184315 matches found
PT-2026-52272
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iSER iSCSI Extensions for RDMA driver where the isert login recv done function in drivers/infiniband/ulp/isert/ib isert.c fails to validate the lower bound of the...
PT-2026-52356
In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relation on devlink free devlink relation state is normally released from devl unregister, which calls devlink rel put. This misses devlink instances that get a nested relation before registration and then...
PT-2026-52346
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on iso conn big sync hci get route returns a reference-counted hci dev pointer via hci dev hold. The function exits normally or with an error without ever releasing it...
PT-2026-52353
In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev-int scan req is leaked if cfg80211 scan fails. Note that it's supposed to be released at cfg80211 scan done but this doesn't happen as rdev-scan req is NULL at that point, too,...
PT-2026-52345
In the Linux kernel, the following vulnerability has been resolved: xsk: cache csum start/csum offset to fix TOCTOU in xsk skb metadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xsk skb metadata, csum start and csum offset ar...
PT-2026-52620
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.201 Description A use after free issue exists in the AdFilter component. This occurs when a remote attacker convinces a user to perform specific UI gestures while visiting a crafted HTML...
PT-2026-52542
Seahub before 13.0.23 does not enforce SHARE LINK LOGIN REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...
PT-2026-52551
Name of the Vulnerable Software and Affected Versions RTKLIB versions prior to 2.4.4 Description An out-of-bounds read occurs in the getcodepri function when processing unrecognized RINEX observation codes. This happens when crafted RINEX files containing unknown observation types cause negative...
PT-2026-52600
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description When HAVE ENCRYPT THEN MAC is configured, the implementation may incorrectly fall back to MAC-then-Encrypt instead of enforcing the Encrypt-then-MAC sequence...
PT-2026-55815
Affected versions of this crate violate borrow rules, resulting in undefined behavior, when the user adds context to an error via Error::context and then later calls Error::downcast mut on the returned Error. The flaw was corrected in commit 6e8c000 by revising how the mutable reference is...
PT-2026-52200
Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.5 Description The parse function finalizes parsed tokens using Array.prototype.concat as a reduce accumulator, causing the entire growing array to be reallocated and copied during every iteration. This results...
PT-2026-52534
Name of the Vulnerable Software and Affected Versions Horner Automation Cscape versions prior to 10.2 SP3 Description An Out-of-Bounds Read occurs during the parsing of CSP files. This issue allows an attacker to disclose sensitive information and execute arbitrary code. Recommendations Update...
PT-2026-52602
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description PKCS12 MAC verification uses a comparison length controlled by an attacker, which weakens the integrity check on the Message Authentication Code MAC and allows a...
PT-2026-52437
Name of the Vulnerable Software and Affected Versions Winstone Servlet Engine versions prior to 0.9.11 Description A path traversal flaw exists when serving static files from the configured webroot. Unauthenticated attackers can read arbitrary files accessible to the servlet engine process,...
PT-2026-52644
Name of the Vulnerable Software and Affected Versions GitHub MCP Server versions 0.22.0 through 1.1.1 Description When operating in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton. This singleton is initialized using the GraphQL client of t...
PT-2026-52521
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions prior to 11.5.3 Description The generic peer-suffix normalizer incorrectly strips parenthesized text from git, URL, tarball, file, and other opaque locators. This behavior allows a scenario where...
PT-2026-52559
Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid inst swap function located in /filter core/filter pid.c. A use-after-free occurs when a program continues to use a pointer after it ha...
PT-2026-52558
Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf sei load from state internal function located in /filters/sei load.c. This occurs when the software processes a specially crafted MPEG-2 TS file,...
PT-2026-52379
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
PT-2026-52321
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs in the rockchip GPIO driver during driver removal or teardown. The driver uses irq alloc domain generic chips to allocate domain generic chips, but these are not...
PT-2026-52535
In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution...
PT-2026-52510
Name of the Vulnerable Software and Affected Versions Keycloak Policy Enforcer affected versions not specified Description An issue exists that allows authenticated users to bypass authorization policies, including role, scope, and User-Managed Access UMA permission checks. An attacker can gain...
