PT-2026-44691

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A type confusion issue exists in Skia, a graphics library. This allows a remote attacker to execute arbitrary code within a sandbox by inducing the user to open a specially crafted HTM...

PT-2026-44684

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An inappropriate implementation in the USB component allows a remote attacker to execute arbitrary code through the use of a crafted HTML page. Recommendations Update to version...

PT-2026-44669

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in SurfaceCapture allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free occurs when an application continue...

PT-2026-44694

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in the OptimizationGuide component allows a remote attacker who has already compromised the renderer process to perform UI spoofing by using ...

PT-2026-44569

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in WebCodecs, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a...

PT-2026-44571

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An integer overflow in WTF allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. Recommendations Update to version 148.0.7778.216 ...

PT-2026-44632

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A heap buffer overflow exists in ANGLE Almost Native Graphics Layer Engine, a compatibility layer between OpenGL ES and native graphics APIs. This issue allows a remote attacker who ha...

PT-2026-44616

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds read in Dawn allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. An out of bounds read occurs when a program reads data past the...

PT-2026-44682

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds write occurs in the GPU, which allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially...

PT-2026-44687

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML page. Site isolation is a...

PT-2026-44668

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An integer overflow in PDFium allows a remote attacker who has compromised the renderer process to execute arbitrary code within a sandbox by using a crafted font file. Recommendations...

PT-2026-44674

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An integer overflow in the XML component on Windows allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is triggered...

PT-2026-44700

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in the Network component allows a remote attacker to execute arbitrary code within the browser sandbox. This memory corruption occurs when an attacker lures a us...

PT-2026-44660

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in WebAudio, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a...

PT-2026-44703

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in WebXR, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory...

PT-2026-44612

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in Site Isolation allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted MHTML page. Site...

PT-2026-44648

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A heap buffer overflow exists in ANGLE, which is a compatibility layer that allows OpenGL ES to run on various graphics APIs. This issue allows a remote attacker to potentially exploit...

PT-2026-44645

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in the UI component on Windows allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achieve...

PT-2026-44646

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An inappropriate implementation in V8, the open-source JavaScript and WebAssembly engine, allows a remote attacker to execute arbitrary code within a sandbox by using a specially craft...

PT-2026-44634

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A heap buffer overflow exists in ANGLE. This issue allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a speciall...

PT-2026-44558

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in PDFium allows a remote attacker to potentially exploit heap corruption through a crafted PDF file. Use after free occurs when an application continues to use ...

PT-2026-43502

The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This is due to insufficient output escaping in the gbi toprint shortcode function, which concatenates the raw shortcode attribute value directly...

PT-2026-44067

Name of the Vulnerable Software and Affected Versions GitLab EE versions 11.5 through 18.10.6 GitLab EE versions 18.11 through 18.11.3 GitLab EE versions 19.0 through 19.0.0 Description An improper authorization check allows an authenticated user with developer-role permissions to access sensitiv...

PT-2026-43972

Name of the Vulnerable Software and Affected Versions libusb versions prior to 1.0.30 Description A one-byte out-of-bounds read exists in the parse iad array function within descriptor.c. This occurs when a malformed USB descriptor is supplied where the bLength equals the size minus one, causing...

PT-2026-43510

The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspcheck' shortcode in versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping on the 'url' and 'button' shortcode attributes in the rspc check shortcod...

PT-2026-44056

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description The executeQuery automation step accepts a queryId from automation step inputs and passes it to the query execution controller without additional validation. When a REST datasource is configured to...

PT-2026-44057

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description The OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses a raw fetchconfig.url call without Server-Side Request Forgery SSRF protection. SSRF is a flaw that allows ...

PT-2026-44613

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in ANGLE allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occurs wh...

PT-2026-44026

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

PT-2026-44079

Name of the Vulnerable Software and Affected Versions Himmelblau versions 2.0.0 through 3.1.4 Himmelblau versions prior to 2.3.11 Description An authentication bypass exists in the Device Authorization Grant DAG flow, which is a process allowing devices with limited input capabilities to be...

PT-2026-43867

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the rxrpc component regarding connection-level packet handling. Security operations that verify RESPONSE packets decrypt portions of the data in place. If the sk buff...

PT-2026-43481

A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possibl...

PT-2026-43538

Name of the Vulnerable Software and Affected Versions Login with NEAR plugin for WordPress versions prior to 0.3.4 Description The plugin contains an authentication bypass flaw within the ajaxLoginWithNear function. This function is registered as a wp ajax nopriv action, making it accessible to...

PT-2026-43507

Name of the Vulnerable Software and Affected Versions Firebase Support & Chat Management plugin for WordPress versions prior to 3.1.2 Description An issue allows authenticated attackers with Subscriber-level access or higher to escalate privileges and achieve full account takeover. The firebase...

PT-2026-44117

Name of the Vulnerable Software and Affected Versions Microsoft UFO versions prior to 3.0.1 Description An OS command injection issue exists in the shell action replay path. The functions ShellReceiver.run shell and ShellReceiver.execute command pass command strings from action parameters directl...

PT-2026-44005

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

PT-2026-43540

Name of the Vulnerable Software and Affected Versions Query Shortcode versions prior to 0.2.2 Description The Query Shortcode plugin for WordPress contains a Local File Inclusion issue within the shortcode function. Authenticated attackers with contributor-level access or higher can exploit this ...

PT-2026-43505

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the options page function. This makes it possible for unauthenticated attackers to update the plugin's...

PT-2026-43479

Tanium addressed a denial of service vulnerability in Tanium Server...

PT-2026-43561

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

PT-2026-43624

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information...

PT-2026-44098

Name of the Vulnerable Software and Affected Versions Gladinet Triofox Cloud Server Agent affected versions not specified Description Improper handling of remote HTTP messages in the GladServerAgentService.exe, which listens on TCP port 7878, allows unauthenticated attackers to potentially gain...

PT-2026-43635

Name of the Vulnerable Software and Affected Versions MinhNhut Link Gateway versions prior to 3.6.2 Description The MinhNhut Link Gateway plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping within the plugin settings,...

PT-2026-43634

Name of the Vulnerable Software and Affected Versions myLinksDump versions prior to 1.7 Description The myLinksDump plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. This allows authenticated attackers with...

PT-2026-43549

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labb admin ajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but...

PT-2026-43543

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvca carousel and lvca posts carousel shortcode attributes in all versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. Specifically,...

PT-2026-43548

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lsow admin ajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not...

PT-2026-43614

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

PT-2026-43826

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the cleanupkfree attribute will make the address of the local...

PT-2026-43643

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...