184379 matches found
PT-2026-53082
Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An integer overflow occurs when the software reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response. This value is used in the allocation num attrs sizeoflibssh2...
PT-2026-53221
Name of the Vulnerable Software and Affected Versions Delta Electronics DTM Soft affected versions not specified Description The software is susceptible to the deserialization of untrusted data, which can allow an attacker to execute arbitrary code. Real-world exploitation has been observed where...
PT-2026-53343
These are all security issues fixed in the jupyter-jupyterlab-templates-0.5.3-2.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53332
These are all security issues fixed in the ImageMagick-7.1.2.25-3.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53051
Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with custom-level access ...
PT-2026-53226
Published our new research: CVE-2026-52870 Missing Authorization in @AnthropicAI's MCP Python SDK. On multi-client MCP servers, any authenticated client could enumerate and hijack tasks from other clients. Patched in v1.27.2. https://t.co/ykvbM2cmXm @Shruti Lohani...
PT-2026-53060
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer overflow occurs in the dsp mmap single function when validating requested mappings by summing a user-supplied offset and length against the buffer siz...
PT-2026-53338
These are all security issues fixed in the jq-1.8.2-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53054
The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs update failed payment status AJAX action. The handler is registered through both wp ajax and wp ajax nopriv hooks and the underlying update failed payment statu...
PT-2026-53047
Name of the Vulnerable Software and Affected Versions Shariff for WordPress versions prior to 1.0.12 Description The plugin fails to sanitize or escape the shariff infourl setting before it is output in the frontend HTML via the generateshariff function. This flaw allows high-privilege users, suc...
PT-2026-53333
These are all security issues fixed in the agama-web-ui-22+143.ee15dea20-46.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53335
These are all security issues fixed in the calibre-9.10.0-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53655
Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.10.0 Description A flaw exists where reading metadata from a malicious EPUB, OPF, or PDF file allows the execution of arbitrary Python code. This occurs when a custom column definition containing a python: template ...
PT-2026-53036
Name of the Vulnerable Software and Affected Versions HCL Traveler for Microsoft Outlook HTMO affected versions not specified Description The application is susceptible to security weaknesses because it relies on .NET Framework 4.5, which has reached end-of-life. As this framework no longer...
PT-2026-53055
Name of the Vulnerable Software and Affected Versions Spexo theme for WordPress versions prior to 2.0.12 Description Unauthorized access is possible due to a missing capability check in the activate plugin function. This allows authenticated users with Subscriber-level permissions or higher to...
PT-2026-53225
Name of the Vulnerable Software and Affected Versions mcp Python SDK versions prior to 1.27.2 Description Principal confusion exists in the HTTP transports of the mcp Python SDK. Specifically, the SSE and Streamable HTTP stateful mode routed sessions fail to verify if the principal matches the...
PT-2026-53043
Name of the Vulnerable Software and Affected Versions Invoice Generator versions prior to 1.0.1 Description The Invoice Generator plugin for WordPress allows privilege escalation because it fails to perform a capability check on the pravel invoice edit account AJAX action. The handler is exposed...
PT-2026-53336
These are all security issues fixed in the hydra-9.7+git20.gbccaea1-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53057
Name of the Vulnerable Software and Affected Versions Frisbii Pay versions prior to 1.9.0 Description Authenticated users with Subscriber-level access and above can perform unauthorized modification of data. This is caused by missing capability checks in the upload csv and process batch functions...
PT-2026-53049
Name of the Vulnerable Software and Affected Versions Surbma | Infusionsoft Shortcode versions prior to 2.0.2 Description Stored Cross-Site Scripting occurs via the 'infusionsoft-form' shortcode. The issue stems from insufficient input sanitization and output escaping within the surbma infusionso...
PT-2026-53050
Name of the Vulnerable Software and Affected Versions Masteriyo LMS – LMS Course Builder, Quizzes & Certificates versions prior to 2.2.2 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows...
