184481 matches found
PT-2026-54324
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the GPU component allows a remote attacker who has already compromised the renderer process to obtain potentially sensitive information from process...
PT-2026-54330
Name of the Vulnerable Software and Affected Versions Google Chrome on Windows versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in Device Trust allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a...
PT-2026-54337
Name of the Vulnerable Software and Affected Versions Google Chrome on ChromeOS versions prior to 150.0.7871.47 Description An inappropriate implementation in Views allows an attacker to obtain potentially sensitive information from process memory. This occurs if a user is convinced to install a...
PT-2026-54427
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out-of-bounds read and write issue exists in ANGLE, a compatibility layer that allows OpenGL ES APIs to run on non-native platforms. This flaw allows a remote attacker who has alread...
PT-2026-54423
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A type confusion issue exists in the CSS component, which allows a remote attacker to obtain potentially sensitive information from process memory by using a specially crafted HTML page...
PT-2026-53917
Name of the Vulnerable Software and Affected Versions OpenBMB ChatDev versions prior to commit 4fd4da6 Description An unauthenticated remote attacker can write or delete arbitrary files on the server filesystem. The issue occurs because the application fails to sanitize the multipart filename...
PT-2026-53925
Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.521 Description An authorization bypass occurs during the session import process. The /api/session/import endpoint validates the workspace of an imported session under the active named profile but fails to s...
PT-2026-53963
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description A cross-site scripting issue exists within the administrative console help system. Cross-site scripting is a flaw that allows an attacker to...
PT-2026-53811
Name of the Vulnerable Software and Affected Versions Editorial Rating – Product Review & Rating System versions prior to 4.0.6 Description Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access and above to perform Stored Cross-Site...
PT-2026-53973
Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence version 5.2.2 IBM watsonx.data intelligence version 5.3.0 IBM watsonx.data intelligence versions 5.3.1 through patch-1 Description The software transmits data in clear text, which could allow an attacker to obtain...
PT-2026-55173
These are all security issues fixed in the amfora-1.11.0-3.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53986
Name of the Vulnerable Software and Affected Versions FUXA versions prior to 1.3.2 Description An authentication bypass exists in the REST API due to improper dot-segment path normalization. The API router does not normalize dot-segment sequences before the authentication middleware is applied...
PT-2026-53921
Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description The application constructs the proposal file path by joining a caller-supplied proposal identifier to the broker proposals directory without proper sanitization in the...
PT-2026-53834
Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...
PT-2026-53831
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of servi...
PT-2026-53980
Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description A remote attacker can obtain sensitive information when the system returns detailed technical error messages in the browser. This exposure of internal data could be leverag...
PT-2026-53839
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.8 Apache ActiveMQ Broker versions 6.0.0 through 6.2.6 Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Apache ActiveMQ All versions prior to 5.19.8 Apache...
PT-2026-54200
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An uninitialized use in the GPU component allows a remote attacker to obtain potentially sensitive information from process memory. This is achieved by inducing the victim to...
PT-2026-54204
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the UI allows a local attacker to perform privilege escalation by using a malicious file. Recommendations Update Google Chrome o...
PT-2026-54209
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in the Sharing feature allows a remote attacker who has already compromised the renderer process to leak cross-origin data. This is achieved b...
PT-2026-54206
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient policy enforcement in DevTools allows a local attacker to bypass navigation restrictions by using a malicious file. Recommendations Update Google Chrome on Andro...
PT-2026-54201
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the WebView component allows a remote attacker who has already compromised the renderer process to bypass the same origin policy...
PT-2026-54187
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient policy enforcement in WebXR allows a remote attacker to leak cross-origin data through a crafted HTML page. WebXR is an API that enables the creation of virtual...
PT-2026-54062
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use-after-free issue exists in the Bluetooth component of Google Chrome on macOS. A remote attacker can exploit this by convincing a user to visit a crafted HTML page and perform...
PT-2026-54086
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Side-channel information leakage in the Safe Browsing component allows a remote attacker who has already compromised the renderer process to leak cross-origin data. This is...
PT-2026-54096
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description An out of bounds read exists in ANGLE, a compatibility layer that allows developers to use WebGL across different graphics APIs. A remote attacker who has already compromised the...
