184481 matches found
PT-2026-54059
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the Browser component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...
PT-2026-54090
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient policy enforcement allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A sandbox escap...
PT-2026-54364
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the PopupBlocker component allows a remote attacker who has already compromised the renderer process to perform UI spoofing. This is achiev...
PT-2026-54087
Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 150.0.7871.47 Description An inappropriate implementation in the Input component allows a remote attacker to obtain potentially sensitive information from process memory by inducing a user to visit a...
PT-2026-54052
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue in the GPU component allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved by using a crafte...
PT-2026-54065
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description A use after free issue exists in the Fullscreen component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption....
PT-2026-54073
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An integer overflow exists in the Chromecast component. A remote attacker who has already compromised the renderer process can leverage a specially crafted HTML page to potentially...
PT-2026-54359
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in Chromoting allows a remote attacker to potentially cause heap corruption via malicious network traffic. Heap corruption occurs when a progr...
PT-2026-54370
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Browser component allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTM...
PT-2026-54060
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in Views, where a remote attacker could potentially exploit heap corruption through a crafted HTML page. This exploitation requires the attacker to convinc...
PT-2026-54382
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue in the Scheduling component allows a remote attacker to execute arbitrary code within a sandbox by inducing the user to visit a specially crafted HTML page. Use...
PT-2026-54137
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An issue in the Autofill security UI on Windows allows a remote attacker to perform UI spoofing. This occurs when a user is convinced to perform specific UI gestures while interacting...
PT-2026-54113
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in CSS allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is a vulnerability that enables the execution of arbitrary scripts ...
PT-2026-54142
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in Enterprise allows a remote attacker to perform UI spoofing via a crafted HTML page. UI spoofing is a technique where an attacker mimics a...
PT-2026-54141
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in WebHID allows an attacker to perform privilege escalation. This occurs when a user is convinced to install a crafted malicious Chrome Extension...
PT-2026-54144
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Geolocation feature allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, b...
PT-2026-54133
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the Speech component allows a remote attacker who has already compromised the renderer process to perform privilege escalation b...
PT-2026-54103
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in the Autofill feature allows a remote attacker who has already compromised the renderer process to leak cross-origin data. This is achieved ...
PT-2026-54140
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in CustomTabs allows a local attacker to perform privilege escalation by using a malicious file. Recommendations Update Google Chro...
PT-2026-54128
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in WebAppInstalls allows a local attacker to bypass discretionary access control, which is a security mechanism that restricts acce...
PT-2026-54126
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in Chromoting allows a local attacker to potentially perform a sandbox escape via a malicious file. A sandbox escape is a technique used to...
PT-2026-53830
Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL statements against the underlying PostgreSQL database, leading to full database compromise, including credential extraction...
PT-2026-53969
Name of the Vulnerable Software and Affected Versions IBM UrbanCode Deploy versions 7.2 through 7.2.3.23 IBM UrbanCode Deploy versions 7.3 through 7.3.2.18 IBM DevOps Deploy versions 8.0 through 8.0.1.13 IBM DevOps Deploy versions 8.1 through 8.1.2.6 IBM DevOps Deploy versions 8.2 through 8.2.1.0...
PT-2026-53846
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Description An authorization flaw exists in the handling of temporary destinations. While these destinations are intended to be isolated to the connection th...
PT-2026-55065
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late...
PT-2026-54110
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description An uninitialized use in ANGLE Almost Native Graphics Layer Engine, a compatibility layer that allows OpenGL ES APIs to run on non-native platforms allows a remote attacker to lea...
PT-2026-54395
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in DevTools allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achieved by using ...
PT-2026-53918
Name of the Vulnerable Software and Affected Versions Nightingale n9e versions prior to 9.0.0-beta.2 Description Authenticated users with low privileges Standard role can access full datasource configurations through the 'POST /api/n9e/datasource/list' endpoint. This occurs because the route lack...
PT-2026-53988
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.22 Description A UI misrepresentation issue allows an OAuth application to obtain unauthorized access to organization runner management. An attacker can exploit this by creating an OAuth application...
