184496 matches found
PT-2026-54711
Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge for Linux affected versions not specified Description An issue exists where an attacker could cause deserialization of untrusted data. Deserialization is the process of converting a data format back into an object. A...
PT-2026-54913
Name of the Vulnerable Software and Affected Versions Horde IMP versions prior to 7.0.1 Description A path traversal issue exists in the lib/Compose.php file. Authenticated attackers can read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix ...
PT-2026-54800
In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver being probed, or the remoteproc is already up when the PDR lookup is being registered, or in the...
PT-2026-55102
Impact When Ghost is behind a shared caching layer that results in cached content being shared between different visitors e.g., Fastly, Cloudflare, nginx proxy cache, and others, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affected...
PT-2026-54636
OS command injection in the NodejsFunction Docker bundling pipeline OsCommand helper in AWS aws-cdk-lib on all platforms might allow a actor who controls dependency version strings in a project's package.json file to execute arbitrary commands on the host running the CDK toolchain via injected...
PT-2026-54747
Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated remote attacker can execute arbitrary OS commands on the server. The issue occurs because the application passes the id GET parameter directly into a PHP...
PT-2026-54755
An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
PT-2026-54784
Name of the Vulnerable Software and Affected Versions BIOVIA Workbook versions Release 2021 through Release 2026 Description A Race Condition occurs when the timing or sequence of events is unplanned, potentially leading to unexpected behavior. In this case, the issue could allow a user to access...
PT-2026-54792
Name of the Vulnerable Software and Affected Versions UTT nv518G nv518GV3 version 3.2.7-210919-161313 Description A buffer overflow occurs in the gohead/sub 448384 component, which allows a remote attacker to cause a denial of service. A buffer overflow is a condition where a program writes more...
PT-2026-54497
The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the use...
PT-2026-55084
The Colorbox module integrates with the Colorbox JavaScript library to display content in an overlay above the page. The module doesn't sufficiently protect against injection of malicious JavaScript under certain scenarios. This vulnerability is mitigated by the fact that an attacker must have a...
PT-2026-54887
Name of the Vulnerable Software and Affected Versions ThumbPress versions prior to 6.3.2 Description Missing authorization allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a version newer than 6.3.2...
PT-2026-54858
Name of the Vulnerable Software and Affected Versions AsyncHttpClient versions 2.0.0 through 2.15.9 AsyncHttpClient versions 3.0.0.Beta1 through 3.0.10 Description The ThreadSafeCookieStore component fails to verify if a responding host is authorized to set a cookie for a specific domain before...
PT-2026-54861
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.22 Description A stored cross-site scripting issue exists where a user with author-level control panel permissions can embed a malicious JavaScript payload within an entry title. The execution occurs wh...
PT-2026-54927
Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description An integer underflow occurs during interleaved read and write operations on fragmented filesystems. This issue is caused by an unsigned-subtraction wrap in the f read and f write functions when...
PT-2026-54794
In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fill pool in early boot hardirq context When booting a debug PREEMPT RT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...
PT-2026-54502
AS228T with Authentication Bypass Vulnerability...
PT-2026-54842
Name of the Vulnerable Software and Affected Versions Apache HttpComponents Core versions prior to 5.4.3 Apache HttpComponents Core versions prior to 5.5-beta2 Description An uncontrolled resource consumption issue exists in the HTTP/1.1 message parser. A remote attacker can trigger a denial of...
PT-2026-54741
Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An authenticated attacker can perform error-based SQL injection to extract database contents. This occurs because the application passes the id GET parameter directly into an...
PT-2026-54609
Name of the Vulnerable Software and Affected Versions NVIDIA ConnectX affected versions not specified NVIDIA BlueField affected versions not specified Description A flaw exists in the command interface that allows a local user with virtual function VF access to trigger a write out of bounds by...
PT-2026-54608
Name of the Vulnerable Software and Affected Versions NVIDIA ConnectX affected versions not specified NVIDIA BlueField affected versions not specified Description A flaw exists in the command interface of the device reachable from a Virtual Function VF context. A local user with VF privileges, su...
