184379 matches found
PT-2026-52712
Unauthenticated Broken Access Control in Donation Thermometer = 2.2.7 versions...
PT-2026-53022
Name of the Vulnerable Software and Affected Versions Nebula Mesh affected versions not specified Description The web UI /ui/ fails to apply per-operator Certificate Authority CA scoping. This allows any authenticated non-admin operator to access, block, or delete resources belonging to other...
PT-2026-52791
Unauthenticated Cross Site Scripting XSS in NanoMag = 1.8 versions...
PT-2026-52772
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...
PT-2026-52750
Name of the Vulnerable Software and Affected Versions Library Management System versions prior to 3.5.8 Description An unauthenticated SQL Injection exists in the system, allowing an attacker to execute arbitrary SQL commands without providing credentials. Recommendations Update to a version newe...
PT-2026-52728
Name of the Vulnerable Software and Affected Versions SupportCandy versions prior to 3.4.7 Description An Insecure Direct Object Reference IDOR exists, which occurs when an application provides direct access to objects based on user-supplied input, potentially allowing unauthorized access to data...
PT-2026-52968
Name of the Vulnerable Software and Affected Versions relibc affected versions not specified Description A Denial of Service DoS issue exists in the parse month function located in /time/strptime.rs. An attacker can cause the system to crash by providing a specially crafted input. This issue is...
PT-2026-52779
Unauthenticated Cross Site Scripting XSS in Everest Forms = 3.4.8 versions...
PT-2026-52830
Unauthenticated Broken Access Control in Booking and Rental Manager = 2.7.1 versions...
PT-2026-52894
Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description Envoy can crash when the %REQUESTED SERVER NAMEX:Y% variable is used in the log format and host-related options such as HOST FIRST or SNI FIRST are specified...
PT-2026-52909
Name of the Vulnerable Software and Affected Versions RustFS version 1.0.0-beta.4 Description Authenticated users with PutObject permission on their own bucket can exploit a path traversal issue in the Snowball auto-extract feature to write arbitrary objects into buckets belonging to other users,...
PT-2026-52918
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/gma500/oaktrail lvds component where the LVDS initialization code fails to distinguish between I2C adapters retrieved via i2c get adapter and those allocated a...
PT-2026-52919
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the IOMMU subsystem. The group-domain pointer can be NULL if a default domain fails to allocate during the first probe. This leads to a system crash...
PT-2026-52715
Name of the Vulnerable Software and Affected Versions Eagle Booking versions prior to 1.3.4.4 Description An unauthenticated Cross Site Request Forgery CSRF issue exists, which allows an attacker to induce a user to perform actions they did not intend to execute. Recommendations Update Eagle...
PT-2026-52922
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.22 Description An issue exists in the AMD IOMMU implementation where the rlookup amd iommu function indexes the rlookup table using the devid variable without performing a bounds check. When a PCI device has...
PT-2026-52936
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the mana remove function where a double invocation can lead to a kernel panic. This occurs when a Power Management PM resume fails, causing mana probe to call mana remov...
PT-2026-52939
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the enetc network driver regarding NTMP DMA Direct Memory Access operations. If the netc xmit ntmp cmd function times out and returns an error, the pendi...
PT-2026-52929
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the xe eu stall stream close function. The drm dev put function is called before the stream is disabled and its resources are freed. If this call drops t...
PT-2026-52925
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the idpf driver where a double free and use-after-free occur during auxiliary device error paths. When the auxiliary device add function fails within idpf plug vport a...
PT-2026-52923
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Btrfs file system where the dirty pages io tree is released prematurely. Within the btrfs write and wait transaction function, the system attempts to write dirty...
PT-2026-52931
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the phonet network component where the pn socket autobind function incorrectly handles a failed bind operation. When pn socket bind returns an -EINVAL error, the syste...
PT-2026-52928
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the ice reset all vfs function. The issue occurs because ice reset all vfs ignores the return value of ice vf rebuild vsi. If the VSI rebuild...
