175406 matches found
PT-2026-43508
The WP Iframe Geo Style for Amazon affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'adid' Shortcode Attribute in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
PT-2026-44089
pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n devices, a count derived from libxml2 XPath evaluation of the config file, without first enforcing an upper bound. On 32-bit targets armv7l, i686 -...
PT-2026-44121
Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description The constellation client in this open-source framework for intelligent automation tracks pending task responses using only the session id and fails to verify if a TASK END message originated...
PT-2026-43980
Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 Description A denial-of-service issue exists in the Integrated Language Environment ILE compiler due to uncontrolled recursion. An authenticated attacker can trigger this by compiling specially crafted source cod...
PT-2026-43799
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF subsystem where the BPF PROG DETACH operation on tcx or netkit devices could be executed by any user if no program file descriptor prog fd was provided. This...
PT-2026-43577
Name of the Vulnerable Software and Affected Versions Synology BeeDrive for desktop versions prior to 1.3.2-13814 Description A flaw in the redis-server component allows local users to perform denial-of-service attacks, which occur when a system is overwhelmed to the point of becoming unavailable...
PT-2026-43727
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf conncount component where the connection list may not be cleaned up quickly enough if more than 8 new connections are tracked per jiffy. This occurs...
PT-2026-43769
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the bq256xx power supply driver. The problem occurs because the devm variant for requesting an IRQ is used before the devm variant for allocating or...
PT-2026-43730
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the dw i3c master i2c xfers function. The function allocates memory for the xfer structure via dw i3c master alloc xfer, but if the pm runtime resume and get...
PT-2026-43751
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the AppArmor module where the aa get buffer function unconditionally decrements the cache-hold variable when pulling from the per-cpu list. If hold reaches 0 while cou...
PT-2026-43759
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 file system where splitting an unwritten extent and converting it to initialized can leave a stale unwritten extent in the status tree. This occurs in the ext...
PT-2026-43768
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A circular lock dependency exists within the netfilter nf tables component. This issue occurs when nft reset, ipset list, and iptables-nft with the -m set rule are executed simultaneousl...
PT-2026-44070
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2 through 18.10.6 GitLab CE/EE versions 18.11 through 18.11.3 GitLab CE/EE versions 19.0 through 19.0.0 Description Incorrect authorization checks under certain conditions could allow an unauthorized user to enumerate...
PT-2026-43806
In the Linux kernel, the following vulnerability has been resolved: gpib: Fix memory leak in ni usb init In ni usb init, if ni usb setup init fails, the function returns -EFAULT without freeing the allocated writes buffer, leading to a memory leak. Additionally, ni usb setup init returns 0 on...
PT-2026-44164
Name of the Vulnerable Software and Affected Versions Basket versions prior to 2.1.17 Description The Basket module, which provides e-commerce and checkout functionality for Drupal sites, fails to sufficiently sanitize user-supplied data before it is processed by the PHP unserialize function. Thi...
PT-2026-43616
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
PT-2026-44004
Name of the Vulnerable Software and Affected Versions LibVNCClient versions prior to 0.9.16 Description The Tight encoding decoder in LibVNCClient uses fixed-size 2048-pixel scratch buffers for the Gradient filter but fails to reject Tight rectangles with a width exceeding 2048 pixels. A maliciou...
PT-2026-44065
Name of the Vulnerable Software and Affected Versions Archer BE450 v1 Archer BE7200 v1 Description An authenticated command injection allows an administrator to execute arbitrary system commands through the web management interface. By using the browser developer console, a crafted input can be...
PT-2026-43977
Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description A denial of service can occur when executing a specially crafted query with a small statement heap. A statement heap is a memory area used by the databas...
PT-2026-43979
Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description A denial of service can occur when a specially crafted query is executed using range partitioned tables. Recommendations At the moment, there is no...
PT-2026-43739
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the pqi report phys luns function. The issue arises when the function encounters an unsupported data format or when the allocation for the rpl 16byte wwid list...