PT-2026-54231
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in CustomTabs allows a local attacker to perform UI spoofing via a malicious file. UI spoofing is a technique where an attacker...
PT-2026-54216
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the WebShare component allows a remote attacker who has already compromised the renderer process to perform UI spoofing. This is...
PT-2026-54240
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the WebView component allows a remote attacker to bypass navigation restrictions by using a crafted HTML page. Recommendations Update Googl...
PT-2026-54220
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description An inappropriate implementation in the DataTransfer component allows a remote attacker to leak cross-origin data. This occurs when a user is convinced to perform specific UI...
PT-2026-54245
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An uninitialized use in the UI allows a remote attacker who has already compromised the renderer process to obtain potentially sensitive information from process memory. This...
PT-2026-54181
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description An inappropriate implementation in the Safe Browsing component allows a remote attacker to bypass navigation restrictions by using a specially crafted HTML page. Recommendations...
PT-2026-54191
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description An inappropriate implementation in the Passwords component allows a local attacker to obtain potentially sensitive information from process memory by using a malicious file...
PT-2026-53903
Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 2025 Update 10 Adobe ColdFusion versions prior to 2023 Update 21 Description Adobe ColdFusion contains a path traversal flaw resulting from the improper limitation of a pathname to a restricted directory. Thi...
PT-2026-53979
Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An authenticated user can bypass security controls and perform unauthorized actions. This occurs because security checks that should be enforced on the server are instead...
PT-2026-54108
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out-of-bounds read and write issue exists in the GPU component. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code within a...
PT-2026-53821
DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product...
PT-2026-54429
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in DevTools allows an attacker to perform UI spoofing. This occurs when a user is convinced to install a crafted malicious Chrome Extension...
PT-2026-53984
An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface. An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences. When processed by the embedded web...
PT-2026-54048
Name of the Vulnerable Software and Affected Versions Grav CMS versions prior to 2.0.0-beta.2 Description Multiple issues allow for code execution. Three unsafe unserialize calls within SchedulerJobQueue, FrameworkCacheAdapterFileCache, and Session deserialize untrusted data without restricting...
PT-2026-53951
Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description Improper validation in the XDF decoder allows an adjacent attacker to cause a denial of service. The application processes deeply nested Protocol Buffers messages and...
PT-2026-54037
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Authenticated organization administrators can bypass server-side validation within organization security settings to persist an invalid security policy state. This is achieved by directly updating t...
PT-2026-54046
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description An incorrect policy check allows remote attackers to bypass path policy restrictions in sandboxed conversion services. This flaw enables the creation or truncation of files that are disallowed...
PT-2026-53928
Name of the Vulnerable Software and Affected Versions Woodpecker versions prior to 3.15.0 Description When using the GitLab forge driver, the system matches the ApprovalAllowedUsers bypass list against the pipeline.Author variable. The pipeline.Author is populated from the commit.author.name...
PT-2026-53896
A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to the in-cluster rancher-webhook service could submi...
PT-2026-53943
Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description The Object Query Language OQL engine resolves class names provided by an attacker using Class.forName and invokes their constructors without an allow-list at three sinks:...
PT-2026-53905
Name of the Vulnerable Software and Affected Versions ColdFusion versions prior to 2025.10 Description A Server-Side Request Forgery SSRF issue allows an attacker to bypass security features and obtain unauthorized read access. This flaw can be exploited without any user interaction...
PT-2026-53878
Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.7 Description A middleware scoping flaw exists where plugin prefixes are not applied to middleware mount paths when the mount path is provided as an array or a regular expression. This occurs due to...
PT-2026-53920
Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description The local API server trusts the TCP peer address to bypass the API AUTH KEY bearer-token check for loopback clients and lacks Host header validation while binding to 0.0.0.0 with credentialed...
PT-2026-53836
Name of the Vulnerable Software and Affected Versions EventON - WordPress Virtual Event Calendar Plugin versions prior to 5.0.12 Description An issue exists where unauthenticated attackers can perform SQL Injection, a technique used to interfere with the queries that an application makes to its...