184508 matches found
PT-2026-54736
Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An authenticated attacker can perform error-based SQL injection to extract database contents. The issue occurs because the application passes the id GET parameter directly in...
PT-2026-54703
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the PE file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can exploi...
PT-2026-54705
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description A flaw in the 7z file format parser allows an unauthenticated remote attacker to cause a Denial of Service DoS condition. The issue stems from improper boundary checks for content in 7z files...
PT-2026-54708
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the ALZ file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can explo...
PT-2026-54709
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the DMG file format parser where improper boundary checks for content during scanning can lead to memory corruption. On 32-bit platforms, this specifically manifests as an...
PT-2026-54704
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the FSG file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can explo...
PT-2026-54455
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Improper input validation in the modem allows for remote information disclosure. This occurs when a User Equipment UE connects to a rogue base station controlled by an attacker. The exploitatio...
PT-2026-55221
Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...
PT-2026-54727
Name of the Vulnerable Software and Affected Versions WofficeIO Woffice versions prior to 5.4.33 Description An issue exists where incorrectly configured access control security levels lead to missing authorization, allowing for potential exploitation. Recommendations Update WofficeIO Woffice to...
PT-2026-54775
Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.10 Description When the WebDAV listener is enabled using the -w flag, the software fails to enforce mode-restriction flags on the WebDAV port. While the primary HTTP port correctly respects the --read-only,...
PT-2026-54505
Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...
PT-2026-54888
Name of the Vulnerable Software and Affected Versions WP Reloaded ApplyOnline versions prior to 2.6.7.6 Description A missing authorization issue exists that allows the exploitation of incorrectly configured access control security levels. Recommendations Update WP Reloaded ApplyOnline to a versi...
PT-2026-54867
Name of the Vulnerable Software and Affected Versions Elastic Defend affected versions not specified Description Incorrect authorization allows a low-privileged authenticated user to access response action data they are not authorized to view. This occurs because functionality is not properly...
PT-2026-54828
Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description Insufficient authorization enforcement in the '/customer/servlet/mco/webapi/profile-sections/group-membership' endpoint allows an authenticated user to modify their group membership. By providing a valid group...
PT-2026-54732
Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...
PT-2026-54733
Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text file.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...
PT-2026-54926
Name of the Vulnerable Software and Affected Versions FatFs versions prior to R0.16 Description An issue exists when using GPT scanning with FF LBA64 = 1 where an unbounded loop count is derived from the GPT header field GPTH PtNum. This can lead to extremely long or effectively infinite scans...
PT-2026-54844
Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.28.0 Description The JDBC auto-instrumentation fails to sanitize passwords in SQL CONNECT statements when the password is enclosed in double quotes. This leads to clear-text database...
PT-2026-54763
Name of the Vulnerable Software and Affected Versions Rancher Fleet affected versions not specified Description An authentication bypass exists in the webhook component. Additionally, a Pod Security Standard PSS bypass can be achieved through the manipulation of namespace labels. Recommendations ...
PT-2026-54905
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...
PT-2026-54933
A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
PT-2026-54896
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php. This issue affects AbuseFilter: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
PT-2026-54895
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
PT-2026-54901
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6,...
PT-2026-54899
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlight GeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlight GeSHi: from before 1.46.0,...
PT-2026-54898
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...
PT-2026-54894
Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...
PT-2026-54902
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
PT-2026-54722
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering...
PT-2026-54914
Name of the Vulnerable Software and Affected Versions JAIOTlink C492A-W6 version 4.8.30.57701411 Description An OS command injection flaw exists where authenticated attackers can achieve remote code execution. By sending a malicious string to the 'NetSDK/Factory SetMAC' HTTP PUT endpoint, an...
PT-2026-54627
Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.6.4 Description An Insecure Direct Object Reference IDOR exists in the create or update function of OsOrdersController. This allows an authenticated Agent to...
PT-2026-56044
Уязвимость функции check session buf not used механизма tls-crypt-v2 программного обеспечения OpenVPN связана с возможностью использования памяти после освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании или выполнить произвольный ...
PT-2026-54480
Cross-Site request forgery CSRF vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from before 1.3.3...
PT-2026-54454
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Improper input validation in the Modem can cause a system crash. This allows a remote denial of service if a User Equipment UE connects to a rogue base station controlled by an attacker. The...
PT-2026-54452
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Improper input validation in the modem can cause a system crash, leading to a remote denial of service. This occurs if a User Equipment UE connects to a rogue base station controlled by an...
PT-2026-55225
Name of the Vulnerable Software and Affected Versions FlowDrop versions 0.0.0 through 1.6.0 Description A missing authorization issue allows forceful browsing. The module, which enables testing and running AI-driven workflows via a chat interface, fails to sufficiently re-evaluate human-in-the-lo...
PT-2026-55226
Name of the Vulnerable Software and Affected Versions Drupal Colorbox versions 0.0.0 through 2.2.0 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS, where malicious JavaScript can be injected into the page. This occurs because the module, whi...
PT-2026-54791
Name of the Vulnerable Software and Affected Versions UTT nv518G nv518GV3 version 3.2.7-210919-161313 Description A SQL Injection flaw exists in the gohead/sub 463bbc component, which allows a remote attacker to execute arbitrary code. SQL Injection is a type of vulnerability that occurs when an...
PT-2026-54482
The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is...
PT-2026-54626
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role...
PT-2026-54865
Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...
PT-2026-54500
The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new...
PT-2026-54808
In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix clock and pinctrl state inconsistency in runtime PM In i2c imx runtime suspend, the clock is disabled before switching the pinctrl state to sleep. If pinctrl pm select sleep state fails, the runtime suspend is abort...
PT-2026-54834
Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description The application is susceptible to user enumeration via authentication-related features. During password reset and username reminder operations, the system provides different responses depending on whether the...
PT-2026-54832
Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description The software contains flaws in file handling functionality used for data export and upload. Improper validation of the filename parameter enables path traversal, allowing files to be written to arbitrary...
PT-2026-54707
Name of the Vulnerable Software and Affected Versions ClamAV affected versions not specified Description An issue exists in the PESpin file format parser where improper boundary checks for content during scanning can lead to an out-of-bounds buffer write. A remote, unauthenticated attacker can...
PT-2026-54818
In the Linux kernel, the following vulnerability has been resolved: ASoC: wm adsp: Fix NULL dereference when removing firmware controls In wm adsp control remove check that the priv pointer is not NULL before attempting to cleanup what it points to. When cs dsp creates a control it calls wm adsp...
PT-2026-54521
Name of the Vulnerable Software and Affected Versions Plone versions 7.0.0 through 7.0.1 Plone versions 6.0.0 through 6.0.3 Plone versions 5.0.0 through 5.0.7 Description A critical remote code execution RCE flaw allows TALES injection via the Classic portlet. TALES is a templating language used ...
PT-2026-54457
In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871...
PT-2026-54508
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...