184321 matches found
PT-2026-55842
Summary The vulnerability allows the Request.RemoteAddr to be spoofed when determining the request source IP via the X-Forwarded-For header. This could result in misidentification of the request source and potentially compromise access control and logging integrity. Details Currently, the RealIP...
PT-2026-52432
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...
PT-2026-52545
Name of the Vulnerable Software and Affected Versions NewsBlur versions prior to 14.5.0 Description Authenticated users can perform server-side request forgery SSRF via the 'add url' endpoint. This occurs because the application fails to filter private IP addresses, allowing arbitrary server...
PT-2026-52614
Name of the Vulnerable Software and Affected Versions Flowise versions 3.0.0 through 3.0.7 Description Flowise fails to invalidate existing sessions and session tokens after a user changes their password. This allows an attacker who possesses an active session, such as through a stolen session...
PT-2026-52210
Name of the Vulnerable Software and Affected Versions NSD version 4.13.0 Description A heap use-after-free bug exists when logging errors on TLS connections. This issue can be triggered by sending a DNS query over a DNS over TLS DoT connection and closing the connection before reading the respons...
PT-2026-52579
Name of the Vulnerable Software and Affected Versions relibc version 61f42d Description A flaw in the pthread rwlockattr setpshared function allows attackers to trigger a Denial of Service DoS by providing crafted input. Recommendations As a temporary workaround, consider restricting the use of t...
PT-2026-52188
OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...
PT-2026-52410
Name of the Vulnerable Software and Affected Versions Visual Link Preview versions 2.3.1 and earlier Description Subscriber sensitive data exposure occurs in the software, potentially allowing unauthorized access to private information. Recommendations Disable or isolate the software immediately...
PT-2026-52252
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Use-after-free bugs exist in the error paths of the nvmem core. The issue occurs when the nvmem device put function is called, potentially freeing underlying memory and resources, while...
PT-2026-52464
The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...
PT-2026-52262
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the remove waiter function during a self-deadlock scenario. When FUTEX CMP REQUEUE PI requeues a non-top waiter that already owns the target PI futex...
PT-2026-52505
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A realm administrator with the manage-realm role can probe arbitrary filesystem paths by submitting an arbitrary path as a keystore parameter during the creation of a key provider component...
PT-2026-52382
An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash...
PT-2026-52477
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0671 Description When opening a file encrypted using the VimCrypt04! or VimCrypt05! methods which utilize xchacha20poly1305 and require the +sodium feature, an unsigned length calculation underflows if the file body i...
PT-2026-52478
Name of the Vulnerable Software and Affected Versions Vim versions 9.1.1784 through 9.2.0677 Description When the bundled zip plugin autoload/zip.vim uses PowerShell to browse, read, extract, update, or delete entries in a zip archive, it constructs the PowerShell command by quoting archive entry...
PT-2026-52479
Name of the Vulnerable Software and Affected Versions Vim versions 9.2.0320 through 9.2.0678 Description A flaw exists where a crafted undo or swap file can store a virtual-text property with an offset and length that point outside the line's property data. When the software restores or displays...
PT-2026-52480
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0698 Description A stack out-of-bounds write occurs in the single-byte branch of the spell soundfold sofo function within src/spell.c. When a SOFO-based spell language is active, the copy loop translates a word using ...
PT-2026-52481
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0699 Description Python omni-completion in the text editor executes reconstructed function and class definitions from the current buffer using the exec function to populate the completion dictionary. Because docstring...
PT-2026-52637
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...
PT-2026-52492
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description An authenticated user can upload files into the tool resources such as context or execute code of any agent without the required ownership or EDIT permissions. This occurs because the 'POST...
PT-2026-52245
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tb property parse dir does not check that content offset + content len fits within block len for the root directory case. When rootdir-length equals or exceeds block len - 2...
PT-2026-52601
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An out-of-bounds write occurs in the SetSuitesHashSigAlgo function when processing an oversized signature algorithms list. This flaw allows data to be written pa...
