175519 matches found
PT-2026-46004
Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...
PT-2026-46017
In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures...
PT-2026-45998
Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...
PT-2026-45986
Name of the Vulnerable Software and Affected Versions Cisco Finesse affected versions not specified Description Insufficient validation of user-supplied input for HTTP requests allows an unauthenticated remote attacker to load arbitrary files from remote locations into an active user session. An...
PT-2026-46016
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap buffer overflow out-of-bounds write exists in the persistent ram save old function within the pstore/ram component. The issue occurs when the function is called multiple times for...
PT-2026-46011
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ath12k wifi driver where a stale link mapping is retained in ahvif-links map. This occurs when an arvif is initialized in non-AP STA mode but MLO connection...
PT-2026-45997
Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authenticati...
PT-2026-45992
Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...
PT-2026-46019
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the NFS LOCALIO, an optimization for loopback mounts that bypasses the network for READ, WRITE, and COMMIT operations when the client and server are on the same system...
PT-2026-45987
Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager Unified CM affected versions not specified Cisco Unified Communications Manager Session Management Edition Unified CM SME affected versions not specified Description An issue in the WebDialer service of Cis...
PT-2026-46000
Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...
PT-2026-46026
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 eng id can be negative and that stream enc regs can be indexed out of bounds. eng id is used directly as an index into stream enc regs, which has only 5 entries. When eng...
PT-2026-45962
crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints The crypton-x509-validation and crypton-x509 libraries did not enforce the X.509 Name Constraints extension during certificate validation. The Name Constraints extension is a critical X.509 extension that restricts the...
PT-2026-46013
In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, current thread info is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...
PT-2026-46040
Name of the Vulnerable Software and Affected Versions crypton-x509-validation versions prior to 1.9.1 crypton-x509 versions prior to 1.9.1 x509 affected versions not specified x509-validation affected versions not specified Description The crypton-x509-validation and crypton-x509 libraries fail t...
PT-2026-46066
Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description An issue allows Boot Script Injection of an iPXE script, which is a network boot firmware used to boot computers from a network. This occurs if an attacker is able to set the node.driver in...
PT-2026-46064
Name of the Vulnerable Software and Affected Versions Acronis DeviceLock DLP Windows versions prior to 9.0.15051.93227 Description Local privilege escalation is possible due to a DLL hijacking issue. DLL hijacking occurs when an application loads a malicious dynamic-link library DLL instead of th...
PT-2026-46069
Name of the Vulnerable Software and Affected Versions Active IQ OneCollect version 2.7.3 Description Hard-coded credentials exist within the software, which could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. Recommendations At the moment, the...
PT-2026-46063
Name of the Vulnerable Software and Affected Versions Acronis DeviceLock DLP Windows versions prior to 9.0.15051.93227 Description Local privilege escalation is possible due to an EXE hijacking issue. This occurs when an application searches for a required executable file in an insecure order,...
PT-2026-46068
Name of the Vulnerable Software and Affected Versions Active IQ Config Advisor version 6.7.3 Description Hard-coded credentials exist within the software, which could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. Recommendations At the moment,...
PT-2026-46061
Name of the Vulnerable Software and Affected Versions Acronis DeviceLock DLP Windows versions prior to 9.0.15051.93227 Description Local privilege escalation occurs because excessive permissions are assigned to child processes. Recommendations Update to build 9.0.15051.93227 or later...
PT-2026-46060
Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description FOSSBilling leaks the exact system version through asset cache buster parameters in HTML output, which bypasses the hide version public security setting. The version is embedded in the query stri...
PT-2026-46065
Name of the Vulnerable Software and Affected Versions Acronis DeviceLock DLP Windows versions prior to 9.0.15051.93227 Description Local privilege escalation is possible due to a DLL hijacking issue. DLL hijacking occurs when an application loads a malicious dynamic-link library DLL instead of th...
PT-2026-46057
Name of the Vulnerable Software and Affected Versions libxls versions prior to 1.6.4 Description The OLE container parser contains an issue where memory allocated for the Master Sector Allocation Table MSAT in the read MSAT function is not fully initialized before being used by the ole2 validate...
