184321 matches found
PT-2026-56929
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service DoS...
PT-2026-56991
Name of the Vulnerable Software and Affected Versions pdeljanov Symphonia versions prior to 0.6.1 Description A flaw in the Metadata Handler component allows a local attacker to cause a denial of service. Recommendations At the moment, there is no information about a newer version that contains a...
PT-2026-56979
A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service DoS. On EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific...
PT-2026-56923
Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules...
PT-2026-57038
Impact A user opens the cart page in the browser. In the background, the order gets completed, e.g. an admin changes the status, or the user finalizes payment in another tab. The browser still displays the old cart: the LiveComponent is unaware the underlying order state has changed. If the user...
PT-2026-56920
A weakness has been identified in D-link DIR-823G 1.0.2B05 20181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The...
PT-2026-56925
Name of the Vulnerable Software and Affected Versions Mercusys MW302R version MW302REU V1 1.4.10 Build 231023 Description A stack buffer overflow exists in the administrative web interface. This issue allows an authenticated attacker with administrative privileges to cause a system crash and a...
PT-2026-57023
psd-tools: arbitrary file write/read via smart-object path traversal Summary In psd-tools all releases exposing the SmartObject API through v1.17.0, SmartObject.save writes an embedded smart object to a path taken verbatim from the PSD file. Because that name is attacker-controlled and unsanitise...
PT-2026-56842
Summary Note Mark validates book and note slug values with the OpenAPI/huma tag pattern:"a-z0-9-+". huma compiles this with regexp.MustCompiles.Pattern and tests it with patternRe.MatchStringstr, an UNANCHORED match. Because the pattern is not anchored ^...$, any string that merely CONTAINS one...
PT-2026-57027
Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An issue exists in the erasespamedcomments wiki action, located in actions/EraseSpamedCommentsAction.php, which allows unauthenticated users to permanently delete arbitrary wiki pages. The action...
PT-2026-56922
A Roundcube zero-click XSS, CVE-2026-54433, lets an email run script with no click. Roundcube 1.7.2 also fixes a second stored XSS. Update now. Roundcube XSS ZeroClick Webmail StoredXSS CyberSecurity Vulnerability InfoSec https://t.co/pkdbSSekhy...
PT-2026-56710
The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the pg...
PT-2026-56733
The Bookero.pl – system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookero products shortcode's hide products and filter products attributes in versions up to and including 2.2. This is due to insufficient input sanitization and output escaping in...
PT-2026-56736
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the download recent decrypted file wptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
PT-2026-56719
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'color' Shortcode Attribute in all versions up to, and including, 5.113.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-56696
A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...
PT-2026-56729
An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...
PT-2026-56716
The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to and including 5.0.31. This is due to insufficient input sanitization and output escaping in the Advanced...
PT-2026-56708
Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...
PT-2026-56717
The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2026-56722
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'note before' and 'note after' Shortcode Attributes in all versions up to, and including, 3.3.61 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
PT-2026-56724
A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...
PT-2026-56709
Name of the Vulnerable Software and Affected Versions UAA versions prior to v78.13.0 Cf-deployment versions prior to v56.2.0 Description A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA. This allows the attack...
PT-2026-56704
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...
PT-2026-56730
The Block, Suspend, Report for BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter in versions up to and including 3.6.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
PT-2026-56735
The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.22.0. This is due to the plugin not properly verifying that a user is authorized to perform an...
PT-2026-56725
An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...
PT-2026-56705
During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...
PT-2026-56715
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.12.7 via the 'logKey' parameter parameter. This makes it possible for authenticated attackers, with administrator-leve...
PT-2026-56714
The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...
PT-2026-56718
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...
PT-2026-56721
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contact ids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...
PT-2026-56707
Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:boshservice wrapper.exe or C:boshbosh-agent.exe and gain NT AUTHORITYSYSTEM on the next service restart or reboot. This can lead to full host...
PT-2026-56732
Name of the Vulnerable Software and Affected Versions Pinniped go.pinniped.dev versions 0.11.0 through 0.46.0 Description A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions. This occurs when the server is configured with an...
PT-2026-56800
Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection. This issue affects PassGate: through 30042026...
PT-2026-57034
Summary YesWiki's Bazar widget handler reflects the id GET parameter into HTML attributes using strip tags only. Because strip tags does not escape double quotes, an attacker can break out of the attribute value, inject an event handler such as onmouseover, and execute arbitrary JavaScript in the...
PT-2026-56970
decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When processing symlink entries type === 'symlink', the x.linkname field from the archive is passed directly to fs.symlink without validation index.js line 121. The preventWritingThroughSymlink check on line 98...
PT-2026-56968
decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...
PT-2026-56969
decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...
PT-2026-56983
A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service DoS. When the reachability of an sFlow collector changes, the corresponding next-hop entry is...
PT-2026-57014
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0725 Description A flaw exists in the single-byte branch of the spell soundfold sal function within src/spell.c. When translating a word using a spell file's SAL sound-folding rules into a caller-owned result buffer,...
PT-2026-57013
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0736 Description The PHP omni-completion script in runtime/autoload/phpcomplete.vim fails to escape class or trait names taken from the edited buffer before interpolating them into a search pattern executed via win...
PT-2026-57015
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0735 Description The C omni-completion script in runtime/autoload/ccomplete.vim fails to escape the typeref: or typename: extension fields of a tags entry when interpolating them into a :vimgrep pattern executed via...
PT-2026-56883
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the file upload path accepted metadata.knowledge id and auto-linked uploaded files to a target knowledge base without applying the write-access check used by /api/v1/knowledge//file/add, allowin...
PT-2026-56880
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, get all models handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of key builder, causing permission-filtered per-user model lists to share a...
PT-2026-56873
An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line...
PT-2026-56908
Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...
PT-2026-56828
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the /api/v1/auths/signin endpoint looked users up by email and only ran bcrypt password verification when a credential existed, making registered-account attempts measurably slower than...
PT-2026-56728
When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...
PT-2026-56771
The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...