PT-2026-52617
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode within reduce methods. This allows attackers to embed undetected code in pickle files...
PT-2026-52603
Name of the Vulnerable Software and Affected Versions ML-KEM affected versions not specified Description An issue exists in the ARM64 NEON ciphertext comparison where only half of the input is compared. This failure breaks the implicit rejection of the Fujisaki-Okamoto transform—a method used to...
PT-2026-52442
Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...
PT-2026-52519
Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description On 32-bit systems, the jvp string append function is susceptible to integer or multiplication overflow, which can lead to a significant buffer overrun. A buffer overrun occurs when a program writes more...
PT-2026-52613
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description Missing validation of the chatflowId and chatId parameters in file handling operations allows unauthenticated attackers to perform arbitrary file access. By using path-traversal values, an attacker c...
PT-2026-52501
ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...
PT-2026-52195
Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.4 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description Improper sanitization of user-supplied input allows an authenticated user with developer-role permissions to...
PT-2026-52487
Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create...
PT-2026-52440
Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...
PT-2026-52427
Name of the Vulnerable Software and Affected Versions License Manager for WooCommerce versions prior to 3.0.16 Description An unauthenticated Insecure Direct Object Reference IDOR exists in the software. IDOR is a type of access control vulnerability that occurs when an application provides direc...
PT-2026-52598
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The WebSocket backend uses charging station identifiers to uniquely associate sessions but permits multiple endpoints to connect using the same session identifie...
PT-2026-52344
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Unprivileged applications can set Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options. This allows an attacker to force packets to route through...
PT-2026-52368
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the OP-TEE driver of the Linux kernel. This occurs when a client task terminates while a supplicant is still processing its request. Because the client m...
PT-2026-52365
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the IP Virtual Server IPVS where the ip vs edit service function clears the svc-scheduler pointer after the scheduler module has already initiated Read-Copy-Update RCU...
PT-2026-52367
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the erofs component. The z erofs decompress kickoff function can race with the filesystem unmount process, leading to a use-after-free on sbi-sync...
PT-2026-52362
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description An issue exists in the netfilter nft ct component where the system fails to properly handle template connection tracking ct during evaluation. When a rule sets a connection tracking zone...
PT-2026-52363
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the netfilter conntrack irc helper. The issue occurs when parsing fails after a command string has been matched; the system attempts to match a different...
PT-2026-52369
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A logic flaw in the smc setsockopt function allows a local unprivileged user to cause a Denial of Service DoS. The issue occurs because the function calls copy from sockptr while holding...
PT-2026-52372
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the arm64 KVM implementation, the functions walk s1 and kvm walk nested s2 require the kvm-srcu lock to be held to prevent issues during memslot changes. However, kvm at s12 and kvm...
PT-2026-52360
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A check-then-act race condition exists in the dm cache policy smq. The smq invalidate mapping function performs a check on the e-allocated variable outside of the mq-lock critical sectio...
PT-2026-52358
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An off-by-one error exists in the lowpan iphc mcast ctx addr compress function. The second memcpy operation incorrectly uses &data1 as the destination and &ipaddr-s6 addr11 as the source...
PT-2026-52370
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists when processing Multicast Listener Discovery MLD queries. A pointer to the multicast group address is retrieved during initial packet parsing but is later dereferenced...
PT-2026-52311
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 driver where the XDP path initializes every xdp buff with PAGE SIZE as the frame size, regardless of whether the buffer is from a short or long BM pool...
PT-2026-52406
In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...
PT-2026-52511
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A trust-chain bypass exists in the OpenSSL compatibility certificate verifier function wolfSSL X509 verify cert. This issue occurs in builds configured with --enable-opensslextra when an...
PT-2026-52517
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The tarball extraction worker in the pnpm package manager fails to perform integrity verification when the integrity field is missing from the lockfile resolution. This...
PT-2026-52552
RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...
PT-2026-52463
A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...