184379 matches found
PT-2026-53337
These are all security issues fixed in the jackson-databind-2.18.8-2.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-53058
Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker versions prior to 11.1.5 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attacker...
PT-2026-52675
Name of the Vulnerable Software and Affected Versions GeoVision GV-LPC2011 versions prior to 1.13 GeoVision GV-LPC2211 versions prior to 1.13 Description An unauthenticated stack-based buffer overflow exists in the thttpd component. This issue occurs due to insufficient bounds checking when...
PT-2026-52793
Author Cross Site Scripting XSS in Featured Image = 2.1 versions...
PT-2026-52777
Unauthenticated Cross Site Scripting XSS in WoodMart = 8.5.3 versions...
PT-2026-52737
Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale = 1.0.27 versions...
PT-2026-52814
Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...
PT-2026-52752
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 = 5.5.6 versions...
PT-2026-52746
Unauthenticated Privilege Escalation in Paytium = 5.0.2 versions...
PT-2026-52827
Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...
PT-2026-52742
Subscriber Server Side Request Forgery SSRF in utm.codes = 1.9.0 versions...
PT-2026-52671
An unauthenticated buffer overflow vulnerability exists in IEEE8021x upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this...
PT-2026-53009
Summary Description An Unverified Password Change CWE-620 and Use of Weak Credentials CWE-1391 issue in OpenAM's OAuth2 authentication module silently rewrites a local user's password to the literal string of their username on OAuth2 re-login of an existing account. The default ldapService chain...
PT-2026-52843
Name of the Vulnerable Software and Affected Versions LXD versions prior to 6.9 LXD version 5.21 Description A nil-pointer dereference occurs in the CreateCustomVolumeFromBackup function when processing a specially crafted custom-volume backup tarball that omits the expires at snapshot field. An...
PT-2026-52784
Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.12.2 versions...
PT-2026-52783
Subscriber Sensitive Data Exposure in GetGenie = 4.4.2 versions...
PT-2026-52661
Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown to pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted...
PT-2026-52890
Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description An issue exists in the UDP DNS filter when configured with local or remote resolution for names exactly 25...
PT-2026-52792
Contributor Broken Access Control in SEOPress PRO = 9.1.1 versions...
PT-2026-53005
Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description The out http output plugin allows the use of placeholders, such as $tag, in the endpoint configuration parameter. If a placeholder value is derived from untrusted input, an attacker can control the...
PT-2026-53003
Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description The Monitor Agent plugin in monitor agent exposes internal metrics and plugin information through a REST API. The responses from the /api/plugins.json endpoint and related endpoints unintentionally...
PT-2026-52947
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak and a use-after-free issue exist in the max77705 power supply driver. The driver fails to destroy the allocated workqueue during the remove process, leading to memory...
PT-2026-52844
Name of the Vulnerable Software and Affected Versions LXD versions 6.0 through 6.8 LXD versions 5.21.0 through 5.21.4 LXD versions 5.0.0 through 5.0.6 Description An issue exists in the handling of project-restriction policies during snapshot restoration. An authenticated project operator in a...
PT-2026-52834
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...
PT-2026-52702
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description An issue exists that allows the disclosure of project settings via the MCP. Recommendations Update to version 2026.2.16593...
PT-2026-52703
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper authorization in the app configurations endpoint allows for the modification of project settings. Recommendations Update JetBrains YouTrack to version 2026.2.16593 or later...
PT-2026-52706
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description The websandbox bridge is susceptible to prototype pollution, a condition where an attacker can manipulate the prototype of a JavaScript object to inject properties or change the...
PT-2026-52701
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows the unauthorized reading of private user data through the comment templates endpoint. Recommendations Update to version 2026.2.16593...
PT-2026-52704
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description The default role configuration allows for the exposure of excessive user profile details. Recommendations Update to version 2026.2.16593...
PT-2026-52738
Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...
PT-2026-52896
Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: on every response, letting any website a developer visited read the server's responses cross-origin — including...
PT-2026-52862
A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
PT-2026-52861
A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
PT-2026-52960
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the io uring/napi component where there is no limit on the maximum time napi can poll when no events are found. This lack of a cap can lead to kernel complaints...
PT-2026-52952
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the drm/amd/display component. The functions dc dmub srv log diagnostic data and dc dmub srv enable dpia trace perform a check on the dc dmub srv...
PT-2026-52676
An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by...
PT-2026-52853
Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.2 Description An issue exists where the app name validation regex permits shell metacharacters. An authenticated user can exploit this by pushing to a git remote using a crafted app name. This name is embedded...
PT-2026-52638
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...
PT-2026-52761
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...
PT-2026-52978
Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.43 Kestra versions prior to 1.3.19 Description An authenticated user can perform a path traversal attack to read arbitrary files on the host filesystem that the process has access to, such as /etc/passwd or mounted...
PT-2026-52678
An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending craft...
PT-2026-52723
When used to deliver a signal to a specific thread, thr kill22 called p cansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to...
PT-2026-52729
Unauthenticated SQL Injection in Real Estate 7 = 3.5.9 versions...
PT-2026-52696
Name of the Vulnerable Software and Affected Versions Apache Kerby versions prior to 2.1.2 Description Sending a deeply nested ASN1 Abstract Syntax Notation One, a standard interface for describing data structures structure to a client or service can trigger a StackOverFlow Exception, resulting i...
PT-2026-52652
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing sanitisation issue exists in the stats-video.php script. The construction of URLs to this script does not follow best practices, and the output of the...
PT-2026-52904
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.2 OpenProject versions prior to 17.4.0 Description An authorization flaw exists where the 'GET /api/v3/shares' endpoint returns share details for all work packages within a project to any user possessing the...
PT-2026-52835
Unauthenticated Insecure Direct Object References IDOR in GravityView = 3.0.0 versions...
PT-2026-52806
Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...
PT-2026-52757
Unauthenticated Cross Site Scripting XSS in Customer Reviews for WooCommerce = 5.110.1 versions...
PT-2026-52716
Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey = 4.4.3 versions...