any version of zebrad up to and including v4.4.1. 2. Your node validates blocks on mainnet, testnet, or any network where both Zebra and zcashd nodes participate. All default configurations are affected. No feature flags, non-default settings, or...
PT-2026-54951
Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms versions prior to 1.5.2 Description An arbitrary file copy issue exists in the create entry el function. The function retrieves the raw value from the Elementor Pro Form Record object for...
PT-2026-55561
These are all security issues fixed in the python314-3.14.6-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-54963
Subscriber Local File Inclusion in Tourmaster = 5.4.5 versions...
PT-2026-55387
Summary Langroid's ReadFileTool and WriteFileTool appear to treat curr dir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to curr dir and then operate on the user-supplied file path without resolving and enforcing that...
PT-2026-55003
Unauthenticated Cross Site Scripting XSS in eCommerce Product Catalog = 3.5.4 versions...
PT-2026-55251
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF in UniFi Protect Application to escalate privileges on the host device...
PT-2026-55198
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the do image upload function where user-supplied input from the acceptFileTypes PO...
PT-2026-54958
In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2 token verify function returns success for a malformed DPoP proof that...
PT-2026-54873
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
PT-2026-55399
Summary DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite the Java Eureka specification defining a third valid value: "Netflix". The exception propagates through the entire registry deserialization chain and is swallowed by the periodic...
PT-2026-55315
Name of the Vulnerable Software and Affected Versions Libreswan affected versions not specified Description Libreswan fails to correctly verify the authentication hash length when the SIG payload of an IKEv1 packet is encoded using PKCS 1 RSA Encryption. This occurs within the RSA authenticate ha...
PT-2026-55050
Name of the Vulnerable Software and Affected Versions Structured Content versions prior to 1.7.1 Description Cross Site Scripting XSS allows an attacker with contributor privileges to execute malicious scripts in the browser of other users. Recommendations Update Structured Content to a version...
PT-2026-55337
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.1 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal...
PT-2026-55476
Impact In JSONata = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. References...
PT-2026-55314
Name of the Vulnerable Software and Affected Versions Libreswan affected versions not specified Description An invalidly formatted IKEv2 fragment can cause the pluto daemon to crash and restart, leading to a denial of service. The issue occurs within the reassemble v2 incoming fragments function,...
PT-2026-54983
Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...
PT-2026-55263
Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...
PT-2026-55037
Name of the Vulnerable Software and Affected Versions SportsPress Pro versions 2.7.29 and earlier Description A Local File Inclusion LFI issue exists where users with Contributor privileges can read local files on the server. Local File Inclusion is a vulnerability that allows an attacker to indu...
PT-2026-55260
Name of the Vulnerable Software and Affected Versions Flowmon ADS versions prior to 12.5.6 Flowmon ADS versions prior to 13.0.5 Description An authenticated low-privileged user in the Anomaly Detection System ADS can send specially crafted requests to gain unauthorized access to application data...
PT-2026-54640
Name of the Vulnerable Software and Affected Versions Request a Quote versions prior to 2.5.6 Description The Request a Quote plugin for WordPress allows unauthenticated attackers to perform code injection. The issue occurs because the emd delete file function derives a PHP function name from the...
PT-2026-55370
Summary A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. Impact An authenticated user with campaign import...
PT-2026-55412
We have identified an authorization issue in Craft CMS AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId. Description Craft CMS’s craftcontrollersAssetsController::actionReplaceFile supports replacing a...
PT-2026-54998
Subscriber Broken Access Control in Classified Listing = 5.4.2 versions...
PT-2026-54959
Unauthenticated Local File Inclusion in Lighthouse = 1.2.12 versions...
PT-2026-55292
LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS and updateTranslate methods filter target rows by message id alone, omitting the userId scope that sibli...
PT-2026-55449
Impact A path traversal vulnerability exists in the Zmodem and Trzsz file download handlers in electerm. When receiving files via Zmodem or Trzsz protocols, electerm uses the remote-supplied filename directly in path.join with the user-selected download directory without sanitization. A malicious...
PT-2026-54511
The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permission callback performi...
PT-2026-55429
These are all security issues fixed in the c3p0-0.14.1-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-54804
In the Linux kernel, the following vulnerability has been resolved: nvmem: layouts: onie-tlv: fix hang on unknown types The EEPROM on my board has a vendor specific entry of type 0x41. When stumbling upon that, this driver hangs in an endless loop. Fix it by keep incrementing the offset on unknow...
PT-2026-54781
Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.14 Craft CMS versions 5.0.0-RC1 through 5.9.21 Description An issue exists in the AssetsController::actionDeleteFolder function where the system only verifies the deleteAssets: permission for the targe...
PT-2026-55163
Summary A memory-safety vulnerability in Open Babel's Gaussian output parser allowed an out-of-bounds write when reading a crafted input file. Details The flaw was in the coords type orientation parser inside the Gaussian output reader. A malformed orientation block caused the parser to write pas...
PT-2026-54789
SQL Injection vulnerability in GoAdminGroup GoAdmin last release v1.2.26 allows a remote attacker to execute arbitrary code and obtain sensitive information via the the sort type URL parameter on all /admin/info/table endpoints...
PT-2026-55171
sigstore-js derives a transparency-log timestamp from tlogEntries.integratedTime and uses it to validate certificate validity windows and satisfy timestampThreshold. For bundle v0.2, a tlog entry can be inclusionProof-only no signed inclusionPromise/set, and the inclusion proof path does not...
PT-2026-55113
The file content store in oras-go attempts to confine writes to workingDir when AllowPathTraversalOnWrite=false, but the guard is lexical and does not account for symlink traversal. If workingDir contains a symlink path component and an attacker-controlled blob title via ocispec.AnnotationTitle...
PT-2026-54790
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip fixed in Pivotal CRM 6.6.5.10 and Patch CWE502 20260316.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because o...
PT-2026-55129
Untrusted Project Bootstrap Code Execution via CLAUDE PROJECT DIR Summary The Cortex MCP server neuro-cortex-memory treats the CLAUDE PROJECT DIR environment variable — automatically set by Claude Code to the currently open project directory — as a trusted Cortex developer checkout. When the open...