184319 matches found
PT-2026-52256
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free race condition exists in the fastrpc map create function. The fastrpc map lookup function returns a raw pointer after releasing the fl-lock. Subsequently, fastrpc map...
PT-2026-52312
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 driver where the CPU synchronization for received data is incorrectly aligned. The driver programs the RX queue packet offset such that hardware writes data ...
PT-2026-52234
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel within the drm/amd/display component. Record-chain walk loops in bios parser.c and bios parser2.c utilize for;; loops that only terminate upon...
PT-2026-52472
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0653 Description The tree count words function in src/spellfile.c fails to validate a depth counter against the size of fixed MAXWLEN-element stack arrays, specifically arridx, curi, and wordcount. A specially crafted...
PT-2026-52307
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft tunnel: fix use-after-free on object destroy nft tunnel obj destroy calls metadata dst free which directly kfrees the metadata dst, ignoring the dst entry refcount. Packets that took a reference via dst hold in nft...
PT-2026-52337
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA PCM component where the snd pcm drain function causes wait queue list corruption on linked streams. The function uses init waitqueue entry, which fails to cle...
PT-2026-52351
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcomm connect ind rfcomm get sock by channel scans rfcomm sk list under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcomm...
PT-2026-52276
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A livelock occurs in the tmigr handle remote up function. The tmigr handle remote cpu function incorrectly skips timer expire remote when the CPU matches smp processor id, assuming local...
PT-2026-52298
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the accel/ivpu component where firmware-supplied data size is cast to a signed integer before being processed by the min t function. When large unsigned values greater...
PT-2026-52309
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Null Pointer Dereference NPD can occur in the IPv6 implementation. The function addrconf get prefix route may return a fib6 null entry sentinel entry that contains a NULL fib6 table...
PT-2026-52243
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the thunderbolt component where the tb xdp handle request function casts a received packet buffer to protocol-specific structs without verifying if the allocation is...
PT-2026-52255
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find vma misuse fastrpc get args uses find vma to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned...
PT-2026-52289
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ALSA timer component. When a snd timer object is freed using the snd timer free function while snd timer instance objects are still assigned, the...
PT-2026-52404
Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into the Door Lock schedule state. This issue affects only devices that support the Door Lock cluster and requires the...
PT-2026-52371
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Bluetooth ISO implementation. In the iso sock rebind bc function, the bis pointer is cached and the socket lock is subsequently dropped. A concurrent...
PT-2026-52366
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL-dereference issue exists in the ksmbd module. The functions smb2 oplock break noti and smb2 lease break noti read the opinfo-conn variable without using READ ONCE or performing a...
PT-2026-52589
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw exists where X.509 name constraints can be bypassed when the Subject Common Name is treated as a DNS-type name. This allows a certificate to be accepted...
PT-2026-52496
🚨 CVE-2026-54037 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST...
PT-2026-51804
A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a 81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...
PT-2026-52013
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the platform/wmi component. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device loc...
PT-2026-51836
Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH BED LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a singl...
PT-2026-51975
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Berkeley Packet Filter BPF verifier within the regsafe function. The issue occurs when comparing two scalar registers that both carry BPF ADD CONST values; the check...
PT-2026-51867
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the futex subsystem occurs because the need futex hash allocate default function incorrectly relies on CLONE THREAD semantics. This dependency breaks non-concurrency assumption...
PT-2026-52047
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue exists in the Web Authentication component. This occurs when a user is convinced to install a malicious extension, allowing an attacker to potentially exploit he...
PT-2026-51865
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the get timestamp function of the ENA network driver. The problem occurs because the phc-active check and the assignment of the resp pointer were perform...
PT-2026-51712
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv tp sender shutdown function unconditionally decrements the sending atomic counter. If this function is called multiple times...
PT-2026-52131
Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.99 Description The 'POST /api/v1/admin/send-test-email' endpoint allows the use of attacker-controlled smtpHost and smtpPort values to establish a raw JavaMail TCP connection. This process bypasses the...
PT-2026-51815
Name of the Vulnerable Software and Affected Versions Jenkins Assembla Plugin versions prior to 1.5 Description A cross-site request forgery CSRF flaw allows attackers to force the application to connect to an attacker-specified URL using a username and password also specified by the attacker. CS...
PT-2026-52141
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph name regexp in the Reports feature. This issue has been fixed in version 1.2.31...
PT-2026-52142
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Command Injection occurs due to insufficient sanitization in the escape command function located at lib/rrd.php, which acts as a no-op by returning the $command unchanged. The command line constructed...
PT-2026-51920
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the nfsd4 add rdaccess to wrdeleg function where the nfs4 file get access function may be incorrectly called to increment the nfs4 file access count if fp-fi fdsO RDON...
PT-2026-52086
Name of the Vulnerable Software and Affected Versions AngularJS versions 1.2.0-rc.3 and later Description A flaw in the Strict Contextual Escaping SCE logic allows the bypass of policies for resource URLs, which can lead to arbitrary JavaScript execution in the victim's browser session. SCE is...
PT-2026-51966
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locking issue exists in the Bluetooth subsystem within the hci conn request evt function when the protocol is set to HCI PROTO DEFER. In this state, the function calls hci connect...
PT-2026-51934
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A crafted filesystem can trigger an out-of-bounds bitmap walk in the Linux kernel. This occurs when OCFS2 IOC INFO is issued with OCFS2 INFO FL NON COHERENT. The issue stems from the ocf...
PT-2026-52032
Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description On Windows, the document folder listing route allows the use of an encoded absolute Windows path that resolves outside the intended documents directory. This occurs because the shared path...
PT-2026-52168
Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description A missing authorization issue allows forceful browsing. Certain Drupal core actions exposed as agent tools lack...
PT-2026-54578
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE связана с недостатками процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации...
PT-2026-52144
Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDashboard JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from improper...
PT-2026-52997
CVE ID :CVE-2026-56118 Published : June 24, 2026, 3:11 p.m. | 1 hour, 27 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-52873
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...
PT-2026-51940
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ksmbd crypt message function when using asynchronous hardware crypto engines, such as the Qualcomm Crypto Engine QCE. The function sets a NULL...
PT-2026-55665
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=526758819 Crash type: Bad-cast Crash state: Bad-cast to Ogre::HardwareBuffer from invalid vptr Ogre::HardwareBuffer::unlockImpl Ogre::HardwareBuffer::unlock...
PT-2026-51825
Name of the Vulnerable Software and Affected Versions Apple M1 GPUs affected versions not specified Description Apple M1 GPUs retain register file data between compute shader dispatches from different processes. This allows a sandboxed Metal attacker application to execute a GPU reader shader to...
PT-2026-51830
Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Cross-Site Scripting XSS issue occurs due to improper neutralization of untrusted input within the Form Dashboard headline renderer. This allows for stored XSS, where malicious scripts are...
PT-2026-51682
Name of the Vulnerable Software and Affected Versions Image Sizes on Demand versions prior to 1.4 Description Insufficient input sanitization and output escaping in the PHP SELF server variable allow unauthenticated attackers to inject arbitrary web scripts. These scripts execute if a user is...
PT-2026-51835
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component...
PT-2026-51797
Jenkins Job Configuration History Plugin 1356.ve360da 6c523a and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted...
PT-2026-52027
Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.03.05.08.02.stable 00 through 0.2026.05.06.15.42.stable 01 Description Warp accepts non-inline OSC 1337;File payloads from terminal output and materializes the decoded payload as a local file without requiring an additiona...
PT-2026-51767
Capgo before 12.128.2 fails to enforce limited to orgs and limited to apps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...
PT-2026-52102
Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...