184497 matches found
PT-2026-54927
Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description An integer underflow occurs during interleaved read and write operations on fragmented filesystems. This issue is caused by an unsigned-subtraction wrap in the f read and f write functions when...
PT-2026-54794
In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fill pool in early boot hardirq context When booting a debug PREEMPT RT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...
PT-2026-54502
AS228T with Authentication Bypass Vulnerability...
PT-2026-54842
Name of the Vulnerable Software and Affected Versions Apache HttpComponents Core versions prior to 5.4.3 Apache HttpComponents Core versions prior to 5.5-beta2 Description An uncontrolled resource consumption issue exists in the HTTP/1.1 message parser. A remote attacker can trigger a denial of...
PT-2026-54741
Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An authenticated attacker can perform error-based SQL injection to extract database contents. This occurs because the application passes the id GET parameter directly into an...
PT-2026-54501
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to, and including, 3.14.1. This makes it possible for...
PT-2026-54447
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12.1 Thunderbird versions prior to 152.0.1 Description A malicious LDAP server can cause the Thunderbird LDAP client to crash due to memory exhaustion. This occurs when the client is configured to query the...
PT-2026-54453
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Memory corruption occurs due to a missing bounds check. This allows remote escalation of privilege if a User Equipment UE connects to a rogue base station controlled by an attacker. Exploitatio...
PT-2026-54514
DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability...
PT-2026-54736
Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An authenticated attacker can perform error-based SQL injection to extract database contents. The issue occurs because the application passes the id GET parameter directly in...
PT-2026-54703
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the PE file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can exploi...
PT-2026-54705
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description A flaw in the 7z file format parser allows an unauthenticated remote attacker to cause a Denial of Service DoS condition. The issue stems from improper boundary checks for content in 7z files...
PT-2026-54708
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the ALZ file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can explo...
PT-2026-54709
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the DMG file format parser where improper boundary checks for content during scanning can lead to memory corruption. On 32-bit platforms, this specifically manifests as an...
PT-2026-54704
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the FSG file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can explo...
PT-2026-54455
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Improper input validation in the modem allows for remote information disclosure. This occurs when a User Equipment UE connects to a rogue base station controlled by an attacker. The exploitatio...
PT-2026-55221
Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...
PT-2026-54727
Name of the Vulnerable Software and Affected Versions WofficeIO Woffice versions prior to 5.4.33 Description An issue exists where incorrectly configured access control security levels lead to missing authorization, allowing for potential exploitation. Recommendations Update WofficeIO Woffice to...
PT-2026-54775
Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.10 Description When the WebDAV listener is enabled using the -w flag, the software fails to enforce mode-restriction flags on the WebDAV port. While the primary HTTP port correctly respects the --read-only,...
PT-2026-54505
Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...
PT-2026-54888
Name of the Vulnerable Software and Affected Versions WP Reloaded ApplyOnline versions prior to 2.6.7.6 Description A missing authorization issue exists that allows the exploitation of incorrectly configured access control security levels. Recommendations Update WP Reloaded ApplyOnline to a versi...
PT-2026-54867
Name of the Vulnerable Software and Affected Versions Elastic Defend affected versions not specified Description Incorrect authorization allows a low-privileged authenticated user to access response action data they are not authorized to view. This occurs because functionality is not properly...
PT-2026-54828
Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description Insufficient authorization enforcement in the '/customer/servlet/mco/webapi/profile-sections/group-membership' endpoint allows an authenticated user to modify their group membership. By providing a valid group...
PT-2026-54843
Name of the Vulnerable Software and Affected Versions Apache HttpComponents Core versions prior to 5.4.3 Apache HttpComponents Core versions prior to 5.5-beta2 Description An issue exists in the HTTP/2 HPACK decoder where resources are allocated without limits or throttling. A remote attacker can...
PT-2026-54732
Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...
PT-2026-54733
Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text file.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...
PT-2026-54926
Name of the Vulnerable Software and Affected Versions FatFs versions prior to R0.16 Description An issue exists when using GPT scanning with FF LBA64 = 1 where an unbounded loop count is derived from the GPT header field GPTH PtNum. This can lead to extremely long or effectively infinite scans...
PT-2026-54844
Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.28.0 Description The JDBC auto-instrumentation fails to sanitize passwords in SQL CONNECT statements when the password is enclosed in double quotes. This leads to clear-text database...
PT-2026-54763
Name of the Vulnerable Software and Affected Versions Rancher Fleet affected versions not specified Description An authentication bypass exists in the webhook component. Additionally, a Pod Security Standard PSS bypass can be achieved through the manipulation of namespace labels. Recommendations ...
PT-2026-54905
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...
PT-2026-54933
A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
PT-2026-54896
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php. This issue affects AbuseFilter: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
PT-2026-54895
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
PT-2026-54901
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6,...
PT-2026-54899
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlight GeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlight GeSHi: from before 1.46.0,...
PT-2026-54898
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...
PT-2026-54894
Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...
PT-2026-54902
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
PT-2026-54628
Name of the Vulnerable Software and Affected Versions Open VSX Registry versions prior to 1.0.2 Description The '/vscode/unpkg/' endpoint serves user-supplied HTML files with a text/html Content-Type and lacks a Content-Security-Policy or Content-Disposition: attachment response header. This allo...
PT-2026-54722
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering...
PT-2026-54914
Name of the Vulnerable Software and Affected Versions JAIOTlink C492A-W6 version 4.8.30.57701411 Description An OS command injection flaw exists where authenticated attackers can achieve remote code execution. By sending a malicious string to the 'NetSDK/Factory SetMAC' HTTP PUT endpoint, an...
PT-2026-54627
Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.6.4 Description An Insecure Direct Object Reference IDOR exists in the create or update function of OsOrdersController. This allows an authenticated Agent to...
PT-2026-56044
Уязвимость функции check session buf not used механизма tls-crypt-v2 программного обеспечения OpenVPN связана с возможностью использования памяти после освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании или выполнить произвольный ...
PT-2026-54480
Cross-Site request forgery CSRF vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from before 1.3.3...
PT-2026-54454
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Improper input validation in the Modem can cause a system crash. This allows a remote denial of service if a User Equipment UE connects to a rogue base station controlled by an attacker. The...
PT-2026-54452
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Improper input validation in the modem can cause a system crash, leading to a remote denial of service. This occurs if a User Equipment UE connects to a rogue base station controlled by an...
PT-2026-55225
Name of the Vulnerable Software and Affected Versions FlowDrop versions 0.0.0 through 1.6.0 Description A missing authorization issue allows forceful browsing. The module, which enables testing and running AI-driven workflows via a chat interface, fails to sufficiently re-evaluate human-in-the-lo...
PT-2026-55226
Name of the Vulnerable Software and Affected Versions Drupal Colorbox versions 0.0.0 through 2.2.0 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS, where malicious JavaScript can be injected into the page. This occurs because the module, whi...
PT-2026-54791
Name of the Vulnerable Software and Affected Versions UTT nv518G nv518GV3 version 3.2.7-210919-161313 Description A SQL Injection flaw exists in the gohead/sub 463bbc component, which allows a remote attacker to execute arbitrary code. SQL Injection is a type of vulnerability that occurs when an...
PT-2026-54482
The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is...