PT-2026-43818
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the check pseudo btf id function is incorrect: the check pseudo btf id function might get called with a zero refcounted btf. Fix this, and patch related code...
PT-2026-47121
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516422428 Crash type: Heap-buffer-overflow READ Crash state: md process all blocks md parse md html...
PT-2026-43797
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the MCTP Management Component Transport Protocol implementation where RTM GETNEIGH requests return uninitialized data within the padding bytes of the ndmsg data. This...
PT-2026-43539
The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset stats function in versions up to, and including, 1.3. The function is hooked to both the wp ajax wpp-reset stats and wp ajax nopriv wpp-reset stats actions and...
PT-2026-43721
In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - unregister only available algorithm EIP93 has an options register. This register indicates which crypto algorithms are implemented in silicon. Supported algorithms are registered on this basis...
PT-2026-43777
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the retransmit timer and rxe destroy qp functions in the RDMA/rxe component. This occurs when the Queue Pair QP reference count drops to zero while a time...
PT-2026-44041
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 19.3 through 26.2.5.20 Erlang OTP versions 26.2.5.21 through 27.3.4.11 Erlang OTP versions 27.3.4.12 through 28.5.0.0 Erlang OTP versions 28.5.0.1 through 29.0.0 public key versions 1.4 through 1.15.1.6 public key versions...
PT-2026-44592
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in Base allows a remote attacker to execute arbitrary code through a crafted HTML page. Use after free occurs when an application continues to use a pointer afte...
PT-2026-44588
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds write occurs in ANGLE, which is a compatibility layer that allows OpenGL ES to run on various graphics APIs. This issue allows a remote attacker to execute arbitrary...
PT-2026-44559
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in Views, which allows a remote attacker to execute arbitrary code. This is achieved by convincing a user to perform specific UI gestures while interactin...
PT-2026-44557
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in the PerformanceManager. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using...
PT-2026-44565
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An integer overflow in Skia allows a remote attacker who has compromised the renderer process to execute arbitrary code inside a sandbox by using a crafted HTML page. An integer overfl...
PT-2026-44649
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in ANGLE allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free occurs when an applicatio...
PT-2026-44618
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An integer overflow in Skia allows a remote attacker who has compromised the renderer process to execute arbitrary code inside a sandbox by using a crafted HTML page. An integer overfl...
PT-2026-44670
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in WebRTC, which is a framework for real-time communication. This flaw allows a remote attacker to execute arbitrary code within a sandbox by inducing a...
PT-2026-44706
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An integer overflow in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. An integer overflow...
PT-2026-44623
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in ANGLE allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
PT-2026-44639
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in the GPU component allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use ...
PT-2026-44604
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds read occurs in the GPU component. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a...
PT-2026-44636
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds read in ANGLE Almost Native Graphics Layer Engine on Windows allows a remote attacker to execute arbitrary code through a crafted HTML page. Recommendations Update to...
PT-2026-44620
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An integer overflow in ANGLE allows a remote attacker to perform an out-of-bounds memory read by using a crafted HTML page. Recommendations Update to version 148.0.7778.216 or later...
PT-2026-44615
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds write occurs in the GPU, which allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially...
PT-2026-44587
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in ANGLE, which is a compatibility layer between OpenGL ES and native graphics APIs. This flaw allows a remote attacker to execute arbitrary code within a...
PT-2026-44697
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An inappropriate implementation in the Media component allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script...
PT-2026-44688
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in the Printing component allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML pag...
PT-2026-44655
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in the XML component allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory...
PT-2026-43742
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs in the mfd: arizona component when the wm5102 clear write sequencer function returns an error. The function returns immediately, bypassing the cleanup sequence and...
PT-2026-43827
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference count inconsistency occurs in the hfsplus module when the hfs bnode create function identifies that a node is already hashed. Instead of incrementing the reference count, the...
PT-2026-43746
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the bq25980 power supply driver. When the devm variant is used to request an IRQ before allocating or registering the power supply handle, the handle is...