184497 matches found
PT-2026-55565
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not...
PT-2026-55089
Component: io.crate.protocols.http.HttpBlobHandler Affected: verified against CrateDB 6.2.7 latest at time of report; the bug has existed since the blob HTTP handler was introduced Impact: any authenticated user can read or delete any blob whose SHA-1 digest they know, and can plant new blobs...
PT-2026-55205
sigstore-js derives a transparency-log timestamp from tlogEntries.integratedTime and uses it to validate certificate validity windows and satisfy timestampThreshold. For bundle v0.2, a tlog entry can be inclusionProof-only no signed inclusionPromise/set, and the inclusion proof path does not...
PT-2026-55206
Summary dist/clients/core/params.ts in @hey-api/openapi-ts ships a runtime template that is copied verbatim into every generated SDK as params.gen.ts. When a caller passes an object argument containing an unknown key starting with a slot prefix $body , $headers , $path , $query , the function...
PT-2026-54620
Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore. verify dataset and file editor.py methods, which fail to check the dataset.is virtual property of HDF5 datasets. This...
PT-2026-54924
Name of the Vulnerable Software and Affected Versions FatFS versions R0.16 and earlier Description An integer overflow occurs in the mount volume function during FAT32 processing when the operation fasize = fs-n fats wraps. This allows an attacker to control file-size metadata, resulting in unsaf...
PT-2026-54724
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service...
PT-2026-55170
Summary oras-go's auth.Client follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating its scheme or host. The realm field is server-controlled by design in the OCI/distribution spec — registries legitimately point token requests at a separate auth endpoint e....
PT-2026-54739
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$ GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...
PT-2026-54917
Name of the Vulnerable Software and Affected Versions Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 affected versions not specified Description An unauthenticated OS command injection exists in the commuos web backend. Network-adjacent attackers can execute arbitrary shell commands by...
PT-2026-54922
Name of the Vulnerable Software and Affected Versions NodeBB affected versions not specified Description NodeBB fails to bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. While the inbound middleware verifies the HTTP-signature actor and the origin of the...
PT-2026-54823
In the Linux kernel, the following vulnerability has been resolved: net: rds: clear i sends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned fr...
PT-2026-54700
Name of the Vulnerable Software and Affected Versions Altium Enterprise Server versions prior to 8.1.1 Altium 365 affected versions not specified Description A path traversal issue exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service processes...
PT-2026-54471
The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawl dfs.php, where the $ GET'place...
PT-2026-54474
The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
PT-2026-55204
Summary The documented certificateOIDs option in sigstore.verify is accepted by the public API but discarded before verification, so required certificate extension OIDs are never checked. Details The public verify options include certificateOIDs and the documentation says those OID/value pairs...
PT-2026-54760
🔴 GeoNetwork, Reflected XSS via Client-Side Template Injection CVE-2026-39379 – High Severity -DC-Jul2026-791 https://t.co/13WOZH6LMr...
PT-2026-54448
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12.1 Thunderbird versions prior to 152.0.1 Description An attacker can inject arbitrary styled content, phishing links, and CSS to manipulate the chat UI by sending HTML chat messages via Matrix or XMPP...
PT-2026-55483
These are all security issues fixed in the python3-onionshare-2.6.4-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-54850
Name of the Vulnerable Software and Affected Versions mchange-commons-java versions prior to 0.6.0 Description The JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory allows the construction of objects from arbitrary classes and the initialization of JavaBean-style...
PT-2026-54728
The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...
PT-2026-54868
Name of the Vulnerable Software and Affected Versions OPNsense versions prior to 26.1.11 OPNsense versions prior to 26.4.1p1 Description An arbitrary file write flaw allows for remote code execution with root privileges. Recommendations Update to version 26.1.11. Update to version 26.4.1p1...
PT-2026-55484
These are all security issues fixed in the python3-onionshare-2.6.4-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-55210
Summary The network domain has a central SSRF authorization policy that blocks private, loopback, link-local, and reserved targets unless an explicit authorization object allows private network access. The policy is enforced by raw HTTP/TCP/TLS RTT tools, but the ICMP probe and traceroute tools...
PT-2026-54496
The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a Stored Cross-Site Scripting that can be triggered by unauthenticated users when a non-default display option is enabled...
PT-2026-54889
Name of the Vulnerable Software and Affected Versions ShortPixel Enable Media Replace versions prior to 4.2.1 Description Improper neutralization of input during web page generation leads to a Stored Cross-site Scripting XSS issue. Stored XSS occurs when an application receives data from a user a...
PT-2026-54769
Name of the Vulnerable Software and Affected Versions Elasticsearch affected versions not specified Description An authenticated user can trigger a denial of service by submitting a specially crafted bulk request. This leads to uncontrolled resource consumption through excessive allocation,...
