175418 matches found
PT-2026-44550
Impact A path traversal vulnerability in shame next allows an attacker-controlled shamefile.yaml to disclose contents of files outside the repository, one line at a time, to the terminal of a user who runs the command. See patch commit for technical details. Patches Fixed in 0.1.7. Upgrade to...
PT-2026-44780
These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44782
These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44775
These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44546
Name of the Vulnerable Software and Affected Versions Symfony Webhook Bridges versions prior to 6.4 Symfony Webhook Bridges versions prior to 7.4 Description The Mailjet mailer bridge and the LOX24 SMS notifier bridge contain webhook request parsers that fail to authenticate event callbacks. The...
PT-2026-44394
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...
PT-2026-44372
qSnapper: Vulnerable Privileged D-Bus Service https://t.co/uQxI7YkxyL GUI frontend for the Snapper utility for managing Btrfs snapshots. DoS, authentication bypass, information leaks, or even a local root exploit. SUSE discovered 5 CVEs CVE-2026-41045 through 41049 and more...
PT-2026-44584
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An out of bounds read in WebGL allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. An out of bounds read occurs when a program rea...
PT-2026-44476
Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Ubuntu Linux version 6.17 Ubuntu Linux version 7.0 Description SAUCE patches contain a possible NULL pointer dereference—a condition where the software attempts to read from a memory address that is null—during the...
PT-2026-44252
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the btrfs module within the create space info function error path. When kobject init and add fails, the system executes a call chain that leads to space inf...
PT-2026-44306
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A use-after-free issue exists in the Linux kernel within the DAMON sysfs schemes. The damon sysfs quot goal-path variable ca...
PT-2026-44272
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow occurs in the target tg pt gp members show function when formatting LUN paths using snprintf into a 256-byte stack buffer. Because iSCSI IQN names can reach 223 bytes,...
PT-2026-44485
Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Description An issue exists in the AppArmor AF INET/AF INET6 socket mediation code due to the use of an uninitialized variable. This flaw can be triggered by an unprivileged local user, potentially leading to incorrect...
PT-2026-44481
Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Ubuntu Linux version 6.17 Ubuntu Linux version 7.0 Description AppArmor SAUCE patches incorrectly validate the size of an internal structure, which leads to an out-of-bounds read in notification handling code. An...
PT-2026-44279
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the LoongArch architecture where the loongson gpu fixup dma hang function may fail to handle certain switch cases. This can lead to an Address Detection Error ADE...
PT-2026-44269
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ALSA usb-audio component within the convert chmap v3 function. The function contains a loop that uses the cs desc-wLength variable to determine the increment size...
PT-2026-44337
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs in the vsock/virtio component of the Linux kernel due to a transport mismatch. The function virtio transport recv listen invokes sk acceptq added before vsock assi...
PT-2026-44238
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description The biovec phys mergeable function, used in request merge, DMA mapping, and integrity merge paths, fails to verify if physically contiguous bvec segments belong to different dev pagemaps...
PT-2026-44295
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Linux kernel within the xfrm6 rcv encap function. When performing an IPv6 route lookup, the ip6 route input lookup function returns a referenced destination d...
PT-2026-44263
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth btmtk component where the btmtk usb hci wmt sync function casts WMT event response SKB data to struct btmtk hci wmt evt 7 bytes and struct btmtk hci wmt...
PT-2026-44273
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the fanotify system allows the fsnotify get mark safe function to return false for a mark on an unrelated group. This behavior leads to the bypassing of permission checks. The...
PT-2026-44261
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read and infinite loop exist in the hci le create big complete evt function. The function iterates over BT BOUND connections for a BIG handle using a while loop that...
PT-2026-44285
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A double free issue exists in the Linux kernel within the ice sf eth activate function. When auxiliary device add fails, the execution jumps to aux dev uninit and calls auxiliary device...
PT-2026-44311
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A NULL pointer dereference occurs in the octeon ep vf driver. The function napi build skb can return NULL if an allocation failure occurs. In octep vf oq process rx, the result of this...
PT-2026-44360
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An overflow issue exists in the drm/amdgpu/vcn3 component during the message bound check process. Recommendations At the moment, there is no information about a newer version that contai...
PT-2026-44384
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...
PT-2026-44487
vllm-project/vllm version 0.14.1 contains a vulnerability where the trust remote code=True parameter is hardcoded in two model implementation files vllm/model executor/models/nemotron vl.py and vllm/model executor/models/kimi k25.py. This bypasses the user's explicit --trust-remote-code=False...
PT-2026-44408
EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw Broken Access Control in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary notes without having the required edit permissions for the parent object. Due to a "write first,...
PT-2026-44520
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...
PT-2026-44203
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
PT-2026-44529
Name of the Vulnerable Software and Affected Versions Oracle Flow Manufacturing versions 12.2.9 through 12.2.15 Description A security issue in the Oracle Flow Manufacturing product of Oracle E-Business Suite allows a low privileged attacker with network access via SQL to compromise the system...
PT-2026-44176
This vulnerability in Veeam Service Provider Console allows for remote code execution...
PT-2026-44723
Name of the Vulnerable Software and Affected Versions OpenTelemetry Go affected versions not specified Description A denial-of-service issue exists due to the removal of raw-length rejection during baggage header parsing. The Parse function processes arbitrarily large or invalid baggage headers a...
PT-2026-44202
The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...
PT-2026-44598
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An out of bounds read and write issue in Dawn allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique...
PT-2026-44590
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description A use after free issue exists in the Bluetooth component. An attacker who convinces a user to install a malicious extension could potentially perform a sandbox escape—a process ...
PT-2026-44663
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 148.0.7778.216 Description An inappropriate implementation in the iOS version of the browser allows a remote attacker to leak cross-origin data, which is information from a different origin than the one...
PT-2026-44658
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanism that...
PT-2026-44672
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in the Bluetooth component of Google Chrome on Mac. This occurs when an attacker convinces a user to install a malicious extension, allowing the execution...
PT-2026-44628
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An uninitialized use in the GPU allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page. Recommendations Upda...
PT-2026-44378
The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...
PT-2026-44511
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Uncontrolled Resource Consumption in Kibana can lead to a denial of service through excessive allocation. An authenticated user can send a specially crafted compressed request payload that is...
PT-2026-44509
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Server-Side Request Forgery SSRF allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with...
PT-2026-44512
Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0 Description An issue exists in the Core component of Oracle REST Data Services. A low privileged attacker with network access via HTTPS can exploit this flaw to compromise the system,...
PT-2026-44207
Name of the Vulnerable Software and Affected Versions Eupago Gateway For Woocommerce WordPress plugin versions prior to 4.7.2 Description The plugin fails to properly restrict access to its refund request handler. This allows unauthenticated attackers to initiate refunds for any WooCommerce order...
PT-2026-44186
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can assign any realm role, including highly privileged ones, t...
PT-2026-44381
Name of the Vulnerable Software and Affected Versions logback versions prior to 1.5.33 Description Deserialization of untrusted data in the HardenedObjectInputStream module of logback-core allows for restricted Object Injection. An attacker capable of influencing serialized data sent to the...
PT-2026-44323
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the spi: mpc52xx component where the controller is not properly deregistered before the driver unbinds...
PT-2026-44173
The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...
PT-2026-44219
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wp ajax visualizer-create-chart...