184315 matches found
PT-2026-52539
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.16 Description A scoped, non-admin user with only Create permission can delete arbitrary files outside their assigned scope, including other tenants' data and the application database. This occurs during the...
PT-2026-52622
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A signer confusion issue in PKCS7 verify allows for forged signatures. This occurs because the signer associated with a signature is not correctly bound, which...
PT-2026-52516
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm may send user-level unscoped npm authentication credentials to a registry specified in a repository-local .npmrc file. This occurs when a user's global configuration...
PT-2026-52590
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A length-confusion issue exists in the wolfSSL OCSP resp find status function. The lookup process compares serial-number bytes without verifying that the two serial numbers are of equal lengt...
PT-2026-52564
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An out-of-bounds heap read occurs during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key...
PT-2026-52341
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the SCTP server's processing of COOKIE ECHO chunks. When parsing the cached peer INIT chunk embedded after the cookie, the system fails to validate the chunk header leng...
PT-2026-52336
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA dummy sequencer port where events are forwarded by copying an incoming struct snd seq event into a stack temporary. Because the legacy event storage is smalle...
PT-2026-52338
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where an uninitialized stack variable is used within the rseq exit user update function. This occurs because the evaluation order of expressions in an initializer list is...
PT-2026-52328
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the netdev nl bind rx doit function. This occurs because genlmsg reply always consumes the socket buffer skb, but the error path incorrectly calls nlmsg...
PT-2026-52233
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write can occur during HDCP 2.x repeater authentication over HDMI. The driver reads the sink's RxStatus register and extracts a 10-bit message size field, which is then...
PT-2026-52232
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds heap write can occur during driver probe due to missing validation of the HdmiRegNum and Hdmi6GRegNum fields within the VBIOS integrated info tables v1 11 and v2 1. Thes...
PT-2026-52251
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the memory management subsystem where the set pmd migration entry function incorrectly uses pmd write, pmd soft dirty, and pmd uffd wp to determine the state of...
PT-2026-52250
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel within the hugetlb folio copy paths. When alloc hugetlb folio is used to allocate a hugetlb folio, it consumes a Virtual Memory Area VMA reservation. ...
PT-2026-52240
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL dereference exists in the get queue ids function within the drm/amdkfd component. When the usr queue id array is NULL and num queues is non-zero, the function returns NULL. Becaus...
PT-2026-52340
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mrp pdu parse vecattr function regarding the parsing of vector attribute events. The parser fails to decrement the valen variable after processing the third event ...
PT-2026-52342
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the mtk eth soc ethernet driver. The mtk free dev function calls metadata dst free, which uses kfree to immediately release metadata dst memory, bypassin...
PT-2026-52343
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the airoha network driver during metadata dst teardown. The function airoha metadata dst free invokes metadata dst free, which uses kfree to release...
PT-2026-52337
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA PCM component where the snd pcm drain function causes wait queue list corruption on linked streams. The function uses init waitqueue entry, which fails to cle...
PT-2026-52632
A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...
PT-2026-52611
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.10 Description An authenticated user can change their account password through the account settings Security section without providing the current password or any additional verification. This occurs because the...
PT-2026-52656
Lemur 1.9.0: JWT verifier trusts attacker-supplied alg from token header โ defense-in-depth gap; chain-dependent ATO with secret disclosure Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: JWT verifier trusts attacker-supplied alg from token header โ defense-in-depth gap;...
PT-2026-52156
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api host or api port parameters during connection configuration due to insufficient input validation...
PT-2026-52193
The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the โstaff idโ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
PT-2026-52567
Name of the Vulnerable Software and Affected Versions MSI NBFoundation Service version 2.0.2506.1201 Description Insecure permissions in the service allow a remote attacker to obtain sensitive information through the MSI SERVICE 2 pipe. Recommendations At the moment, there is no information about...
PT-2026-52208
The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...
PT-2026-52184
OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands...
PT-2026-52527
AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...
PT-2026-52500
ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credential id is supplied in t...
PT-2026-52548
MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and download url parameters. Attackers with default workspace USER role can...
PT-2026-52642
Name of the Vulnerable Software and Affected Versions opentelemetry sdk versions prior to 0.32.1 Description The BaggagePropagator::extract with context function in the opentelemetry sdk fails to enforce W3C Baggage size limits before parsing an inbound baggage header. An attacker can provide a...
PT-2026-52255
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find vma misuse fastrpc get args uses find vma to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned...
PT-2026-52254
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback A NULL pointer dereference was observed on Hawi at boot when the DSP sends a glink message before fastrpc rpmsg probe has completed initialization: Unable to handle...
PT-2026-52589
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw exists where X.509 name constraints can be bypassed when the Subject Common Name is treated as a DNS-type name. This allows a certificate to be accepted...
PT-2026-52618
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.201 Description An integer overflow exists in Mojo, a Chromium IPC Inter-Process Communication framework. This issue allows a remote attacker who has already compromised the renderer process to...
PT-2026-52503
Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...
PT-2026-52389
Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 5.5 HF1 Description An issue exists where the system accepts extraneous untrusted data mixed with trusted data. This occurs due to improper input validation, allowing attacker-controlled data to be...
PT-2026-52429
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...
PT-2026-52445
Name of the Vulnerable Software and Affected Versions Remote Keyless Entry System RKES using 433 MHz key fob FCC ID CWTR53R0 affected versions not specified Description The system is susceptible to a roll-back attack targeting its rolling-code authentication. An attacker within radio frequency...
PT-2026-52198
Name of the Vulnerable Software and Affected Versions GitLab EE versions 19.1 through 19.1.0 Description Insufficient output filtering in Duo Workflows could allow a user to access sensitive information that had already been committed to a project. Recommendations Update GitLab EE to version 19.1...
PT-2026-52571
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An out-of-bounds write exists in the Renesas TSIP TLS 1.3 transcript buffer. In the tsip StoreMessage function, a capacity check for the fixed message bag MSGBAG SIZE sets an error code but...
PT-2026-52591
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where SNI Server Name Indication and ALPN Application-Layer Protocol Negotiation bindings are missing during stateful session-ID resumption. This...
PT-2026-52399
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...
PT-2026-52576
Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.5.0 Description An issue exists in the IntegrationTemplateProcessor.ReplaceTokens function where user-controlled values are substituted into event-integration templates without proper JSON encoding. An...
PT-2026-52581
Name of the Vulnerable Software and Affected Versions @anthropic-ai/claude-code versions 2.1.59 through 2.1.127 Description The /copy command writes responses to a hardcoded and predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The resulting file i...
PT-2026-52192
Name of the Vulnerable Software and Affected Versions Dokan Pro versions prior to 5.0.5 Description The Dokan Pro plugin for WordPress contains a time-based SQL Injection flaw. This occurs because the software does not sufficiently escape user-supplied input or properly prepare the SQL query...
PT-2026-52401
In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
PT-2026-52547
Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...
PT-2026-52449
Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description Nokogiri contains a bug occurring when certain methods are called on native wrapper classes that inherit from Nokogiri::XML::Node and have been allocated but not initialized. This leads to a NULL...
PT-2026-52641
Summary Description An Improper Verification of Cryptographic Signature CWE-347 issue in OpenAM's RADIUS authentication module allows an unauthenticated network attacker to spoof an Access-Accept response and obtain an OpenAM session for any RADIUS username, without knowing the configured shared...
PT-2026-52265
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject NPU OP RESIZE commands from userspace NPU OP RESIZE is a U85-only command that the driver does not yet implement. The existing WARN ON1 placeholder fires unconditionally whenever userspace submits this comman...