175418 matches found
PT-2026-44366
Name of the Vulnerable Software and Affected Versions FlowIntel versions prior to 3.3.1 Description An issue exists in the external reference URL probe functionality within app/case/task.py. An attacker can submit an external reference URL to force the application server to issue an HTTP HEAD...
PT-2026-46077
Уязвимость программного обеспечения Blitz Identity Provider связана с подделкой межсайтовых запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, осуществить CSRF-атаку...
PT-2026-44502
Warning: Critical vulnerability in Dell Container Storage Modules CVE-2026-40710 CVSS:10.0 exposes hardcoded credentials in public repos, allowing remote attackers to compromise sessions, exfiltrate data, and move laterally. https://t.co/aVABoqwNel Patch Patch Patch...
PT-2026-44402
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9 B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...
PT-2026-44539
A reflected cross-site scripting issue exists in URL handling...
PT-2026-44601
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An inappropriate implementation in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML pag...
PT-2026-44679
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 148.0.7778.216 Description An inappropriate implementation allows a remote attacker to inject arbitrary scripts or HTML Universal Cross-Site Scripting - UXSS, a vulnerability where a script can bypass the...
PT-2026-44566
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An inappropriate implementation in the input handling allows a remote attacker who has compromised the renderer process to bypass site isolation by using a crafted HTML page...
PT-2026-44576
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HT...
PT-2026-44680
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description An uninitialized use in Gamepad allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A sandbox esca...
PT-2026-44721
Name of the Vulnerable Software and Affected Versions Capsule versions prior to 0.13.0 Description The Capsule Controller runs with cluster-admin privileges. A flaw exists in the HandleSection function within the internal/controllers/resources/processor.go file, where the processing logic for...
PT-2026-44416
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21 Description In the app.mount function, the mount prefix is stripped from the incoming request path using the raw URL pathname, whereas route matching is conducted against the percent-decoded path. This...
PT-2026-44594
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in the UI allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML...
PT-2026-44182
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An authenticated user with existing organization membership can exploit a flaw by accessing user-facing APIs, such as the account API, or by requesting an OpenID Connect OIDC token with the...
PT-2026-44194
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw allows a remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker who has compromis...
PT-2026-44638
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description An out of bounds write exists in Dawn, which allows a remote attacker to perform an out of bounds memory write by using a crafted HTML page. An out of bounds write occurs when a...
PT-2026-44258
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the nvmet-tcp module between the handling of Initialization Connection Requests ICReq and queue teardown. The function nvmet tcp handle icreq updates the...
PT-2026-44256
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An out-of-bounds read exists in the RDMA Soft RoCE rxe driver. A single unauthenticated UDP packet containing an unknown opcode can trigger a kernel panic. The issue occurs because the driv...
PT-2026-44331
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the batman-adv module, TP meter sessions remain linked on bat priv-tp list after a netlink request finishes. When the mesh interface is removed, the batadv mesh free function tears do...
PT-2026-44318
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SMB client where the server-supplied dacloffset is added to pntsd before verifying if a DACL header fits within the returned security descriptor. On 32-bit builds,...
PT-2026-44347
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer object bo leak occurs in the xe dma buf init obj function. When drm gpuvm resv object alloc fails, the pre-allocated storage bo is not freed. Because xe gem prime import cannot...
PT-2026-44314
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An out-of-bounds font access occurs in the fbcon rotate font function when console rotation fails. The system retains the ol...
PT-2026-44348
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A teardown order issue exists in the rspi SPI controller. The driver fails to deregister the controller before releasing underlying resources, such as DMA, during the driver unbind...
PT-2026-44326
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A flaw exists in the cadence-quadspi SPI driver where an unclocked register access can occur during driver unbind. This...
PT-2026-44334
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the msm ioctl gem info get metadata function where it unconditionally returns 0, ignoring error codes stored in ret. This occurs when the user buffer is too small or...
PT-2026-44358
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the saa7164 dev setup function within the media component. The system fails to verify the return values of ioremap for BAR0 or BAR2. This lack of validation can lead to...
PT-2026-44343
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The sdma v4 0 ring emit fence function contains two BUG ON assertions used to verify that fence writeback addresses are dword-aligned. Unprivileged users can trigger these assertions by...
PT-2026-44350
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free or type confusion issue exists in the SCTP implementation of the Linux kernel. In the sctp sendmsg function, the SCTP SENDALL path iterates through associations using li...
PT-2026-44264
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the powerpc/xive component when allocating MSI-X vectors for an NVMe device. The system creates a xive irq data structure and stores it in irq data-chip data. Whe...
PT-2026-44239
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.47 Description A slab-use-after-free and out-of-bounds write issue exists in the Linux kernel's xfrm module. The problem occurs within the xfrm state delete function, where unhashing of byseq and byspi lists...
PT-2026-44412
Name of the Vulnerable Software and Affected Versions GitButler versions prior to 0.19.7 Description A remote code execution issue exists in the Tauri-based desktop application. An attacker can inject a malicious link into a pull request body; if a user clicks this link, it allows for arbitrary...
PT-2026-44515
Name of the Vulnerable Software and Affected Versions Oracle Internet Procurement Connector versions 12.2.3 through 12.2.15 Description An issue in the Internal Operations component allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation c...
PT-2026-44543
Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.5.6 Description A stored cross-site scripting issue exists in instances configured with SSO/OAuth authentication. A low-privilege user can execute arbitrary JavaScript in an administrator's browser session by settin...
PT-2026-44540
Name of the Vulnerable Software and Affected Versions ai-goofish-monitor affected versions not specified Description An unauthenticated arbitrary file read issue exists in Windows deployments. Remote attackers can read arbitrary files by supplying absolute Windows paths or backslash-based travers...
PT-2026-44494
Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm unpack 24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...
PT-2026-44387
Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...
PT-2026-44411
Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.227.1 Description Zed builds SSH/WSL remote commands as a shell command string starting with exec env ..., where environment variable keys are inserted without shell quoting or validation. An attacker who can control an...
PT-2026-44461
An issue in SourceBans Material Admin before v.1.1.6 3ecd95e allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call...
PT-2026-44532
Vulnerability in Oracle REST Data Services component: General. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability c...
PT-2026-44507
Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0 Description An issue in the Core component allows a low privileged attacker with network access via HTTPS to compromise the system. Exploitation is difficult and requires human interacti...
PT-2026-44525
Vulnerability in Oracle REST Data Services component: Mongoapi. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability...
PT-2026-44390
Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists in the media plugin. Attackers can inject malicious scripts using specially crafted...
PT-2026-44395
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decode complete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...
PT-2026-44456
Name of the Vulnerable Software and Affected Versions Tapo L535E versions 1.0 and 3.0 Tapo P300 version 1.0 Tapo D100C version 1.0 Description Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. An attacker within Bluetooth range could use sniffi...
PT-2026-44191
The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmart widget' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
PT-2026-44726
Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions prior to 0.0.17 Description The go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 modules leak one file descriptor on each successful ParseFile call. This occurs because ParseFile opens the...
PT-2026-44585
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description A use after free issue in WebGL allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw tha...
PT-2026-44493
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper neutralization of input during web page generation allows for stored HTML injection. A user with write access to an Elasticsearch index can persist crafted markup that is not...
PT-2026-44510
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An authenticated low-privileged user can cause a denial of service by submitting a specially crafted Timelion visualization expression containing deeply chained function calls. This leads to...
PT-2026-44693
Name of the Vulnerable Software and Affected Versions Google Chrome on ChromeOS versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in the Media component allows a remote attacker who has compromised the renderer process to obtain potentially sensitive...