184497 matches found
PT-2026-54477
Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to 1.8.2.3 Description The software uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. Specifically, the vncRandomBytes function seeds libc rand using a combinati...
PT-2026-55566
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...
PT-2026-55212
Summary The wetty client decodes a base64 filename from the file-download escape sequence and interpolates it raw into a Toastify HTML string escapeMarkup: false. Any output the victim renders - a cat'd file, a tailed log, an SSH MOTD, a curl response - that contains x1b5i...:...x1b4i runs script...
PT-2026-54631
Name of the Vulnerable Software and Affected Versions pretix versions prior to 2026.5.3 Description A chain of weaknesses allows an attacker to impersonate any user in the backend and access any data. The issue stems from payment integration plugins Stripe, pretix-mollie, pretix-oppwa,...
PT-2026-54816
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: fix NULL pointer dereference in sdca dev unregister functions sdca dev unregister functions iterates over all SDCA function descriptors and calls sdca dev unregister on each func dev without checking for NULL. When a...
PT-2026-54848
Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.10 Wasmtime versions 25.0.0 through 36.0.10 Wasmtime versions 37.0.0 through 44.0.2 Wasmtime versions 45.0.0 through 45.1 Description A resource leak exists in the native implementation of WASIp1 within the fd...
PT-2026-54857
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-26 Description The -concatenate operation lacks necessary policy checks. This flaw allows the software to read from and write to file paths that are explicitly disallowed by the security policy, enabling a...
PT-2026-54852
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-51 ImageMagick versions prior to 7.1.2-26 Description A use-after-free occurs when identifying an image containing a crafted 8BIM profile with a specific format string. Use-after-free is a memory corruption...
PT-2026-54826
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-51 ImageMagick versions prior to 7.1.2-26 Description The MNG decoder contains a heap information disclosure issue where part of the pixels are left unchanged, potentially exposing data from the heap a regi...
PT-2026-54855
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-51 ImageMagick versions prior to 7.1.2-26 Description An infinite loop occurs when invalid arguments are provided to the connected-components option. Recommendations Update to version 6.9.13-51. Update to...
PT-2026-54845
Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.27.0 Description An issue exists in the RMI context propagation payload reader where the number of context entries is limited, but the aggregate size of the strings read from the stream is...
PT-2026-54744
Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated remote attacker can execute arbitrary operating system commands on the server. This occurs because the application passes the id parameter from a GET reque...
PT-2026-54492
A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::SceneCombiner::Copy of the file code/Common/SceneCombiner.cpp of the component Model File Handler. Such manipulation of the argument width/height lead...
PT-2026-54931
Name of the Vulnerable Software and Affected Versions allegroai/clearml versions prior to 2.1.6 Description Relative path traversal occurs during the extraction of .zip archives via the ZipFile.extractall method within the StorageManager. extract to cache function. This is caused by a lack of pat...
PT-2026-55137
Impact A vulnerability has been identified in Fleet when the webhook endpoint is configured without a secret; an attacker can forge webhook requests. The attacker doesn't need to know the specific repository or path configured in the GitRepo resource to make Fleet process these requests. An...
PT-2026-54619
Name of the Vulnerable Software and Affected Versions Cato Client versions prior to 5.13.1 Description The PrivilegedHelperTool XPC service on macOS contains improper certificate validation and a time-of-check time-of-use TOCTOU race condition. A TOCTOU race condition occurs when a program checks...
PT-2026-54779
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Description An authorization flaw exists in the EntriesController::actionMoveToSection endpoint. The system validates the destination section using the viewEntries:$section-uid permission instead of...
PT-2026-54761
Name of the Vulnerable Software and Affected Versions Dell Device Management Agent versions prior to 26.05 Description An Improper Link Resolution Before File Access Link Following issue exists where a low privileged attacker with local access could potentially exploit the flaw to achieve Elevati...
PT-2026-55216
attach packed output can register arbitrary .json/.txt/.md/.xml files and bypass the MCP file-read safety check Summary Repomix's MCP server exposes a normal file system read file tool that reads absolute paths only after running the project's secret check. However, the attach packed output plus...
PT-2026-54900
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from...
PT-2026-54774
Name of the Vulnerable Software and Affected Versions Centrifugo affected versions not specified Description Centrifugo contains a cross-tenant JWT authentication bypass when using dynamic JWKS JSON Web Key Set endpoints. The issue occurs because the JWKS cache and singleflight lookup are keyed...
PT-2026-54929
Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description A stack-based buffer overflow occurs in the f getlabel function. This issue arises because the exFAT label length XDIR NumLabel is trusted without enforcing the maximum limits defined by the...
PT-2026-55220
The file content store in oras-go attempts to confine writes to workingDir when AllowPathTraversalOnWrite=false, but the guard is lexical and does not account for symlink traversal. If workingDir contains a symlink path component and an attacker-controlled blob title via ocispec.AnnotationTitle...
