184497 matches found
PT-2026-55124
Root cause The tar-extraction helper ensureLinkPath at content/file/utils.go:262-275 validates that a hardlink's target resolves inside the extract base, but then returns the original unresolved target string back to the caller: go func ensureLinkPathbaseAbs, baseRel, link, target string string,...
PT-2026-54491
The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'metakaliforms field components' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possibl...
PT-2026-54892
Name of the Vulnerable Software and Affected Versions Shortcodes and extra features for Phlox theme versions prior to 2.17.17 Description Improper neutralization of input during web page generation allows for DOM-Based Cross-site Scripting XSS, a flaw where a script is executed in the victim's...
PT-2026-54618
Name of the Vulnerable Software and Affected Versions NEX-Forms – Ultimate Forms Plugin for WordPress versions prior to 9.2.3 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting. This occurs via the name array...
PT-2026-54510
The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update capabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the update capabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...
PT-2026-54767
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An authenticated user can cause a denial of service by submitting a specially crafted bulk deletion request. This leads to excessive resource consumption, which may render the application...
PT-2026-54641
A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...
PT-2026-54813
In the Linux kernel, the following vulnerability has been resolved: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying When marking a page dirty, complain about not having a running/loaded vCPU if and only if the VM is still alive, i.e. its refcount is non-zero. This will...
PT-2026-54475
Name of the Vulnerable Software and Affected Versions WPBot – AI ChatBot for Live Support, Lead Generation, AI Services versions prior to 8.5.0 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS, a technique...
PT-2026-55114
Vulnerability Metadata | Field | Detail | | --- | --- | | Affected Component | src/core/git/gitCommand.ts execGitShallowClone | | Impact | Arbitrary Command Execution / Security Control Bypass | Summary The --remote-branch CLI option in repomix is vulnerable to argument injection. User-supplied...
PT-2026-54787
Name of the Vulnerable Software and Affected Versions Foreman affected versions not specified Description An authenticated user with host-edit permissions can exploit a cross-tenant information disclosure flaw. The issue exists because the taxonomy scope controller method fails to properly valida...
PT-2026-54909
Name of the Vulnerable Software and Affected Versions PACSgear MediaWriter version 5.2.1 Description An unauthenticated remote attacker can read and write arbitrary files on the host filesystem by exploiting a .NET Remoting TCP service exposed on port 9000 via PacsgearMediaServerEngine.dll. This ...
PT-2026-54785
Name of the Vulnerable Software and Affected Versions Foreman affected versions not specified Description A broken access control issue allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is performed by modifying the mat...
PT-2026-55434
These are all security issues fixed in the python311-python-socketio-5.16.3-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-54863
Name of the Vulnerable Software and Affected Versions Elasticsearch versions prior to 8.19.17 Elasticsearch versions prior to 9.3.6 Elasticsearch versions prior to 9.4.3 Description An authenticated user can trigger a denial of service by submitting a specially crafted query. This occurs due to...
PT-2026-55427
These are all security issues fixed in the MozillaThunderbird-140.12.1-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-54718
Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge for Linux affected versions not specified Description An issue exists where an attacker could cause improper control of code generation. This could lead to code execution, escalation of privileges, data tampering, and...
PT-2026-55164
Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...
PT-2026-54647
Name of the Vulnerable Software and Affected Versions Mediawiki - Cargo Extension versions prior to 1.43.9 Mediawiki - Cargo Extension versions prior to 1.44.6 Mediawiki - Cargo Extension versions prior to 1.45.4 Description Improper neutralization of special elements used in an SQL command leads...
PT-2026-54821
In the Linux kernel, the following vulnerability has been resolved: hsr: Remove WARN ONCE in hsr addr is self. syzbot reported the warning 0 in hsr addr is self, whose assumption is simply wrong. hsr-self node is cleared in hsr del self node, which is called from hsr dellink. Since dev-rtnl link...
PT-2026-54797
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use krealloc array in dal vector reserve Why & How dal vector reserve computes the allocation size as "capacity vector-struct size" using uint32 t arithmetic, which can silently wrap to a small value on overflow...
PT-2026-54815
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix driver removal with disabled KMS DRM atomic and modesetting aren't initialized if virtio-gpu driver built with disabled KMS, leading to access of uninitialized data on driver removal/unbinding and crashing kernel...
PT-2026-54805
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bond do ioctl In bond do ioctl, slave dev is obtained via dev get by name which can return NULL if the requested interface name does not exist. However, the subsequent slave dbg call ...