PT-2026-46059
Name of the Vulnerable Software and Affected Versions MaxSite CMS version 109.2 Description A Cross Site Scripting issue allows a remote attacker to obtain sensitive information. This occurs via the Backend page file upload endpoint used by admin page. Recommendations At the moment, there is no...
PT-2026-46056
Name of the Vulnerable Software and Affected Versions mlrun versions prior to 1.12.0-rc3 Description The DataFrame Hash Handler component contains an issue in the calculate dataframe hash function within the mlrun/utils/helpers.py file. This allows for the use of a weak hash, which can be...
PT-2026-46055
Name of the Vulnerable Software and Affected Versions DD-WRT affected versions not specified Description A stack-based buffer overflow exists in the UPnP service of certain DD-WRT router firmware. The issue occurs when the service incorrectly handles large ST:uuid values within crafted M-SEARCH...
PT-2026-46070
Name of the Vulnerable Software and Affected Versions SGLang versions prior to 0.5.12 Description A flaw exists in the data hash function of the Cache Handler component. This issue allows for a denial of service through manipulation, although the attack is restricted to local execution and requir...
PT-2026-46071
Name of the Vulnerable Software and Affected Versions ealpha072 Student-Management-System versions prior to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08 Description An issue in the Administrative Backend component, specifically within the 'admin/config.php' file, allows for improper authentication...
PT-2026-46072
Name of the Vulnerable Software and Affected Versions gradio-app gradio version 6.14.0 Description A security flaw exists in the Audio Cache Key Handler component. Specifically, the save audio to cache function uses a weak hash, which can be manipulated. This issue requires a local position for...
PT-2026-46078
Name of the Vulnerable Software and Affected Versions Net::Async::Statsd::Client versions prior to 0.006 Description Net::Async::Statsd::Client for Perl allows metric injections because metric names are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted...
PT-2026-46100
Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...
PT-2026-46123
Name of the Vulnerable Software and Affected Versions docling-core versions 1.5.0 through 2.74.0 Description The software does not sufficiently restrict remote request destinations and can resolve a server-provided Content-Disposition to a local path in an unsafe manner. In applications that acce...
PT-2026-46101
Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...
PT-2026-46117
Node names long name, short name received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor...
PT-2026-46124
Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNEL UID or KERNEL GID value. The featu...
PT-2026-46095
When using React Router v7 Framework Mode with Pre-rendering enabled, an improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in statically generated HTML files if the redirect location comes from an untrusted source. !NOTE This does not impact your React...
PT-2026-46094
Impact In versions 2.91.0, The EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source via supply chain attack, DNS spoofing, or MITM, they could write arbitrary files to any...
PT-2026-46121
Name of the Vulnerable Software and Affected Versions Docling versions prior to 2.74.0 Description The USPTO patent XML parser uses the xml.sax.parseString function without protection against XML External Entity XXE attacks. This allows an attacker to use malicious XML files with external entity...
PT-2026-46125
Summary The environment variables KERNEL XXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...
PT-2026-46105
Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity XXE attacks to read local files or cause denial of service - Decompression bombs zip bombs to exhaust memory and disk space - Unbounded archive extraction...
PT-2026-46118
Name of the Vulnerable Software and Affected Versions Docling versions 2.82.0 through 2.90.x Description When the HTML backend is explicitly configured for rendering, the Playwright-based rendering feature allows JavaScript execution and unrestricted network access during the processing of...
PT-2026-46096
Summary The environment variables KERNEL XXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...
PT-2026-46103
Impact In versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An...
PT-2026-46120
Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity XXE attacks to read local files or cause denial of service - Decompression bombs zip bombs to exhaust memory and disk space - Unbounded archive extraction...
PT-2026-46098
Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....
PT-2026-46115
Name of the Vulnerable Software and Affected Versions quic-go affected versions not specified Description An attacker can trigger excessive memory allocation in the HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame. This frame decodes into a large trailer field...
PT-2026-46127
Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enable local fetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block...
PT-2026-46089
There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...
PT-2026-46091
Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. Details The server interpolates...