184321 matches found
PT-2026-52420
Unauthenticated SQL Injection in MDTF = 1.3.7 versions...
PT-2026-52417
Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...
PT-2026-52604
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists in the EVP DigestVerifyFinal function where a zero-length tag could be accepted as valid during HMAC Hash-based Message Authentication Code...
PT-2026-52394
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
PT-2026-52424
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...
PT-2026-52466
K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plg user k2. A Registered Joomla user, by including the field K2UserForm=1 in a standard com users profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2 users tab...
PT-2026-52426
Name of the Vulnerable Software and Affected Versions H5P versions prior to 1.17.7 Description An unauthenticated Cross Site Scripting XSS issue exists, allowing an attacker to execute malicious scripts in the browser of a user without requiring authentication. Recommendations Update to a version...
PT-2026-52215
The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'post id' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of...
PT-2026-52450
Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description The CRuby native extension of this XML and HTML library can leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code has already accessed an attribut...
PT-2026-52504
Name of the Vulnerable Software and Affected Versions socat versions 1.8.0.0 through 1.8.1.1 Description A heap-based buffer overflow exists in the SOCKS5 DOMAINNAME reply parser during proxy connection setup. The issue stems from a sign-extension flaw where the domain name length byte is read as...
PT-2026-52465
K2 ≤ 2.26 renders the k2 users.image column directly into HTML src attributes via two distinct templates, in both cases without HTML escaping...
PT-2026-52619
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.201 Description A use after free issue exists in the Payments component. This flaw allows a local attacker with physical access to the device to potentially exploit heap corruption, which...
PT-2026-52626
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An issue exists in the performance and fault management framework where improper handling of deserialized data leads to SQL Injection. In the 'managers.php' file, the application processes the selecte...
PT-2026-52625
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software is subject to Session Fixation because the session regenerate id function is not called after a successful login. In th...
PT-2026-52628
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software contains a package import signature validation bypass that allows the use of self-signed packages. Recommendations Upda...
PT-2026-52627
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. A path traversal issue allows for arbitrary file read through the Report format file parameter. The process occurs in two stages:...
PT-2026-52624
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An open redirect issue exists due to the use of a substring check instead of a host check within the str contains$referer, CACTI PATH URL logic. When the login opts variable is set to '1', the auth...
PT-2026-52352
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: enforce HE/EHT cap/oper consistency Xiang Mei reports that mac80211 could crash if eht cap is set but eht oper isn't. Rather than fixing that for the individual users, enforce that both HE/EHT have consistent...
PT-2026-52361
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter bridge ebtables SNAT target regarding how the ARP sender hardware address rewrite is handled. While the Ethernet source address rewrite is managed via sk...
PT-2026-52187
OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max ttl, count, or time out request parameters due to insufficient input validation when constructing shell...
PT-2026-52506
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An issue exists where a remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, can bypass client Uniform...
PT-2026-52414
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...
PT-2026-52526
wolfSSL PKCS7 verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...
PT-2026-52378
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning...
PT-2026-52550
RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode ssr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit th...
PT-2026-52522
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions prior to 11.5.3 Description pnpm allows the installation of configDependencies declared in pnpm-workspace.yaml before command dispatch. A repository can declare pacquet or @pnpm/pacquet as a config...
PT-2026-52471
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
PT-2026-52335
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix use-after-free on first skb in input process payload input process payload stores first skb into xtfs-ra newskb under drop lock when starting partial reassembly, then unlocks and breaks out of the processing loop...
PT-2026-52357
In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tp ioctl pppol2tp ioctl read sock-sk-sk user data directly without any locks or reference counting. If a controllable sleep was induced during copy from user e.g. via a userfault...
PT-2026-52631
A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...
PT-2026-52621
Name of the Vulnerable Software and Affected Versions vtk vtk-dicom affected versions not specified Description A heap-based buffer overflow occurs in the vtkDICOMItem::NewDataElement function. A heap-based buffer overflow is a memory corruption issue that happens when a program writes more data ...
PT-2026-52488
Name of the Vulnerable Software and Affected Versions Zephyr affected versions not specified Description An issue in the IPv6 network stack allows a denial of service by sending a small number of maliciously fragmented IPv6 packets. When the fragment-header processing path handles these packets,...
PT-2026-52657
Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description Lemur is a TLS certificate management service that contains a critical authorization break resulting from a chain of three issues. First, the service auto-provisions new SSO identities as active withou...
PT-2026-55840
Name of the Vulnerable Software and Affected Versions Protego versions prior to 0.6.2-1.1 Description Security issues were identified in the Protego package within the openSUSE Tumbleweed distribution. Recommendations Update to version 0.6.2-1.1...
PT-2026-52235
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/v3d component where a compute shader dispatch CSD may be initiated with zero workgroup counts in the CFG0, CFG1, or CFG2 registers. This occurs during indirect...
PT-2026-52549
Name of the Vulnerable Software and Affected Versions RTKLIB versions prior to 2.4.4 Description An out-of-bounds write occurs in the decode type1033 function because length counters are not clamped to the destination buffer size. This allows an overflow of up to 191 bytes into fixed 64-byte...
PT-2026-52428
Name of the Vulnerable Software and Affected Versions Master Slider versions prior to 3.11.3 Description An unauthenticated cross-site scripting XSS flaw exists in the web-facing input handling. The issue stems from improper input validation and output encoding, which allows attacker-supplied...
PT-2026-52306
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft meta bridge: fix stale stack leak via IIFHWADDR register NFT META BRI IIFHWADDR declares its destination register with len = ETH ALEN 6 bytes, which the register-init tracking rounds up to two 32-bit registers 8...
PT-2026-52316
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ip6 vti module where the vti6 tnl lookup function fails to correctly validate tunnels during fallback searches. When an exact tunnel match fails, the system search...
PT-2026-52205
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.6 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Incorrect authorization checks in the group packages feature allow an authenticated user with...
PT-2026-52418
Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...
PT-2026-52434
Name of the Vulnerable Software and Affected Versions EventPrime versions prior to 4.3.4.2 Description PHP Object Injection occurs when an application deserializes untrusted data, allowing an attacker to manipulate the object structure and potentially execute arbitrary code or perform unauthorize...
PT-2026-52563
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An X.509 trust-chain bypass exists in the OpenSSL compatibility certificate verifier function wolfSSL X509 verify cert. This issue occurs in builds configured with --enable-opensslextra OPENS...
PT-2026-52221
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...
PT-2026-52654
Name of the Vulnerable Software and Affected Versions Lemur affected versions not specified Description An authorization bypass exists in the PUT /api/1/roles/ endpoint. The handler incorrectly allows any user who is a member of a specific role to modify that role, as the permission check is...
PT-2026-52373
A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...
PT-2026-52190
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block Attribute in all versions up to, and including, 6.1.4 due to insufficient input sanitization and output escaping. This...
PT-2026-52415
Name of the Vulnerable Software and Affected Versions Five Star Restaurant Reservations versions prior to 2.7.20 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass security restrictions and access restricted areas or functions of the...
PT-2026-55847
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish proxy connection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...
PT-2026-55845
Summary realip middleware in go-chi/chi trusts headers like x-forwarded-for without checking them, so attackers can fake their ip and bypass rate limits or access controls Details the vuln is in middleware/realip.go , the realIP function pulls IPs straight from client headers and replaces...