175420 matches found
PT-2026-44753
Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...
PT-2026-44769
Name of the Vulnerable Software and Affected Versions Acer Predator Connect W6x versions prior to W6x GBL 2.00.000008 Description Crafted MQTT messages can trigger command injection, allowing for root-level remote code execution on the target device without requiring authentication. Recommendatio...
PT-2026-44936
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...
PT-2026-44743
Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...
PT-2026-47571
Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. IRSO controller automatically adds its environment label to user-provided Secrets and ConfigMaps without the resource owner's consent. A high-privilege controller modifying user-owned resources...
PT-2026-44898
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scop...
PT-2026-44922
Name of the Vulnerable Software and Affected Versions agno version 2.6.5 Description A SQL injection issue exists in the ClickHouse vector database backend. Attackers can inject arbitrary SQL expressions by providing malicious metadata keys and values to the delete by metadata function. This is...
PT-2026-44893
QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...
PT-2026-44894
QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...
PT-2026-44797
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client id and client secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to...
PT-2026-47592
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. Additional...
PT-2026-47561
Impact Postgres backend schema identifiers were interpolated into SQL strings. In the reviewed code path the schema value is operator-controlled, but the pattern was unsafe if future call sites allowed tenant or request-controlled schema names. Impacted users are operators using the Postgres...
PT-2026-45059
Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to owner. The issue is caused by privileged workspace-management routes using the shared dependency require workspace member... without...
PT-2026-45056
Bug Report: Arbitrary File Write in Python API Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to arbitrary paths. write file skips path validation when workspace=None always None in production. Affected PraisonAI output file: /tmp/flag.txt output...
PT-2026-45044
Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...
PT-2026-45050
Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A server without configuring auth token. 2. The same example binds the server to 0.0.0.0. 3. The example registers a calculateexpression tool...
PT-2026-47223
Name of the Vulnerable Software and Affected Versions guzzlehttp/psr7 versions prior to 2.10.2 Description The library fails to reject ASCII control characters, whitespace, or DEL in first-party URI host components. When an application uses a user-controlled URL to construct a PSR-7 Uri or Reques...
PT-2026-45015
Summary Gotenberg is vulnerable to a remote denial of service in multipart downloadFrom handling. A multipart request containing multiple downloadFrom entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process with fatal error: concurrent...
PT-2026-45040
Summary modules/documents-files.php mode file rename save shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folder uuid, but the rename operation acts on fil...
PT-2026-45033
Impact A Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability CWE-426: Untrusted Search Path & CWE-15...
PT-2026-45038
Summary modules/registration.php mode send login regenerates a random password for user uuid assigned, stores its bcrypt hash in adm users.usr password, and emails the cleartext to that user. Every other state-changing mode in the same file assign member, assign user, delete user, create user cal...
PT-2026-45144
These are all security issues fixed in the libzypp-17.38.10-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44949
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.1.13162 Description An information disclosure issue exists on the Users and Groups pages. Recommendations Update to version 2026.1.13162...
PT-2026-44939
Name of the Vulnerable Software and Affected Versions Trilium Notes versions prior to 0.102.2 Description A malicious ZIP archive imported with safe import enabled can lead to remote code execution RCE and cross-site scripting XSS. This occurs by combining a payload note type: code, mime:...
PT-2026-44803
Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX Host version 7.9.1.0 R2502171040 Description An OS Command Injection issue exists in the Administration WebUI, which allows remote authenticated attackers to execute arbitrary operating system commands on the host. OS Comma...
PT-2026-44904
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly...
PT-2026-44962
Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2026.1 Description Code execution is possible through template injection within the Copyright plugin. Template injection occurs when untrusted input is embedded into a template and executed by the...
PT-2026-44985
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-prov data is stored as nni quic conn during dialing, but read as ex quic conn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...
PT-2026-44826
Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.24.1 Description A Server-Side Template Injection SSTI exists in the prompt generator located in rag/prompts/generator.py. This issue allows authenticated users to execute arbitrary operating system commands on the...
PT-2026-44905
Name of the Vulnerable Software and Affected Versions GitHub CLI versions prior to 2.93.0 Description GitHub CLI incorrectly includes authorization headers in API requests to TUF repository mirrors when using the gh attestation, gh release verify, and gh release verify-asset commands. The tool...
PT-2026-44798
Name of the Vulnerable Software and Affected Versions OpenShift Router affected versions not specified Description A flaw in the OpenShift Router allows a user with EndpointSlice write access to proxy requests to a cloud metadata endpoint. This is achieved by creating a Service backed by a Fully...
PT-2026-44899
SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting XSS due to improper handling of user supplied input in the user registration functionality in register.php...
PT-2026-44983
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description The RDPEAR NDR parser in FreeRDP accepts a single non-null NDR pointer ref-id for multiple logical pointer fields without tracking the expected NDR type or ownership of the pointed object. If the sa...
PT-2026-47556
Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 all network interfaces by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any ho...
PT-2026-44974
Name of the Vulnerable Software and Affected Versions Rizin affected versions not specified Description Rizin is a UNIX-like reverse engineering framework and command-line toolset. A double free occurs in the byte pattern search function within the librz/core/cmd/cmd search.c file due to...
PT-2026-44960
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 Description An open redirect exists within the SAML plugin. An open redirect occurs when an application takes a user-supplied URL and redirects the user to it without sufficient validation, potential...
PT-2026-44817
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...
PT-2026-44752
A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soup body input stream read chunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of ...
PT-2026-47227
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=517058311 Crash type: Stack-buffer-overflow READ Crash state: coolkey rsa op coolkey compute crypt sc compute signature...
PT-2026-44860
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...
PT-2026-44746
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ays poll get user information' AJAX action, which serializes and returns the...
PT-2026-44895
OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...
PT-2026-44880
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inc types graph.php with crafted SQL payloads to extract sensitive...
PT-2026-44984
Name of the Vulnerable Software and Affected Versions axios versions prior to 0.32.0 axios versions prior to 1.16.0 Description Axios is a promise-based HTTP client for the browser and Node.js. The issue resides in the lib/helpers/shouldBypassProxy.js file and is caused by the failure to normaliz...
PT-2026-45028
Name of the Vulnerable Software and Affected Versions Nuxt versions 3.11.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description When experimental.componentIslands is enabled,...
PT-2026-45022
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description NodeVM allows the exclusion of public network builtins from the wildcard builtin option, which blocks direct access to modules such as 'http', 'https', 'http2', 'net', 'dgram', 'tls', 'dns', and...
PT-2026-44955
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 JetBrains TeamCity version 2025.11.5 Description A reflected Cross-Site Scripting XSS issue exists on the repository download page. Reflected XSS occurs when an application receives data in an HTTP...
PT-2026-44833
An unhandled exception in Suprema BioStar 2 Server, versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service DoS by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes,...
PT-2026-45029
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 authentik versions prior to 2026.5.1 Description The SAML Source ACS endpoint is susceptible to XML Signature Wrapping, a technique where a valid signature is used to...
PT-2026-44977
Name of the Vulnerable Software and Affected Versions Formie versions prior to 2.2.21 Formie versions prior to 3.1.26 Description Unauthenticated users can modify existing submissions by sending a known or guessed submission ID to the 'formie/submissions/save-submission' endpoint. Recommendations...