PT-2026-54811
In the Linux kernel, the following vulnerability has been resolved: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow Commit 44e9a3bb76e5 "ARM: 9430/1: entry: Do a dummy read from VMAP shadow" added a dummy read from the KASAN VMAP stack shadow in switch to. The read uses ldr, but the...
PT-2026-54820
In the Linux kernel, the following vulnerability has been resolved: signal: clear JOBCTL PENDING MASK for caller in zap other threads When a multi-threaded process receives a stop signal e.g., SIGSTOP, do signal stop sets JOBCTL STOP PENDING and JOBCTL STOP CONSUME on all threads and sets...
PT-2026-54824
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix phys BO pread/pwrite with offset sg page returns struct page pointer not void so the scaling of pread/pwrite is wrong for phys BO and wrong parts of BO would be accessed if non-zero offset is used. Last impacted...
PT-2026-54806
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for of reserved mem lookup in airoha qdma init hfwd queues of reserved mem lookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved...
PT-2026-54506
A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server. This...
PT-2026-54812
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Initialize mcp-dev and mcp-addr before regmap init Regmap initialization triggers regcache maple populate which attempts SPI read to populate cache. SPI read requires mcp-dev and mcp-addr to be set, without the...
PT-2026-55103
Actor MCP path authority injection leaks Apify token Summary @apify/actors-mcp-server version 0.10.7 builds Actor standby URLs by directly concatenating a trusted base URL with an attacker-controlled webServerMcpPath value taken from an Actor definition returned by the Apify API. An attacker who...
PT-2026-54738
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job info get.php line 16: SELECT FROM jobs where input1 = '".$ GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...
PT-2026-54507
The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentiall...
PT-2026-54915
Name of the Vulnerable Software and Affected Versions JAIOTlink C492A-W6 Wi-Fi IP camera version 4.8.30.57701411 Description The anyka ipc HTTP service on port 80 accepts a default admin username with an empty password. This allows network-adjacent attackers to gain unauthorized access to camera...
PT-2026-54468
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
PT-2026-54758
An unauthenticated command injection vulnerability in the /goform/fast setting internet set endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into the mac parameter...
PT-2026-54831
Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description Insufficient authorization enforcement occurs in the '/customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure' endpoint. This allows an authenticated user with low privileges to retrieve...
PT-2026-55082
This module enables you to test and run AI-driven workflows interactively through a chat interface. The module doesn't sufficiently enforce permissions on certain endpoints. Attackers may be able to trigger workflow execution incurring LLM spend and tool side effects or send messages into other...
PT-2026-54916
Name of the Vulnerable Software and Affected Versions JAIOTlink C492A-W6 version 4.8.30.57701411 Description Authenticated attackers can achieve persistent remote code execution by writing arbitrary shell scripts to the writable persistent JFFS2 storage path. The execution is triggered through an...
PT-2026-54778
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Description An authorship spoofing issue exists in the content management system. The theEntriesController::actionSaveEntry function performs entry-edit permission checks before request-controlled...
PT-2026-54771
Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.16.0 Description A path traversal issue exists in the preprocess function of the FileExplorer component. Unauthenticated attackers can escape the configured root directory by providing path segments that include...
PT-2026-54517
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'no data msg' Shortcode Attribute in all versions up to, and including, 3.3.60 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-54849
Name of the Vulnerable Software and Affected Versions Pion DTLS versions prior to 3.1.4 Description A remote denial of service occurs when the software parses a specially crafted ECDHE PSK ServerKeyExchange message, leading to a panic. A panic is a runtime error in Go that causes the program to...
PT-2026-54495
The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data title, price, weight, stock status, and...
PT-2026-54675
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An uninitialized use in Dawn allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update Google Chrome ...
PT-2026-54667
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An out of bounds write occurs in ANGLE, a compatibility layer that allows OpenGL ES APIs to run on various graphics platforms. This issue allows a remote attacker who has already...
PT-2026-54666
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An uninitialized use in Dawn allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update Google Chrome ...
PT-2026-54683
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An out of bounds read occurs in Dawn, which may allow a remote attacker to perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique used to break out of a...
PT-2026-54680
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An uninitialized use in ANGLE allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. A sandbox...
PT-2026-54672
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An uninitialized use in the V8 engine allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. V8 is the open-source JavaScript and...
PT-2026-54658
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An integer overflow exists in ANGLE Almost Native Graphics Layer Engine, a compatibility layer that allows OpenGL ES APIs to run on Windows. This issue allows a remote attacker who has...