175418 matches found
PT-2026-44388
Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists due to unsanitized data-mce- attributes, specifically data-mce-href, data-mce-src, and...
PT-2026-44187
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An authenticated administrator possessing the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU flaw in name-based admin role checks. TOCTOU is a race condition where a...
PT-2026-44500
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...
PT-2026-44637
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An inappropriate implementation in WebGL allows a remote attacker to leak cross-origin data, which is information from a different origin than the one that initiated the...
PT-2026-44597
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description A use after free issue exists in WebView. This allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape by using a...
PT-2026-44626
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An uninitialized use in WebGL allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update t...
PT-2026-44656
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description A use after free issue in Views allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after...
PT-2026-44383
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...
PT-2026-44216
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...
PT-2026-47224
DelegatedRole. is target in pathpattern uses fnmatch.fnmatch to decide whether a given target path is authorized by a delegation's glob pattern. Python's fnmatch.fnmatch calls os.path.normcase on both arguments before matching. On POSIX hosts normcase is the identity function; on Windows hosts...
PT-2026-44200
The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'file upload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-44791
These are all security issues fixed in the gdk-pixbuf-loader-libheif-1.22.2-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44790
These are all security issues fixed in the gdk-pixbuf-loader-libheif-1.22.2-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44776
These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44781
These are all security issues fixed in the libsuricata8 0 5-8.0.5-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-44724
Name of the Vulnerable Software and Affected Versions python311-dulwich versions prior to 1.2.5-1.1 Description Security issues were identified in the python311-dulwich package. Recommendations Update to version 1.2.5-1.1...
PT-2026-44180
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the action get event data due to missing validation on a user controlled key. This makes it possible for authenticated attackers,...
PT-2026-44192
Name of the Vulnerable Software and Affected Versions json-2-csv versions 3.15.0 through 5.5.10 Description CSV Injection occurs when the preventCsvInjection option is bypassed, allowing an attacker to inject formulas into CSV files. These formulas execute automatically when the files are opened ...
PT-2026-44298
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An inconsistency occurs in the f2fs file system during Foreground Garbage Collection FGGC node block migration. The Garbage Collection process fails to clear the dentry and fsync marks...
PT-2026-44254
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the KVM x86 component regarding slow flush hypercalls. The use of the is guest modevcpu function is incorrect because translate nested gpa is only valid when an L2 guest ...
PT-2026-44249
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the RDMA mana component where the mana destroy wq obj cleanup process in mana ib create qp rss is handled...
PT-2026-44244
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the DAMON sysfs interface. Direct reads and writes of the memcg path and path files can race, as the write operation deallocates the buffer pointed to by...
PT-2026-44231
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the ipmi:si component where the driver fails to return to a normal state when message allocation fails,...
PT-2026-44262
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the SMB client, the build sec desc function uses a buffer allocated with kmalloc, which does not zero-initialize the memory. Due to a change in the struct smb acl where the num aces...
PT-2026-44297
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the x86 CPU AMD Zen2 op cache where shared resources are not properly isolated. This lack of isolation ca...
PT-2026-44327
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read issue exists in the drm/amdgpu/vcn4 component when parsing the Indirect Buffer IB. This occurs because the parsing process does not properly validate bounds,...
PT-2026-44319
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the tracepoint add func function where the subsystem's ext-regfunc is invoked before attempting to install a new probe via func add. If func add fails, such ...
PT-2026-44357
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vsock update buffer size function where the buffer size clamping order is incorrect. The system clamped the buffer size to the maximum value first and then to the...
PT-2026-44332
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An inconsistency exists in the calculation of sub-sampled plane dimensions within the drm gem fb init with funcs function. While the framebuffer check function uses DIV ROUND UP to round up...
PT-2026-44329
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the batman-adv module where the tp meter fails to reject new sender or receiver sessions during the...
PT-2026-44310
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF occurs in the RSI driver when there is a race condition between the self-exit operation kthread complete and exit and the external-stop operation kthread stop. This...
PT-2026-44355
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the HID playstation module where the dualshock4 parse report function fails to validate the number of touch reports provided by a device. If a device reports an excessiv...
PT-2026-44299
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An error path fall-through exists in the mlx5 ib dev res srq init function. When the function allocates two Send Receive Queues SRQs, s0 and s1, a failure in ib create srq for s1 causes...
PT-2026-44255
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A stack information leak exists in the rtnl fill vfinfo function. The function declares a struct ifla vf broadcast on the stack without initialization. This structure contains a 32-byte...
PT-2026-44392
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.0 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF file that causes excessive memory consumption. This occurs when extracting text in layout mode using large character offsets...
PT-2026-44232
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Linux kernel within the ULPI UTMI Low Pin Interface driver. When the ulpi of register or ulpi read id functions fail before device register is called, the...
PT-2026-44235
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A memory corruption issue exists in the RDMA hns component. The function hns roce qp remove is called without the required locks during the error unwind process within the hns roce create q...
PT-2026-44312
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A double free issue exists in the RDMA/vmw pvrdma component. The error path in the pvrdma alloc ucontext function triggers...
PT-2026-44290
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A heap leak exists in the usblp driver. The usblp read status function requests 1 byte of data, but if a malicious printer responds with zero bytes, the usblp ctrl msg function discards the...
PT-2026-44363
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the iris release internal buffers function. A regression was introduced where session release buf could free a buffer while the caller, iris release...
PT-2026-44351
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the spi: ch341 driver where device managed resources were tied to the parent USB device instead of the USB interface. This can lead to memory leaks when drivers are...
PT-2026-44340
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the DRM AMD GPU VCN4 module. This issue occurs during the message bound check, where an incorrect condition allows for an overflow to happen. Recommendation...
PT-2026-44341
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bounds checking issue exists in the Linux kernel DRM AMD GPU driver. The uvd, vce, and vcn components access the Indirect Buffer IB at predefined offsets without verifying if the IB is...
PT-2026-44308
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the symlink data function. This occurs because smb2 check message returns success without validating the length for the symlink error response...
PT-2026-44339
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel pagefault error occurs in the DRM/XE/HDCP component when media GT is disabled via configfs. In this scenario, the media gt variable remains NULL, causing the intel hdcp gsc chec...
PT-2026-44352
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue in the drm/amdkfd component allows stale data exposure during VRAM allocation. While the GEM ioctl path correctly sets the AMDGPU GEM CREATE VRAM CLEARED flag for userspace...
PT-2026-44282
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Time-of-Check to Time-of-Use TOCTOU race condition exists in the btrfs ioctl space info function. The function performs two passes over block group RAID type lists: the first to...
PT-2026-44230
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug exists in the rebalance children function within the dm-thin component. When an internal btree node contains a single entry, the system attempts to copy all btree entries from the...
PT-2026-44475
Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Ubuntu Linux version 6.17 Ubuntu Linux version 7.0 Description SAUCE patches contain a memory leak when handling large responses to AppArmor notifications. An unprivileged local user can trigger this issue, which may...
PT-2026-44484
Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Description An issue exists in the handling of AppArmor notifications within SAUCE patches, where a NULL pointer dereference a situation where the system attempts to read a memory address that is null, leading to a cra...