PT-2026-53862
A flaw was found in Keycloak. A highly privileged user with manage-clients permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the realm-admin role into generated tokens,...
PT-2026-53923
Name of the Vulnerable Software and Affected Versions Ocelot versions prior to 24.1.1 Description A security control bypass exists in the handling of WebSocket upgrade requests. The issue stems from a logic flaw in the OcelotPipelineExtensions.cs file, where a MapWhen branch configured for...
PT-2026-53892
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, GET /api/v1/servers/server uuid/domains?uuid=app uuid bypasses team scoping when the optional uuid query parameter is provided. Any authenticated API user can enumerate...
PT-2026-53901
Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.9 and earlier ColdFusion versions 2023.20 and earlier Description Improper input validation allows for arbitrary code execution in the context of the current user. This issue can be exploited without requiring any user...
PT-2026-53967
Name of the Vulnerable Software and Affected Versions IBM DevOps Deploy versions 8.1 through 8.1.2.6 IBM DevOps Deploy versions 8.2 through 8.2.1.0 Description Cross-Origin Resource Sharing CORS, a mechanism that allows restricted resources on a web page to be requested from another domain, is...
PT-2026-55174
These are all security issues fixed in the cadvisor-0.60.3-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-54022
Capgo console.capgo.app/login before 12.128.2 accepts access token and refresh token in URL query parameters, automatically authenticating users without confirmation. Attackers can craft malicious links to force victims into attacker-controlled sessions, exposing tokens in browser history and log...
PT-2026-53972
Name of the Vulnerable Software and Affected Versions coturn versions prior to 4.13.0 Description An authenticated TURN client can bypass the default loopback guard by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 within a TURN XOR-PEER-ADDRESS attribute. This occurs because the ioa ad...
PT-2026-53996
Name of the Vulnerable Software and Affected Versions Invidious versions prior to 2.20260626.0 Description An issue exists where authenticated attackers can delete videos from playlists belonging to other users. This occurs because the system fails to validate ownership when a request is made to...
PT-2026-53940
Name of the Vulnerable Software and Affected Versions Webmention versions prior to 5.8.1 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping of user-supplied Microformat 2 MF2 author properties. An unauthenticated attacker can inject arbitrary...
PT-2026-54766
Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.20 and earlier ColdFusion version 2025.9 Description An improper input validation issue exists that allows a remote attacker to execute arbitrary code in the context of the current user. This exploitation does not...
PT-2026-53922
Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description The application constructs the swarm run directory by joining a caller-supplied run identifier to the runs base directory without proper validation in the run dir function located in...
PT-2026-53924
Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description A path traversal issue exists in the remember tool, allowing attackers to write arbitrary Markdown files to unintended locations on the filesystem. This is achieved by supplying a malicious...
PT-2026-53863
fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...
PT-2026-53854
Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on the .torrent-file ingest path. The peer and magnet metadata path on metadata received, reached from the...
PT-2026-53842
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions 5.19.7 through 5.19.7 Apache ActiveMQ Broker versions 6.2.6 through 6.2.6 Apache ActiveMQ versions 5.19.7 through 5.19.7 Apache ActiveMQ versions 6.2.6 through 6.2.6 Apache ActiveMQ All versions 5.19.7 through...
PT-2026-53930
Name of the Vulnerable Software and Affected Versions SeaweedFS versions prior to 4.34 Description A path traversal issue exists in the S3 gateway DeleteMultipleObjectsHandler. Authenticated S3 principals with write access to one bucket can delete arbitrary objects in buckets belonging to other...
PT-2026-53844
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Apache ActiveMQ All versions prior to 5.19.8 Apache ActiveMQ All versions 6.0.0 through 6.2.6 Apache ActiveMQ Stomp versions prior to 5.19.8 Apache ActiveMQ...
PT-2026-53833
HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...
PT-2026-53820
RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed...
PT-2026-55183
These are all security issues fixed in the trivy-0.71.2-2.1 package on the GA media of openSUSE Tumbleweed...