PT-2026-53039
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
PT-2026-53059
Name of the Vulnerable Software and Affected Versions RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login versions prior to 6.0.8.7 Description An authentication bypass exists due to insufficient verification of data authenticity. The PayPal IPN callback...
PT-2026-53038
Name of the Vulnerable Software and Affected Versions Ivory Search – WordPress Search Plugin versions prior to 5.5.16 Description Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access and above to perform Stored Cross-Site Scripting XSS...
PT-2026-53056
Name of the Vulnerable Software and Affected Versions Page Builder by SiteOrigin versions prior to 2.34.4 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject arbitrary...
PT-2026-53334
These are all security issues fixed in the assimp-devel-6.0.5-4.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53041
Name of the Vulnerable Software and Affected Versions CodePeople Post Map for Google Maps versions prior to 1.2.7 Description Insufficient input sanitization and output escaping allow authenticated attackers with Contributor-level access and above to perform Stored Cross-Site Scripting. This is...
PT-2026-53053
Name of the Vulnerable Software and Affected Versions Gutenverse versions prior to 3.8.1 Description The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress contains a Stored Cross-Site Scripting issue in the admin settings. This occurs due to insufficient input...
PT-2026-53341
These are all security issues fixed in the ocaml-4.14.4-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53340
These are all security issues fixed in the logback-1.5.36-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53044
Name of the Vulnerable Software and Affected Versions Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content versions prior to 4.16.17 Description An Insecure Direct Object Reference occurs because the software fails to verify if the authenticated...
PT-2026-53037
HCL Traveler for Microsoft Outlook HTMO is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application...
PT-2026-53065
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The CONS HISTORY ioctl handler fails to properly validate the requested history size. Providing a large value leads to an integer overflow during the buffer size...
PT-2026-53064
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The ELF image activator cleared per-process ASLR Address Space Layout Randomization, a security technique that randomizes memory addresses to prevent exploitatio...
PT-2026-53048
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...
PT-2026-53063
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where the audio buffer backing a mapping could be freed upon closing the device while the mapping remains valid. This allows the freed memory to ...
PT-2026-55946
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.4 pnpm versions prior to 11.7.0 Description A crafted patch entry can resolve outside the configured patches directory, allowing the pnpm patch-remove command to delete an arbitrary reachable file. Recommendations...
PT-2026-53062
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the kernel handler for IPV6 MSFILTER. The handler drops a serializing lock to copy the source-filter list from userspace and subsequently reacquires it...
PT-2026-53339
These are all security issues fixed in the libslirp-devel-4.9.3+4-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53052
Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description An Insecure Direct Object Reference exists due to missing validation on a user-controlled key. Authenticated attackers with subscriber-level...
PT-2026-53042
Name of the Vulnerable Software and Affected Versions HD Quiz versions 2.2.0 through 2.2.1 Description The HD Quiz plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because the hdq validate nonce function fails to properly validate nonces, which are unique tokens...
PT-2026-53040
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
PT-2026-54531
Уязвимость компонента act runner системы управления Git-репозиториями Gitea связана с небезопасным управлением привилегиями. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии...
PT-2026-54532
Уязвимость функции publickey response success библиотеки libssh2 связана с целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании или выполнить произвольный код...
PT-2026-53342
These are all security issues fixed in the python311-jupyter-ydoc-3.5.0-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53046
Name of the Vulnerable Software and Affected Versions MaxButtons – Create buttons plugin for WordPress versions prior to 9.8.6 Description Reflected Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary we...
PT-2026-53077
Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.7 Description Authenticated users with Subscriber-level access can delete arbitrary files on the server, including sensitive files like wp-config.php, which may lead to a full site takeover. Th...
PT-2026-53076
Name of the Vulnerable Software and Affected Versions Zephyr versions 3.6.0 through 4.4.0 Description An out-of-bounds write exists in the IP socket recvmsg implementation within the insert pktinfo function. The issue occurs because the system validates the user-supplied ancillary msg control...
PT-2026-53337
These are all security issues fixed in the jackson-databind-2.18.8-2.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53058
Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker versions prior to 11.1.5 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attacker...