PT-2026-55139
Summary oras-go follows a registry-controlled Location header during the monolithic blob upload flow and reuses the Authorization header from the initial POST request for the subsequent PUT request. If a malicious registry returns a cross-host Location, oras-go can send the caller's credentials t...
PT-2026-55081
The Canvas module allow you to upload image files via a custom API. The validation rules check the file extension of the uploaded file but not the file MIME type. This may allow a malicious user to upload a file that is not an image. Certain web-server configurations may serve the uploaded file...
PT-2026-54866
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper input validation in the Fleet policy management functionality allows an authenticated user to submit specially crafted input. This can lead to a denial of service, rendering the Fleet...
PT-2026-54801
In the Linux kernel, the following vulnerability has been resolved: mm/mincore: handle non-swap entries before !CONFIG SWAP guard mincore swap also fields migration/hwpoison entries and shmem swapin-error entries, which can exist on !CONFIG SWAP builds when CONFIG MIGRATION or CONFIG MEMORY FAILU...
PT-2026-54770
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper output neutralization for logs allows for log injection. An attacker can provide specially crafted input that is written to log files without being properly neutralized. If these log...
PT-2026-54814
In the Linux kernel, the following vulnerability has been resolved: rust: arm64: set uwtable llvm module flag for CONFIG UNWIND TABLES Due to a rustc bug 1 the -Cforce-unwind-tables=y flag only emits the uwtable annotation for functions, but not for the module. This means that compiler-generated...
PT-2026-54786
Name of the Vulnerable Software and Affected Versions Foreman affected versions not specified satellite-capsule:el8/foreman affected versions not specified Description The Usergroup model fails to properly validate role assignments against the permissions of the calling user. This improper...
PT-2026-54783
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based versions prior to 149.0.4022.98 Description A use-after-free issue exists in Microsoft Edge Chromium-based. This flaw allows an authorized attacker to execute arbitrary code over a network. Use-after-free is a...
PT-2026-54886
Name of the Vulnerable Software and Affected Versions PrivateContent versions prior to 9.9.2 Description An incorrect privilege assignment in LCweb PrivateContent enables privilege escalation, allowing a user to gain higher levels of access than intended. Recommendations Update PrivateContent to...
PT-2026-55430
These are all security issues fixed in the kubectl-cnpg-1.29.2-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-54839
Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.8 Wagtail versions prior to 7.3.3 Wagtail versions prior to 7.4.2 Description A low-level user granted the "Can submit translation" permission can create translations for any page, regardless of whether they have...
PT-2026-54749
Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated remote attacker can execute arbitrary OS commands on the server. The issue occurs because the speech text.php file passes the id GET parameter directly int...
PT-2026-54717
Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge for Linux affected versions not specified Description An issue exists where an attacker could cause deserialization of untrusted data. Deserialization is the process of converting a data format, such as JSON or XML, back...
PT-2026-54796
In the Linux kernel, the following vulnerability has been resolved: sched ext: Don't warn on NULL cgrp moving from in scx cgroup move task A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtree control while a sched ext scheduler is loaded: WARNING: at...
PT-2026-55087
Impact The QUIC client did not authenticate the server during the TLS 1.3 handshake. The CertificateVerify signature was not checked, the certificate chain was not validated, and the hostname was not compared against the certificate, so verify was effectively a no-op on the client. A...
PT-2026-54928
Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description An uninitialized cluster exposure occurs when the f lseek function extends files beyond the end-of-file EOF without zero-filling newly allocated clusters. This issue is a Use of Uninitialized...
PT-2026-54499
The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request...
PT-2026-54782
Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 2.0.1 HashiCorp Vault Enterprise versions prior to 2.0.1 Description Audit device validation logic fails to consistently apply plugin directory protections when the legacy file audit path option is utilized...
PT-2026-54493
The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify,...
PT-2026-55207
Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.30.1 Description An unauthenticated remote attacker can cause a memory-exhaustion Denial of Service DoS by sending large JSON bodies to specific API endpoints. This occurs because the software fails to limit the...
PT-2026-54646
Name of the Vulnerable Software and Affected Versions Mediawiki - Charts Extension versions prior to 1.43.9 Mediawiki - Charts Extension versions prior to 1.44.6 Mediawiki - Charts Extension versions prior to 1.45.4 Description Improper neutralization of input during web page generation allows fo...
PT-2026-54819
In the Linux kernel, the following vulnerability has been resolved: riscv/ptrace: Use USER REGSET NOTE TYPE for REGSET CFI Fixes a warning while dumping core: 54983.546369 C7 WARNING: !note name fs/binfmt elf.c:1771 at elf core dump+0x910/0xf68, CPU7: abort01/31982...
PT-2026-54884
Name of the Vulnerable Software and Affected Versions Ray versions prior to 2.56.0 Description An unsafe deserialization issue exists in the WebDataset reader. An attacker can achieve remote code execution by providing a malicious tar archive to the read webdataset function. The default decoder...