PT-2026-54501
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to, and including, 3.14.1. This makes it possible for...
PT-2026-54447
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12.1 Thunderbird versions prior to 152.0.1 Description A malicious LDAP server can cause the Thunderbird LDAP client to crash due to memory exhaustion. This occurs when the client is configured to query the...
PT-2026-54453
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Memory corruption occurs due to a missing bounds check. This allows remote escalation of privilege if a User Equipment UE connects to a rogue base station controlled by an attacker. Exploitatio...
PT-2026-54897
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php,...
PT-2026-54514
DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability...
PT-2026-54736
Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An authenticated attacker can perform error-based SQL injection to extract database contents. The issue occurs because the application passes the id GET parameter directly in...
PT-2026-55428
These are all security issues fixed in the alloy-1.17.1-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-54703
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the PE file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can exploi...
PT-2026-54705
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description A flaw in the 7z file format parser allows an unauthenticated remote attacker to cause a Denial of Service DoS condition. The issue stems from improper boundary checks for content in 7z files...
PT-2026-54708
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the ALZ file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can explo...
PT-2026-54709
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the DMG file format parser where improper boundary checks for content during scanning can lead to memory corruption. On 32-bit platforms, this specifically manifests as an...
PT-2026-54704
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the FSG file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can explo...
PT-2026-54455
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Improper input validation in the modem allows for remote information disclosure. This occurs when a User Equipment UE connects to a rogue base station controlled by an attacker. The exploitatio...
PT-2026-55221
Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...
PT-2026-54727
Name of the Vulnerable Software and Affected Versions WofficeIO Woffice versions prior to 5.4.33 Description An issue exists where incorrectly configured access control security levels lead to missing authorization, allowing for potential exploitation. Recommendations Update WofficeIO Woffice to...
PT-2026-54775
Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.10 Description When the WebDAV listener is enabled using the -w flag, the software fails to enforce mode-restriction flags on the WebDAV port. While the primary HTTP port correctly respects the --read-only,...
PT-2026-54505
Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...
PT-2026-54751
Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated remote attacker can execute arbitrary operating system commands on the server. This occurs because the application passes the id parameter from a GET reque...
PT-2026-54888
Name of the Vulnerable Software and Affected Versions WP Reloaded ApplyOnline versions prior to 2.6.7.6 Description A missing authorization issue exists that allows the exploitation of incorrectly configured access control security levels. Recommendations Update WP Reloaded ApplyOnline to a versi...
PT-2026-54867
Name of the Vulnerable Software and Affected Versions Elastic Defend affected versions not specified Description Incorrect authorization allows a low-privileged authenticated user to access response action data they are not authorized to view. This occurs because functionality is not properly...
PT-2026-54828
Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description Insufficient authorization enforcement in the '/customer/servlet/mco/webapi/profile-sections/group-membership' endpoint allows an authenticated user to modify their group membership. By providing a valid group...
PT-2026-54843
Name of the Vulnerable Software and Affected Versions Apache HttpComponents Core versions prior to 5.4.3 Apache HttpComponents Core versions prior to 5.5-beta2 Description An issue exists in the HTTP/2 HPACK decoder where resources are allocated without limits or throttling. A remote attacker can...
PT-2026-54732
Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...
PT-2026-54733
Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text file.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...
PT-2026-54926
Name of the Vulnerable Software and Affected Versions FatFs versions prior to R0.16 Description An issue exists when using GPT scanning with FF LBA64 = 1 where an unbounded loop count is derived from the GPT header field GPTH PtNum. This can lead to extremely long or effectively infinite scans...
PT-2026-54921
Name of the Vulnerable Software and Affected Versions Ladybird affected versions not specified Description A memory-safety flaw exists in the WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes ...
PT-2026-54844
Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.28.0 Description The JDBC auto-instrumentation fails to sanitize passwords in SQL CONNECT statements when the password is enclosed in double quotes. This leads to clear-text database...
PT-2026-54612
Name of the Vulnerable Software and Affected Versions WP Photo Album Plus versions prior to 9.1.13.006 Description Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access and above to perform Stored Cross-Site Scripting. An attacker can inje...
PT-2026-54756
A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...