PT-2026-52615
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description The Custom MCP feature, used for executing OS commands like launching local MCP servers, is unsandboxed. Due to a minimal authentication and authorization model lacking role-based access control, and...
PT-2026-52609
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description An arbitrary file read issue exists where the chatId parameter in the '/api/v1/get-upload-file' and '/api/v1/openai-assistants-file/download' endpoints is not validated. This value is passed to the...
PT-2026-52540
Name of the Vulnerable Software and Affected Versions Hydra versions prior to 9.7 commit 9cc84c2 Description A stack buffer overflow exists in the NTLM authentication process across the SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules. The issue occurs when the software...
PT-2026-52293
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An ABBA deadlock occurs in the xfrm iptfs component within the iptfs destroy state function on SMP systems. The issue arises when iptfs destroy state calls hrtimer cancel while holding a...
PT-2026-52289
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ALSA timer component. When a snd timer object is freed using the snd timer free function while snd timer instance objects are still assigned, the...
PT-2026-52284
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA core where the ib get ucaps function fails to properly validate the passed-in file operations fops. Because character and block devices can share the same dev...
PT-2026-52292
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap overflow exists in the get manuf info function. The issue occurs because the function reads a number of bytes specified by the Size field from a device I2C EEPROM into a buffer...
PT-2026-52236
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A virtual address vaddr leak occurs in the drm/v3d component. The function v3d rewrite csd job wg counts from indirect maps the indirect buffer and the workgroup buffer but fails to...
PT-2026-52283
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA/core component where the cpu id attribute, provided by user space via UVERBS ATTR ALLOC DMAH CPU ID, is passed to the cpumask test cpu function without...
PT-2026-52462
Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1...
PT-2026-52404
Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into the Door Lock schedule state. This issue affects only devices that support the Door Lock cluster and requires the...
PT-2026-52514
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The patch application pipeline @pnpm/patch-package fails to validate file paths extracted from .patch files. An attacker can provide a malicious patch file containing...
PT-2026-52541
Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...
PT-2026-52330
In the Linux kernel, the following vulnerability has been resolved: net: add pskb may pull to skb gro receive list skb gro receive list calls skb pullskb, skb gro offsetskb without first ensuring the data is in the linear area via pskb may pull. When the skb arrives via napi gro frags, skb headle...
PT-2026-52536
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description The Hook Authentication feature allows administrators to delegate login verification to an external shell command. User-supplied credentials, specifically the username and password variables, a...
PT-2026-52468
The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...
PT-2026-52495
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...
PT-2026-52537
Name of the Vulnerable Software and Affected Versions File Browser versions 2.0.0-rc.1 and later Description When configured with proxy authentication auth.method=proxy, the software improperly trusts upstream identity headers without validating that requests originate from a trusted proxy. An...
PT-2026-52623
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A configuration issue occurs when WOLFSSL IP ALT NAME is not defined, leading to a bypass of iPAddress name constraints. In this state, the software fails to enforce IP address constraints se...
PT-2026-52476
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0670 Description The get text props function in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop T entries that follow. Because the count ...
PT-2026-52416
Name of the Vulnerable Software and Affected Versions YMC Filter versions prior to 3.11.5 Description Improper neutralization of special elements used in an SQL command allows for SQL Injection. This occurs when the application fails to properly sanitize user-supplied data before incorporating it...
PT-2026-52557
Name of the Vulnerable Software and Affected Versions SeaweedFS versions prior to 4.30 Description The S3 API gateway and the Iceberg REST catalog gateway use a router configuration that disables path cleaning. This allows a .. segment within a URL to persist during routing. For example, a reques...
PT-2026-52635
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...
PT-2026-52212
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where a secondary requesting a transfer does not need to provide a client certificate when the request is made over TLS via the regular tls-port...
PT-2026-52636
The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...
PT-2026-52419
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...
PT-2026-52491
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description A flaw exists in the markdown artifact preview pipeline. The generateMarkdownHtml function located in client/src/utils/markdown.ts utilizes a custom image renderer that triggers a fallback to t...
PT-2026-52400
Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed Over-the-Air OTA requests can cause the OTA server parser to perform out-of-bounds reads, which occurs when the software reads data outside the intended boundary of a buffer. This allows ...