PT-2026-52930
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA hda/conexant component where the cx probe function fails to verify the return value of snd hda jack detect enable callback. This function returns a pointer th...
PT-2026-52974
An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components...
PT-2026-52838
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...
PT-2026-52949
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the soc/tegra: cbb component where a kernel page fault occurs during cross-fabric target timeout lookups. When a fabric receives an error interrupt that originated on ...
PT-2026-52780
Subscriber Cross Site Scripting XSS in SureCart = 4.2.2 versions...
PT-2026-52804
Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...
PT-2026-52717
Contributor Local File Inclusion in Goya Core 1.0.9.4 versions...
PT-2026-52832
Name of the Vulnerable Software and Affected Versions Contest Gallery versions prior to 30.0.1 Description A SQL Injection issue exists that allows attackers with contributor-level permissions to execute unauthorized database queries remotely. Recommendations Update to a version newer than 30.0.0...
PT-2026-52972
Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.9.4 through 8.9.5 Description The installer contains a local privilege escalation issue. During the installation process, the installer invokes powershell.exe without specifying an absolute path after setting the working...
PT-2026-52721
Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...
PT-2026-52916
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description SQL injection exists in the timestamps functionality of the baseline comparison feature. This allows callers to request historic work-package attributes by...
PT-2026-52906
OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET KEY BASE=OVERWRITE ME as the default Rails master key. Combined with cookies serializer = :marshal, this gives any logged-in user a deterministic...
PT-2026-52905
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.4.0 Description An issue in the RelationQuery performance optimization allows authenticated users to bypass the Relation.visible scope. By providing an arbitrary work package ID through the involved, fromId, or...
PT-2026-52891
Name of the Vulnerable Software and Affected Versions Envoy versions 1.34.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description A heap write overflow exists in the TCP StatsD sink TcpStatsdSink when processing...
PT-2026-52856
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. is ip blocked in...
PT-2026-52847
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...
PT-2026-52756
Name of the Vulnerable Software and Affected Versions Responsive Lightbox versions prior to 2.7.7 Description An unauthenticated Cross Site Scripting XSS issue exists, which allows an attacker to execute malicious scripts in the browser of a user by injecting code into a web page. Recommendations...
PT-2026-52732
Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...
PT-2026-52670
An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker ma...
PT-2026-52907
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1...
PT-2026-52980
Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.23 Description The local internal-storage backend fails to properly validate user-supplied paths because it checks for directory traversal sequences before converting Windows-style...
PT-2026-52744
Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.5.0 Description An unauthenticated privilege escalation issue exists, allowing an attacker to gain higher-level permissions without providing valid credentials...
PT-2026-52987
Name of the Vulnerable Software and Affected Versions Daktronics Controller Firmware affected versions not specified Description Remote authenticated and unauthenticated users can perform path traversal, which allows them to escape the intended directory and enumerate arbitrary file system paths...
PT-2026-52914
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description The Storages module writes the OneDrive/SharePoint userless OAuth access token in plaintext to the Rails.cache using the deterministic key storage..httpx...
PT-2026-52935
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox-test component where channels are not freed during a probe error. This failure to release resources leads to a memory leak and creates Use-After-Free UAF...
PT-2026-52681
Name of the Vulnerable Software and Affected Versions Bytes::Random::Secure versions prior to 0.30 Description Internal state for the Pseudo-Random Number Generator PRNG is shared across forked processes when an object is initialized before forking or when the functional interface is used. This...
PT-2026-53020
Name of the Vulnerable Software and Affected Versions python-engineio versions prior to 4.13.2 Description Two specific configurations of the server fail to verify the size of incoming messages before loading them into memory, which can lead to excessive memory allocations. This occurs during POS...
PT-2026-52897
Name of the Vulnerable Software and Affected Versions Patool versions prior to 4.0.5 Description A path traversal issue exists in the safe extract function within patoolib/programs/py tarfile.py when used with Python versions before 3.12. The is within directory helper function utilizes...