184382 matches found
PT-2026-53680
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: full info string: true are enabled,...
PT-2026-53670
Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description An authorization bypass exists in four REST endpoints: 'c2profile config check webhook', 'c2profile redirect rules webhook', 'c2profile get ioc webhook', and 'c2profile sample message webhook'. The...
PT-2026-53652
Name of the Vulnerable Software and Affected Versions googleapis/mcp-toolbox affected versions not specified Description A path traversal issue exists in the HTTP tool URL builder. When constructing downstream API requests, the tool substitutes user-controlled pathParams into the configured tool...
PT-2026-53306
Name of the Vulnerable Software and Affected Versions Edimax EW-7478APC version 1.04 Description A buffer overflow exists in the POST Request Handler component. This issue occurs when the formUSBAccount function in the '/goform/formUSBAccount' endpoint processes the UserName and Password argument...
PT-2026-53197
A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /preview4.php. Such manipulation of the argument course year section leads to sql injection. The attack may be launched remotely. The exploit has been...
PT-2026-53505
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the install model dependencies to env function. When deploying a model with env manager=LOCAL, MLflow reads dependency specifications from the model artifact's python env.yaml file an...
PT-2026-53624
Impact Websites that use Website.user vars property in versions. Patches It affects versions v2.0.1 to v2.4.0. Please upgrade to v2.4.1 Workarounds Do not use Website.user vars in websites when using versions v2.0.1 to v2.4.0. Also, do not use Website.signin user in version v2.4.0 only. Explanati...
PT-2026-53714
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...
PT-2026-53748
Name of the Vulnerable Software and Affected Versions Zephyr versions prior to 4.4.0 Description The USB CDC-NCM device class contains a flaw where the cdc ncm send function ignores the return value of usbd ep enqueue. If the enqueue operation fails—which occurs when the USB bus is suspended,...
PT-2026-53673
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...
PT-2026-53531
Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/query tool/download, where the query commited parameter and /cloud/deploy endpoint, where the high availability parameter...
PT-2026-53494
Summary An explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yielding standard Unrestricted Remote Code Execution. Any individual capable of routing HTTP logic to this server block wil...
PT-2026-53692
Name of the Vulnerable Software and Affected Versions AWS Application Load Balancer affected versions not specified Description Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. B...
PT-2026-53386
Summary In backpropagate = 1.1.0, the optional Reflex web UI pip install backpropagateui, launched via backprop ui exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push. The CLI accepts two operator-facing...
PT-2026-53743
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Description An always-incorrect control flow...
PT-2026-53192
A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF File Handler. Performing a manipulation results in out-of-bounds read. It is...
PT-2026-53741
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Description An incorrect control flow implementation...
PT-2026-53637
vllm-project vllm version 0.6.0 contains a vulnerability in the distributed training API. The function vllm.distributed.GroupCoordinator.recv object deserializes received object bytes using pickle.loads without sanitization, leading to a remote code execution vulnerability. Maintainer perspective...
PT-2026-53319
A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/header/ModbusLayer.h of the component Modbus Protocol Handler. The manipulation of the argument length results in heap-based buffer overflow. The attack...
PT-2026-53715
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected Safari crash due to a stack...
PT-2026-53693
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description An out-of-bounds access issue occurs when processing maliciously crafted web content, which may lead ...
PT-2026-53699
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description An out-of-bounds access issue occurs when processing maliciously crafted web content, which may lead ...
PT-2026-53727
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may result in the disclosure of process memory due to...
PT-2026-53710
Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected process crash due to improper...
PT-2026-53616
A vulnerability, which was classified as critical, has been found in van der Schaar LAB synthcity 0.2.9. Affected by this issue is the function load from file of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been...
PT-2026-53459
An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...
PT-2026-53286
Unauthenticated Cross Site Scripting XSS in BEAR = 1.1.8 versions...
PT-2026-53586
Vulnerability A vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: - The HTTP API must be enabled on the...
PT-2026-53539
A vulnerability, which was classified as critical, was found in Blue Yonder postgraas server up to 2.0.0b2. Affected is the function create pg connection/create postgres db of the file postgraas server/backends/postgres cluster/postgres cluster driver.py of the component PostgreSQL Backend Handle...
PT-2026-53414
In eosphoros-ai/db-gpt version v0.6.3 and earlier, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim...
PT-2026-53384
Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network...
PT-2026-53317
A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the component TLS Hello Handler. Executing a manipulation of the argument handshakeVersion can lead to...
PT-2026-53565
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
PT-2026-53352
A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...
PT-2026-53628
Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...
PT-2026-53527
remote code execution in paddlepaddle/paddle 2.6.0...
PT-2026-53355
A vulnerability in the LockManager.release locks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The run hash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion...
PT-2026-53482
A vulnerability in the FinanceChatLlamaPack of the llama-index-packs-finchat package, versions up to v0.3.0, allows for SQL injection in the run sql query function of the database agent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code...
PT-2026-53377
A stored cross-site scripting XSS vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their...
PT-2026-53440
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...
PT-2026-53198
A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File...
PT-2026-53292
Name of the Vulnerable Software and Affected Versions Paid Videochat Turnkey Site versions 7.4.8 and earlier Description An issue exists that allows a performer to perform arbitrary file deletion within the system. Recommendations At the moment, there is no information about a newer version that...
PT-2026-53207
A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...
PT-2026-53631
In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...
PT-2026-53243
Name of the Vulnerable Software and Affected Versions itsourcecode Online Hotel Management System version 1.0 Description A remote cross site scripting issue exists in the POST Request Handler component. The flaw occurs when the Name argument is manipulated within the '/admin/mod...
PT-2026-53719
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Insufficient input sanitization in Apple platforms allows an app to reach sensitive kernel code paths. This improper input validation...
PT-2026-53507
A path traversal vulnerability exists in the extract archive to dir function within the mlflow/pyfunc/dbconnect artifact cache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction...
PT-2026-53356
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and run hash to bypass directory existence checks and...
PT-2026-53496
A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of sessi...
PT-2026-53629
Summary The substitute utcp args method in cli communication protocol.py inserts user-controlled tool args values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix or powershell.exe -Command Windows, allowing an attack...