184319 matches found
PT-2026-52491
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description A flaw exists in the markdown artifact preview pipeline. The generateMarkdownHtml function located in client/src/utils/markdown.ts utilizes a custom image renderer that triggers a fallback to t...
PT-2026-52400
Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed Over-the-Air OTA requests can cause the OTA server parser to perform out-of-bounds reads, which occurs when the software reads data outside the intended boundary of a buffer. This allows ...
PT-2026-52556
SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations AES encryption/decryption and hashing. DPA Countermeasures on SYMCRYPTO can be weakened reduced entropy by forcing certain seed values if an attacker gains code...
PT-2026-52185
OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction...
PT-2026-52454
Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...
PT-2026-52616
Name of the Vulnerable Software and Affected Versions Flowise affected versions not specified Description An unauthenticated path traversal issue exists in the '/api/v1/document-store/loader/process' endpoint. This flaw allows attackers to write arbitrary files to the filesystem by using...
PT-2026-52573
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An issue exists where chain intermediate certificates asserting CA:TRUE but lacking the keyCertSign key usage were accepted as signing CAs. This occurs because chain-supplied temporary CAs...
PT-2026-52268
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPU SET IFM REGION extracts the region index with param & 0x7f, giving a maximum value of 127. However region size and output region in struct ethosu...
PT-2026-52513
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm passes the git resolution.commit value from the lockfile to the git fetch command without using a -- separator or performing commit-format validation. When git...
PT-2026-52458
A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...
PT-2026-52530
Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...
PT-2026-52494
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.5 Description LibreChat is an enhanced ChatGPT clone supporting multiple AI providers. The MCP OAuth implementation fails to validate that the resource parameter from OAuth Protected Resource metadata RFC 9728...
PT-2026-52431
Name of the Vulnerable Software and Affected Versions Post Snippets versions prior to 4.0.20 Description Remote attackers with contributor-level permissions can execute arbitrary code on the server. Recommendations Update Post Snippets to version 4.0.20 or later...
PT-2026-52408
Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 5.5 HF1 Description An Improper Limitation of a Pathname to a Restricted Directory, also known as Path Traversal, allows a high privileged attacker with remote access to potentially achieve Remote...
PT-2026-52186
OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...
PT-2026-52300
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the stratix10-rsu firmware component during the probe process. When the rsu send msg function returns a timeout error -ETIMEDOUT, certain error paths...
PT-2026-52231
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference and buffer over-read exist in the SDP debugfs. The function dp sdp message debugfs write dereferences connector-base.state-crtc without verifying if it is NULL...
PT-2026-52259
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null-pointer dereference occurs in the remove waiter function when triggered via FUTEX CMP REQUEUE PI. This happens because task blocks on rt mutex does not arm the waiter during...
PT-2026-52260
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iommu dma iova link swiotlb function when processing unaligned mappings divided into head, middle, and trailer parts. If the middle section is empty due to a lack ...
PT-2026-52327
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the network PHY subsystem where the sfp bus del upstream function is not called during a probe failure path. This results in the sfp-bus retaining a dangling upstream...
PT-2026-52261
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the iomap subsystem during buffered read failures. The function iomap finish folio read reports errors using fserror report iofolio-mapping-host, ... after...
PT-2026-52301
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the accel/ivpu component where the system fails to validate read and write indices in the firmware log buffer. If the firmware provides indices that exceed the data...
PT-2026-52339
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A failure to unlock the parent directory occurs in the nfsd4 create file function. This happens when the NFSD exports a filesystem using atomic create and that function returns an error...
PT-2026-52230
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A stale stack leak exists in the netfilter nft fib component. When using the NFT FIB RESULT OIFNAME result type, the destination register is declared with a length of IFNAMSIZ, but certa...
PT-2026-52238
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the xe driver during suspend or shutdown when no display is present. The driver uses the xe-info.probe display variable to track display hardware...
PT-2026-52237
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/v3d component regarding global performance monitor reference counting. In the SET GLOBAL ioctl, the v3d perfmon find function increases the reference count of...
PT-2026-52158
Name of the Vulnerable Software and Affected Versions OpenBSD versions prior to 7.10 Description A use-after-free issue exists in the sys/kern/sysv sem.c file. This occurs during a context switch following the tsleep function within sys semget, which can be exploited to allow local privilege...
PT-2026-52529
Heap buffer overread in wc PKCS7 DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...
PT-2026-52160
Name of the Vulnerable Software and Affected Versions Rapid7 InsightConnect Sed Plugin on Linux affected versions not specified Description An arbitrary file write issue exists where authenticated attackers can write controlled content to any file path. This is achieved by manipulating the...
PT-2026-52508
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the client registration service allows a remote attacker with a previously issued Registration Access Token RAT to re-enable a client that was explicitly disabled by an...
PT-2026-52507
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing...
PT-2026-52587
Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description A heap buffer overflow occurs in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The issue stems from an integer truncation when calculating the length of the ACK...
PT-2026-52597
Name of the Vulnerable Software and Affected Versions WebSocket Application Programming Interface affected versions not specified Description The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an...
PT-2026-52577
Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...
PT-2026-52422
Name of the Vulnerable Software and Affected Versions MDTF versions prior to 1.3.9 Description An unauthenticated Local File Inclusion LFI issue exists, which allows an attacker to read files from the local file system without requiring authentication. Recommendations Update to a version newer th...
PT-2026-52560
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description The AVX2-optimized ML-KEM implementation contains a logic error in the mlkem cmp avx2 function during the Fujisaki-Okamoto transform. In ML-KEM-1024 decapsulation, the constant-time ciphertex...
PT-2026-52403
Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write, which leads to process termination. This issue specifically affects devices that support the IAS Zone cluster...
PT-2026-52206
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.11 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description An incorrect authorization check allows an authenticated user with developer-role permissions to bypass...
PT-2026-52396
Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager DDPM Windows versions prior to 2.3 Description An Improper Access Control issue exists where a low privileged attacker with local access could potentially achieve code execution. Improper Access Control occu...
PT-2026-52596
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Charging station authentication identifiers are publicly accessible through web-based mapping platforms. Recommendations At the moment, there is no information...
PT-2026-52161
Name of the Vulnerable Software and Affected Versions Rapid7 InsightConnect Sed Plugin on Linux affected versions not specified Description An OS Command Injection issue exists in the Sed Plugin on Linux. Authenticated attackers can execute arbitrary operating system commands through the expressi...
PT-2026-52583
Name of the Vulnerable Software and Affected Versions qrscp affected versions not specified Description The C-STORE handler in the qrscp application fails to sanitize specific instances within attacker-supplied DICOM Digital Imaging and Communications in Medicine datasets. These unsanitized value...
PT-2026-52499
Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / and taking the last...
PT-2026-52489
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...
PT-2026-52391
Incomplete validation of the SOA record present in a catalog zone might lead to a crash...
PT-2026-52633
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...
PT-2026-52525
Name of the Vulnerable Software and Affected Versions pnpm versions 11.3.0 through 11.5.2 Description The pnpm stage download command derives a local filename using package name and version fields controlled by the registry. A crafted manifest can lead to a path traversal, allowing an attacker to...
PT-2026-52523
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions 11.0.0 through 11.5.2 Description pnpm can persist package-manager bootstrap metadata in the first YAML document of the pnpm-lock.yaml file. The issue occurs when pnpm incorrectly trusts an already...
PT-2026-52409
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...
PT-2026-52452
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...