184319 matches found
PT-2026-52595
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description WebSocket endpoints lack proper authentication mechanisms, which allows attackers to impersonate charging stations. This flaw can be exploited to gain unauthoriz...
PT-2026-52331
In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SO ATTACH FILTER to priv users This patch restricts the use of SO ATTACH FILTER cBPF on TCP sockets to users with CAP NET ADMIN capability. This blocks potential side-channel attack where an unprivileged application...
PT-2026-52347
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hci alloc dev Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hci register dev completes, the HCI UNREGISTER flag is...
PT-2026-52332
In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebu pwm suspend and mvebu pwm resume are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks without PWM have...
PT-2026-52199
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 8.3 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Improper URL validation in mirror synchronization allows an authenticated user with maintainer-role...
PT-2026-52572
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where an un-negotiated Raw Public Key RPK, as defined in RFC 7250, is accepted instead of an X.509 certificate, allowing the bypass of chain...
PT-2026-55844
justhtml: to markdown code-span blank-line breakout enables XSS Summary In justhtml 0.9.0 through 1.21.0, to markdown renders text and text inside a link as an inline Markdown code span whose only protection is backtick-fence length. A blank line in that text terminates the inline span in any...
PT-2026-55841
Summary The RealIP middleware in go-chi/chi is vulnerable to IP spoofing because it blindly trusts the first leftmost element of the X-Forwarded-For HTTP header. This allows a remote attacker to bypass IP-based access control lists ACLs and rate-limiting mechanisms by providing a spoofed IP addre...
PT-2026-55846
Summary The /list relationships and /retrieve graph neighborhood endpoints call getAuthenticatedUserId confirming a valid session exists but do not pass the resolved user ID into the Supabase query as an .eq"user id", userId filter. As a result, queries return rows from all users rather than...
PT-2026-52562
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Certificates containing wildcard DNS Subject Alternative Names SANs, such as .example.com, bypass name-constraint checks performed by the Certificate Authority C...
PT-2026-52599
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A TLS 1.3 post-handshake authentication PHA issue exists where a server may accept a client's Finished message even if the client has not provided a Certificate and CertificateVerify. This...
PT-2026-52203
Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.6 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description Insufficient authorization checks could allow an authenticated user with limited permissions to access project...
PT-2026-52643
Name of the Vulnerable Software and Affected Versions Lemur affected versions not specified Description An authorization bypass exists in the StrictRolePermission and AuthorityCreatorPermission classes within lemur/auth/permissions.py. When the configuration flags LEMUR STRICT ROLE ENFORCEMENT an...
PT-2026-52570
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...
PT-2026-52425
Name of the Vulnerable Software and Affected Versions WP Activity Log versions prior to 5.6.3.2 Description A Cross-Site Scripting XSS issue exists that allows exploitation at the subscriber level. XSS is a flaw where malicious scripts are injected into trusted websites. Recommendations Update to...
PT-2026-52191
Name of the Vulnerable Software and Affected Versions Dokan Pro versions prior to 5.0.5 Description The Dokan Pro plugin for WordPress contains a time-based SQL Injection flaw. This issue occurs because user-supplied parameters are not sufficiently escaped and the SQL query is not properly...
PT-2026-52574
Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.5.0 Description An issue exists where authenticated Custom users with the ManageUsers permission can escalate privileges to remove Admin accounts from an organization. This occurs due to a missing role...
PT-2026-52518
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description When running pnpm install in non-frozen mode, the package manager may accept new remote package content even after detecting that the downloaded tarball does not match th...
PT-2026-52490
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 commit bb58a2d0 added limits: fileSize to createMulterInstance in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that w...
PT-2026-52390
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation...
PT-2026-52388
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...
PT-2026-52456
Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...
PT-2026-52267
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dma length dma length derives DMA region usage from command stream values and updates region size: len = len + stride0 size0 + stride1 size1 region sizeregion = max..., len + dma-offset...
PT-2026-52305
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the register shm helper function. The function allocates shared memory shm before calling iov iter npages. If iov iter npages returns 0, the function incorrectly...
PT-2026-52315
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component where the ebt redirect tg function dereferences the return value of br port get rcu without a NULL check. This can lead to a kernel panic if a...
PT-2026-52543
Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...
PT-2026-52383
An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...
PT-2026-52384
An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...
PT-2026-52441
Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...
PT-2026-52553
Name of the Vulnerable Software and Affected Versions CANBoat versions prior to 6.23 Description An off-by-one global buffer overflow exists in the searchForPgn function within the analyzer/pgn.c file. A remote attacker can trigger an out-of-bounds array access and cause a denial of service,...
PT-2026-52393
An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation...
PT-2026-52447
Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description Nokogiri is an open source XML and HTML library for the Ruby programming language. The Nokogiri::XML::NodeSet function and its alias slice performs a bounds check on the requested index using a...
PT-2026-52455
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...
PT-2026-52438
Contributor Broken Access Control in Slim SEO = 4.6.2 versions...
PT-2026-52592
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A JWT algorithm confusion flaw exists in the JWT Authorization Grant flow. An attacker possessing valid client credentials can bypass signature verification by forging an assertion. This...
PT-2026-52509
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in org.keycloak.authorization allows an authenticated user who possesses a User-Managed Access UMA permission ticket for a single resource to bypass per-resource access control. By...
PT-2026-52385
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...
PT-2026-52605
Name of the Vulnerable Software and Affected Versions wolfSSL version 5.9.0 Description The functions wc Blake2bHmacFinal and wc Blake2sHmacFinal discard the message when the key length exceeds the block size. This occurs because the key-hashing branch reinitializes the running hash state, which...
PT-2026-52640
Summary Description An Authorization Bypass Through User-Controlled Key CWE-639 exists in OpenAM's stateful OAuth2 token-read path. Under certain conditions, this may allow an attacker to forge OAuth2 bearer tokens and OIDC ID tokens with arbitrary subject, client, realm, and scope. This affects...
PT-2026-52444
Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Mac versions prior to 2.3 Description An OS Command Injection issue exists where special elements used in an OS command are not properly neutralized. This allows a low privileged attacker with local...
PT-2026-52461
Name of the Vulnerable Software and Affected Versions List::SomeUtils::XS versions prior to 0.59 Description A heap buffer overflow exists in the pairwise function. The function collects values returned by a block into a heap buffer sized according to the longer input array. When the buffer needs...
PT-2026-52159
Name of the Vulnerable Software and Affected Versions Rapid7 InsightConnect Sed Plugin on Linux affected versions not specified Description Insufficient input validation in the Sed Plugin allows authenticated attackers to read arbitrary files. This is achieved by manipulating the expression...
PT-2026-52493
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId...
PT-2026-52381
An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...
PT-2026-52460
Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage...
PT-2026-52557
Name of the Vulnerable Software and Affected Versions SeaweedFS versions prior to 4.30 Description The S3 API gateway and the Iceberg REST catalog gateway use a router configuration that disables path cleaning. This allows a .. segment within a URL to persist during routing. For example, a reques...
PT-2026-52635
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...
PT-2026-52212
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where a secondary requesting a transfer does not need to provide a client certificate when the request is made over TLS via the regular tls-port...
PT-2026-52636
The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...
PT-2026-52419
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...