184424 matches found
PT-2026-53284
Name of the Vulnerable Software and Affected Versions phpUploader versions prior to 2.0.2 Description An unauthenticated information disclosure exists where remote attackers can access the full contents of the uploaded-files database table by visiting any page of the application. The index model...
PT-2026-53492
Resolution Fixed in v3.1.0, released 2026-05-25. The fix was merged in PR 95 at commit 1c7d3f9. The fix changes the default HTTP bind host to 127.0.0.1, refuses non-loopback HTTP/HTTPS exposure unless OAuth is enabled, makes Helm exposure opt-in and OAuth-gated, and adds parser-backed...
PT-2026-53293
Name of the Vulnerable Software and Affected Versions Wallet System for WooCommerce versions prior to 2.7.7 Description Broken access control allows users with the Subscriber role to perform unauthorized actions within the system. Recommendations Update Wallet System for WooCommerce to version...
PT-2026-53315
Name of the Vulnerable Software and Affected Versions TP-Link TL-WR841N version v14 Description An authenticated stack-based buffer overflow occurs in the web management interface. A remote authenticated attacker can send crafted HTTP requests to the embedded web server, causing a stack buffer to...
PT-2026-53451
Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNEL UID or KERNEL GID value. The featu...
PT-2026-53523
Out-of-bounds read in gather tree in PaddlePaddle before 2.4. A patch is available in the release/2.4 branch...
PT-2026-53556
Summary Type: Privilege escalation / cross-tenant member injection. The POST /workspaces/workspace id/members endpoint is gated only by require workspace memberworkspace id default min role="member" and forwards the request body's user id and role straight into MemberService.addworkspace id, user...
PT-2026-53199
A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack...
PT-2026-53371
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider before 5.0.0...
PT-2026-53189
A vulnerability was found in Tenda JD12L 16.03.53.23. This impacts the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could ...
PT-2026-53349
Missing JWT signature check GHSL-2022-078 The StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because...
PT-2026-53501
In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOW SERVER ENABLE JOB EXECUTION=true and a...
PT-2026-53574
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4 64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. pyminizip uses version 1.2.11 of zlib's code...
PT-2026-53744
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.13 through 9.0.18 Apache Tomcat versions 8.5.38 through 8.5.100 Apache Tomcat versions 7.0.100 through 7.0.109...
PT-2026-53316
Name of the Vulnerable Software and Affected Versions libtiff affected versions not specified Description A heap-based buffer overflow exists in the PixarLog decoder. A remote attacker can trigger this issue by providing a specially crafted PixarLog-compressed TIFF image. The flaw occurs during t...
PT-2026-53546
| Field | Value | |---|---| | Severity | Critical | | Type | Path traversal -- arbitrary file write via tar.extract without member validation | | Affected | src/praisonai/praisonai/cli/features/recipe.py:1170-1172 | Summary cmd unpack in the recipe CLI extracts .praison tar archives using raw...
PT-2026-53453
Summary jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having...
PT-2026-53436
Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post install...
PT-2026-53248
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3...
PT-2026-53437
Impact A leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. Details HTTP/1.1 Chunked-Encoding bodies are formatted as a sequence of "chunks", each of which consists of: - chunk length - r - length...
PT-2026-53378
APKLeaks prior to v2.0.4 allows remote authenticated attackers to execute arbitrary OS commands via package name inside the application manifest. Impact An authenticated attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or...
PT-2026-53295
Unauthenticated Broken Access Control in WP User Frontend = 4.3.7 versions...
PT-2026-53488
The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weights only=True...
PT-2026-53599
Summary The KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and key id. This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. Ran the POC below...
PT-2026-53584
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore...
PT-2026-53278
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The...
PT-2026-53591
Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...
PT-2026-53204
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...
PT-2026-53541
Summary The AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can...
PT-2026-53542
Executive Summary: The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system. The path validation function also does not resolve the...
PT-2026-53659
Name of the Vulnerable Software and Affected Versions Gorse versions prior to 0.5.10 Description An authentication bypass exists in the HTTP API when the admin api key is left empty, which is the default configuration. This occurs because improper input validation treats an empty key as a disabli...
PT-2026-53596
Summary A SQL injection vulnerability in FilterEngine.create postgres query allows any authenticated Rucio user to execute arbitrary SQL against the configured PostgreSQL metadata database through the DID search endpoint GET /dids//dids/search. When the external metadata plugin postgres meta is...
PT-2026-53590
Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding decision by the Ray Development team to not implement any sort of authentication on critical endpoints, like the /api/jobs &...
PT-2026-53255
Name of the Vulnerable Software and Affected Versions GNU gzip affected versions not specified Description The gzexe utility handles temporary files insecurely. If the mktemp utility is missing from the user's PATH, gzexe generates a temporary file path using only the process ID PID. Because this...
PT-2026-53213
The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in an admin-area page, leading to a Stored Cross-Site Scripting vulnerability. When a persistent object cache is enabled, cache keys derived from unsanitised user input e.g. a transient nam...
PT-2026-53170
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...
PT-2026-53244
A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/mod users/controller.php?action=add. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The explo...
PT-2026-53688
Name of the Vulnerable Software and Affected Versions Synology MailPlus Server versions prior to 4.0.1-31663 Description A critical flaw allows remote attackers to read and write arbitrary files and access internal services, which likely leads to remote code execution RCE, a state where an attack...
PT-2026-53502
MLflow allowed arbitrary files to be PUT onto the server...
PT-2026-53354
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as whoami and /bin/whoami. An attacker can circumvent this restriction by executing...
PT-2026-53391
An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...
PT-2026-53367
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider...
PT-2026-53575
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape dict...
PT-2026-53589
A command injection exists in Ray's cpu profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication...
PT-2026-53205
A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employee model.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...
PT-2026-53755
Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description An issue exists where the mcumgr serial process frag function in subsys/mgmt/mcumgr/transport/src/serial util.c calls net buf reset on the result of smp packet alloc without first verifying if the result is NUL...
PT-2026-53937
These are all security issues fixed in the dash-0.5.13.4-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53703
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling. Recommendations...
PT-2026-53640
Impact It was possible to overwrite Git configuration remotely and override some of its behavior. Resources Thanks to Jason Marcello for responsible disclosure...
PT-2026-53618
Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...