184427 matches found
PT-2026-53247
Name of the Vulnerable Software and Affected Versions Yelp affected versions not specified Description A flaw exists due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI porta...
PT-2026-53234
Name of the Vulnerable Software and Affected Versions util-linux libblkid affected versions not specified Description A heap use-after-free read occurs in the libblkid library during nested partition probing. The BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a...
PT-2026-53290
Name of the Vulnerable Software and Affected Versions WooCommerce Designer Pro versions prior to 1.9.35 Description Cross Site Scripting XSS allows an attacker with subscriber privileges to execute malicious scripts in the browser of other users. Recommendations Update WooCommerce Designer Pro to...
PT-2026-53237
Name of the Vulnerable Software and Affected Versions spice-vdagent affected versions not specified Description A flaw exists where a malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This leads to a heap buffer overflow within the udscs...
PT-2026-53238
Name of the Vulnerable Software and Affected Versions spice-vdagent affected versions not specified Description A path traversal flaw exists in spice-vdagent, where a path traversal is a vulnerability that allows an attacker to access files and directories that are stored outside the web root...
PT-2026-53322
Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of parameters allows unintended SQL execution. An attacker can exploit this by providing crafted values to vulnerable command paths, leading the CLI to execute unauthoriz...
PT-2026-53465
Summary All components based on BaseFileComponent are vulnerable to the following vulnerability: 1. Docling DoclingInlineComponent 2. Docling Serve DoclingRemoteComponent 3. Read File FileComponent 4. NVIDIA Retriever Extraction NvidiaIngestComponent 5. Video File VideoFileComponent 6. Unstructur...
PT-2026-53250
A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-list sale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...
PT-2026-53660
Name of the Vulnerable Software and Affected Versions Parseable versions prior to 2.9.2 Description An information disclosure issue exists in the notification-target API endpoints where webhook tokens and basic-auth credentials are returned in cleartext. This occurs because the secret-masking...
PT-2026-53312
Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization in the Snowpark annotation processor callback template allows arbitrary code execution during application bundling or deployment. An attacker can exploit this by providin...
PT-2026-53665
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protection. Attackers can trigger alarm threshold breaches to force the server to issue POST requests to...
PT-2026-53564
Impact The vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected. Patches The problem has been patched in version 2.2. Workarounds There is no workaround. All users are urged to upgrade to versi...
PT-2026-53522
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instance...
PT-2026-53431
Impact When Flask-AppBuilder is set to AUTH TYPE AUTH OID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the...
PT-2026-53467
Summary TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. PoC For example, one could prompt the Agent: Evaluate the following pandas expression on the data provided and print output:...
PT-2026-53419
Summary Python class pollution is a novel vulnerability categorized under CWE-915. The Delta class is vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it can lead to Denial of Service and Remote Code Execution via insecure Pickle...
PT-2026-53406
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon...
PT-2026-53357
A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the run search api function of the aim/web/api/runs/views.py file, where improper...
PT-2026-53638
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...
PT-2026-53613
Summary The log file name parameter in the stata do API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands includi...
PT-2026-53428
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1...
PT-2026-53506
A command injection vulnerability exists in Mlflow when serving a model with enable mlserver=True. The model uri is embedded directly into a shell command executed via bash -c without proper sanitization. If the model uri contains shell metacharacters, such as $ or backticks, it allows for comman...
PT-2026-53641
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The nam...
PT-2026-53601
Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same...
PT-2026-53609
Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server...
PT-2026-53619
Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...
PT-2026-53578
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
PT-2026-53569
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...
PT-2026-53557
Summary Type: Vertical privilege escalation. The PATCH /workspaces/workspace id/members/user id endpoint is gated by require workspace memberworkspace id, which defaults to min role="member" and is never overridden by the route. The handler then calls MemberService.update roleworkspace id, user i...
PT-2026-53540
The execute command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. --- Description PraisonAI's workflow system and...
PT-2026-53169
A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack...
PT-2026-53364
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...
PT-2026-53597
Summary A SQL injection vulnerability in the Oracle path of FilterEngine.create sqla query allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. Attacker-controlled filter keys and values are interpolated...
PT-2026-53552
PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. --- Description When a user installs a template from a remote source e.g., GitHub,...
PT-2026-53424
A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be...
PT-2026-53427
A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c...
PT-2026-53313
Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Sensitive information is inserted into log files in plaintext. This occurs when credentials, such as passwords, tokens, or private key material, are written to persistent local debug logs. An...
PT-2026-53173
A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security 5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publish...
PT-2026-53760
Summary Description A Protection Mechanism Failure CWE-693 in OpenAM's server-side scripting sandbox allows an authenticated script author execute operating-system commands from the OpenAM JVM with the default class allow and deny lists. This impacts OpenAM Community Edition through version 16.0....
PT-2026-53171
A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclos...
PT-2026-53558
Summary The Platform server exposes resources under /api/v1/workspaces/workspace id/... and protects them with a require workspace memberworkspace id FastAPI dependency. The dependency only checks that the caller is a member of the workspace id in the URL prefix. The route handlers then look up t...
PT-2026-53622
Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...
PT-2026-53625
A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely...
PT-2026-53195
A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employee model.php of the component Update Earn Leave Endpoint. The manipulation of the argument emid results in sql injection. The attack...
PT-2026-53543
Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALL SERVER TOKEN is not configured. The affected component is the praisonai.api.agent invoke router as mounted by praisonai.api.call. The authentication helper verify token fails open when CALL...
PT-2026-53497
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirement...
PT-2026-53512
OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...
PT-2026-53256
Name of the Vulnerable Software and Affected Versions GNU gzip affected versions not specified Description An issue exists in the LZH decompression logic where shared global state is improperly reused between different decompression formats during a single execution. The software maintains a glob...
PT-2026-53271
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the get gl transactions function where the filter type parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SA GLANALYTIC permission can inject arbitrary SQL by supplying a closing...
PT-2026-53434
A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...