175420 matches found
PT-2026-44497
Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspf char data function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...
PT-2026-44399
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.1 Description An attacker can craft a PDF file that causes excessive memory consumption during the parsing of large XMP metadata, which may contain numerous unnecessary elements. Recommendations Update to version...
PT-2026-44391
Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists via forged mce:protected comments. This allows attackers to bypass sanitization and...
PT-2026-44396
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get signing key forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...
PT-2026-44367
Name of the Vulnerable Software and Affected Versions Apache Artemis versions 2.50.0 through 2.53.0 Apache ActiveMQ Artemis versions 2.0.0 through 2.44.0 Description An issue exists where an application using the STOMP Simple Text Oriented Messaging Protocol protocol can augment the routing-type ...
PT-2026-44533
Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0 Description An issue in the Core component allows an unauthenticated attacker with network access via HTTPS to compromise the system. Successful exploitation can lead to unauthorized...
PT-2026-44581
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An out of bounds write in the GPU allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique used to brea...
PT-2026-44671
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 148.0.7778.216 Description An uninitialized use issue allows a remote attacker to execute arbitrary code within a sandbox. This is achieved by convincing a user to perform specific UI gestures while...
PT-2026-44629
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An uninitialized use in WebGL allows a remote attacker to leak cross-origin information, which is data from a different origin than the one that initiated the request, by...
PT-2026-44627
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An out of bounds read in WebGL allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. An out of bounds read occurs when the system reads...
PT-2026-44698
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in WebAppInstalls on Mac. A remote attacker can potentially exploit heap corruption—a condition where memory allocation on the heap is corrupted—via a...
PT-2026-44704
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description An out of bounds read in WebRTC allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. An out of bounds read occu...
PT-2026-44211
A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...
PT-2026-44496
Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT FOLLOWLOCATION is set without CURLOPT REDIR PROTOCOLS STR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTT...
PT-2026-44490
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description A logic error in the validation of expiration timestamps allows a time-bounded access token to remain usable after its intended validity window has closed. This enables an unauthenticated acto...
PT-2026-44489
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description A path traversal issue exists in the dashboard management functionality. An authenticated user with limited permissions can create a dashboard using a specially crafted identifier. If an...
PT-2026-44535
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An authenticated user with connector management privileges can perform a Server-Side Request Forgery SSRF, which is a flaw that allows an attacker to induce the server-side application to make...
PT-2026-44778
These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44793
These are all security issues fixed in the gdk-pixbuf-loader-libheif-1.22.2-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44549
Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...
PT-2026-44733
Name of the Vulnerable Software and Affected Versions FUXA version 1.3.0-2773 Description When secureEnabled is set to true, the software fails to properly restrict access to protected read endpoints. Requests made without a token or with an invalid token are treated as guest contexts rather than...
PT-2026-44785
These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44786
These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44783
These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44729
Name of the Vulnerable Software and Affected Versions compliance-trestle version 4.0.2 Description The profile import mechanism in the compliance-trestle library fails to perform boundary checks when resolving trestle:// URIs and relative file paths. By joining these paths with trestle root and...
PT-2026-44380
Name of the Vulnerable Software and Affected Versions Debug Log Manager – Conveniently Monitor and Inspect Errors versions prior to 2.5.1 Description The plugin is subject to improper output neutralization for logs. The log js errors AJAX handler is registered for unauthenticated users via wp aja...
PT-2026-44413
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21 Description The jwt and jwk middlewares fail to verify that the Authorization header value utilizes the Bearer scheme. Consequently, any two-part header value is processed for JWT verification regardless of the...
PT-2026-44415
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21 Description The serialize function in hono/cookie fails to validate the sameSite and priority options against characters that can corrupt Set-Cookie header syntax, such as semicolons, carriage returns, and line...
PT-2026-44205
The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...
PT-2026-44725
Name of the Vulnerable Software and Affected Versions Dulwich versions prior to 1.2.5-1.1 Description Command injection occurs in the ProcessMergeDriver when the file path from the git tree is substituted into the merge driver command via the %P placeholder. This command is then executed using...
PT-2026-44206
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'append where sql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and...
PT-2026-44277
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A Use-After-Free UAF issue exists in the sched ext component. The functions scx group set weight, scx group set idle, and sc...
PT-2026-44330
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vsock/virtio component where non-linear skbs socket buffers result in an empty payload in the tap skb. The virtio transport build skb function utilizes virtio...
PT-2026-44345
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A null pointer dereference can occur in the rockchip rkcif component when a stream is enabled. This happens because certain pads lack the MUST CONNECT flag, which is required to verify that...
PT-2026-44361
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the batman-adv module, BAT IV caches an originator pointer in each neigh node derived from a temporary lookup. This pointer is not owned by the neigh node and may refer to an invalid...
PT-2026-44362
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A runtime power management PM reference count leak exists in the ov5647 I2C driver. Specifically, three control cases—AUTOGAIN, EXPOSURE AUTO, and ANALOGUE GAIN—return directly without...
PT-2026-44324
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the drm/xe component when the xe gem prime import function is called. Specifically, if the xe dma buf init obj function fails, the attachment created by dma buf...
PT-2026-44325
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description The hid-appletb-kbd driver contains an issue where the autodim code attempts to acquire backlight device-ops lock via backlight device set brightness and mutex lock from atomic contexts. Th...
PT-2026-44342
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A use-after-free issue exists in the Linux kernel within the spi: mpc52xx component. The state machine work is scheduled by...
PT-2026-44275
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A race condition exists in the ieee80211 invoke fast rx function within the mac80211 wireless driver. The rx result variable...
PT-2026-44305
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel stack memory leak occurs in the pseries/papr-hvpipe component. The hdr variable is allocated on the stack, but only hdr.version and hdr.flags are explicitly initialized. Since t...
PT-2026-44593
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description A use after free issue in the Browser component allows a remote attacker to execute arbitrary code when a user opens a specially crafted HTML page. Use after free is a memory...
PT-2026-44696
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in WebRTC allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occurs...
PT-2026-44375
An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...
PT-2026-44459
Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the is safe url helper used to validate post-login redirect targets applied urljoinrequest.host url, target before parsing, while the controller passed the raw target to redirect. ...
PT-2026-44506
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: Opera. Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulnerability allows unauthenticated attacker with network...
PT-2026-44462
An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file...
PT-2026-46076
Уязвимость программного обеспечения Blitz Identity Provider связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить межсайтовые сценарные атаки XSS...
PT-2026-44373
bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2 version 1.0.9...
PT-2026-44464
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy dict.updatejson input.copy, overwriting trusted target data that was previously set fro...