PT-2026-54772
Name of the Vulnerable Software and Affected Versions erlang/quic versions prior to 1.4.4 Description The QUIC client fails to authenticate the server during the TLS 1.3 handshake. Specifically, the verify process is ineffective because the CertificateVerify signature is not checked, the...
PT-2026-54793
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.23 before v.4.8.3.1...
PT-2026-54498
The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'store service date' parameter of the bpa assign staffmember to slots function in versions up to and including 5.7.1. This is due to the explicit use of stripslashes deep on user-supplied POST dat...
PT-2026-55133
Impact A vulnerability has been identified in Fleet when the helmRepoURLRegex field isn't set on a GitRepo resource. Fleet's bundle reader forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo field of a fleet.yaml file. An attacker with git push access to a...
PT-2026-54795
In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fill pool if pi blocked on On RT enabled kernels, fill pool ends up calling rtlock lock, which asserts if current::pi blocked on is set, because a task can obviously only block on one lock as otherwise the...
PT-2026-55130
Summary dist/clients/core/params.ts in @hey-api/openapi-ts ships a runtime template that is copied verbatim into every generated SDK as params.gen.ts. When a caller passes an object argument containing an unknown key starting with a slot prefix $body , $headers , $path , $query , the function...
PT-2026-55486
These are all security issues fixed in the kubectl-cnpg-1.29.2-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-54773
🟠 SurrealDB, Authorization Bypass, CVE-2026-49997 Medium -DC-Jul2026-804 https://t.co/OQA0B28AmZ...
PT-2026-55219
Actor MCP path authority injection leaks Apify token Summary @apify/actors-mcp-server version 0.10.7 builds Actor standby URLs by directly concatenating a trusted base URL with an attacker-controlled webServerMcpPath value taken from an Actor definition returned by the Apify API. An attacker who...
PT-2026-54472
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block id' and other shortcode attributes of the 'givewp campaign comments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input...
PT-2026-54470
The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emd delete file AJAX handler in includes/common-functions.php. The user-supplied value is passed through...
PT-2026-54726
Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13...
PT-2026-54725
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering...
PT-2026-54734
Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...
PT-2026-55223
Name of the Vulnerable Software and Affected Versions Drupal Canvas versions 0.0.0 through 1.4.2 Drupal Canvas versions 1.5.0 through 1.5.2 Drupal Canvas versions 1.6.0 through 1.6.1 Drupal Canvas versions 1.7.0 through 1.7.1 Description An issue exists where the Canvas module allows Cross-Site...
PT-2026-54451
Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.23 UnRAR versions prior to 7.23 Description An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser within the RecVolumes5::ReadHeader function in recvol5.cpp. The issue occurs because the RecItems...
PT-2026-54638
Name of the Vulnerable Software and Affected Versions @fastify/middie versions 9.1.0 through 9.3.2 Description An issue exists in the standalone engine's URL normalization and decoding process where malformed percent-encoded sequences in incoming request paths are not properly guarded...
PT-2026-54903
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. This issue affects...
PT-2026-54503
DVP80ES300T with Improper Validation of Array Index Vulnerability...
PT-2026-55214
Untrusted Project Bootstrap Code Execution via CLAUDE PROJECT DIR Summary The Cortex MCP server neuro-cortex-memory treats the CLAUDE PROJECT DIR environment variable — automatically set by Claude Code to the currently open project directory — as a trusted Cortex developer checkout. When the open...
PT-2026-54742
Guardian language-system passes the id GET parameter directly into a PHP exec call in subtitles.php line 19 without sanitization: exec"php jobs/subtitle rendering.php ".$login session." ".$ GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
PT-2026-54630
Name of the Vulnerable Software and Affected Versions MotoPress Appointment Booking versions prior to 2.4.6 Description Insufficient escaping of user-supplied input and lack of proper preparation in SQL queries allow authenticated attackers with the mpa appointment employee custom role to perform...
PT-2026-55092
WebDAV listener ignores --read-only, --upload-only, and --no-delete mode flags Ecosystem: Go Package: goshs.de/goshs/v2 github.com/patrickhener/goshs Affected: /tmp/r/x.txt goshs -p 18000 -wp 18001 -w -ro -d /tmp/r -b admin:pw & curl -u admin:pw -X PUT http://localhost:18000/y.txt --data x 403 HT...
PT-2026-54930
Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description An issue exists in the handling of long filenames when LFN Long File Name is enabled. The fno.fname variable can contain up to 255 characters, which may lead to a buffer overflow if callers copy thi...
PT-2026-54719
Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge for Linux affected versions not specified Description An issue exists where an attacker could cause deserialization of untrusted data. Deserialization is the process of converting a data format back into an object. A...
PT-2026-54713
Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge for Linux affected versions not specified Description An issue exists where an attacker could cause deserialization of untrusted data. Deserialization is the process of converting a data format back into an object. A...
PT-2026-54715
Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge for Linux affected versions not specified Description An issue exists where an attacker could cause deserialization of untrusted data. Deserialization is the process of converting a data format back into an object. A...