184319 matches found
PT-2026-52076
Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The Servicecustom Client API's call method accepts an order id parameter and retrieves the associated order without verifying if the authenticated client owns it. This allows an authenticated...
PT-2026-51722
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SCTP implementation where the system fails to fully roll back the state when an ADD OUT STREAMS request is denied. In such cases, the system only shrinks queued...
PT-2026-51655
Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description Multiple OS command injection issues exist within the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending ...
PT-2026-51658
Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default on UDP port 10001, processes unauthenticated discovery and configuration messages. A stack-based buffer overflow occurs because th...
PT-2026-51662
Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description OS command injection flaws exist in the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending a specially...
PT-2026-51660
Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description OS command injection flaws exist in the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending a specially...
PT-2026-51659
Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default and listens for UDP messages on port 10001, contains a stack-based buffer overflow. The issue occurs when the server reads up to...
PT-2026-51949
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the hisilicon/sec2 crypto component. Under heavy load during packet transmission, the hardware may complete packet processing and free the request memory...
PT-2026-52092
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes the entire attacker-supplied file object into Uploads.updateFileComplete, which merges it...
PT-2026-51789
Name of the Vulnerable Software and Affected Versions ProFTPD versions 1.3.9b through 1.3.10rc2 Description An access control bypass allows authenticated FTP users to circumvent Directory ACL restrictions. By prefixing paths with /proc/self/root in the RNFR command handler, attackers can exploit...
PT-2026-52029
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable 00 until 0.2026.05.06.15.42.stable 01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...
PT-2026-51703
Name of the Vulnerable Software and Affected Versions Book a Room Event Calendar versions prior to 2.0 Description The Book a Room Event Calendar plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing an action they did not...
PT-2026-51690
Name of the Vulnerable Software and Affected Versions Devs Accounting – Simple Accounting and Invoicing Solution versions prior to 1.2.1 Description A missing capability check in the delete single account function allows unauthorized modification or deletion of data. The REST route...
PT-2026-52182
Name of the Vulnerable Software and Affected Versions OliveTin affected versions not specified Description The filterToDefinedArgumentsOnly function in the executor fails to properly restrict arguments, allowing any argument starting with the ot prefix to bypass input filtering. While the system ...
PT-2026-51686
Name of the Vulnerable Software and Affected Versions ClearSale Total versions prior to 3.4.3 Description An issue exists in the clearsale total push AJAX action where the pagsegurometodo POST parameter is not properly sanitized. The handler is accessible to unauthenticated users via wp ajax nopr...
PT-2026-52146
Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBURASDevice JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from insufficien...
PT-2026-52147
Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDeviceDrive JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...
PT-2026-51678
Name of the Vulnerable Software and Affected Versions MP Customize Login Page versions prior to 1.1 Description The MP Customize Login Page plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a logged-in user into performing unwanted actions. The...
PT-2026-51795
Name of the Vulnerable Software and Affected Versions Jenkins GitHub Branch Source Plugin versions prior to 1967.1969.v205fd594c821 Description A missing permission check allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin...
PT-2026-55748
This update for sg3 utils fixes the following issue - sg inq: --export output conformance for SCSI name string and ATA fields bsc1267823...
PT-2026-51695
Name of the Vulnerable Software and Affected Versions 24liveblog versions prior to 2.3 Description The 24liveblog plugin for WordPress allows unauthorized data modification because the update lb24 token AJAX function lacks a proper capability check. The handler verifies the 'lb24' nonce but fails...
PT-2026-51820
Name of the Vulnerable Software and Affected Versions OpenText Access Manager versions 5.1 through 5.1.2 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted websites. Recommendations...
PT-2026-52120
Name of the Vulnerable Software and Affected Versions Unraid affected versions not specified Description A command injection flaw in the web server allows authenticated remote attackers to execute arbitrary code in the context of the www-data user. The issue occurs in the ToggleState.php file due...
PT-2026-52084
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.4 Description An authenticated user can watch a private repository without having the necessary access permissions. This occurs because the access check in the Watch API handler is inverted, specifically within the...
PT-2026-51733
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where the tun put user function declares a virtio net hdr v1 hash tunnel structure on the stack without initializing it to zero. For non-tunnel socket buffers skb, the...
PT-2026-51734
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the smc msg event tracepoint class, which is shared by smc tx sendmsg and smc rx recvmsg. The issue occurs because the system unconditionally...
PT-2026-51730
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A stack information leak exists in the tap ioctl function during the SIOCGIFHWADDR path. The function copies 16 bytes of an uninitialized on-stack sockaddr storage structure to userspace...
PT-2026-51719
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv gw node free function removes gateway list entries during mesh teardown but fails to clear the currently selected gateway. This...
PT-2026-51714
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter ipset component where specific hash set variants—hash:ip,mark, hash:ip,port, hash:ip,port,ip, and hash:ip,port,net—iterate IPv4 ranges using a 32-bit...
PT-2026-52065
Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.9 Description A Cross-Site Scripting XSS issue exists where a non-privileged user can execute arbitrary Javascript within the session of a logged-in Administrative user. This occurs because the Client header us...
PT-2026-51882
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf tables component where the process of joining the hook list during the commit phase was not handled safely. This could lead to unsafe netlink dump lis...
PT-2026-52069
Name of the Vulnerable Software and Affected Versions Ghost versions 6.0.9 through 6.21.0 Description Ghost is a Node.js content management system. A flaw in the private-IP check for outbound HTTP requests allows a bypass via DNS rebinding. DNS rebinding is a technique that tricks a browser or...
PT-2026-51888
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vsock/virtio implementation regarding MSG ZEROCOPY pinned-pages accounting. The function virtio transport init zcopy skb uses iter-count as the size argument for m...
PT-2026-52139
Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid get packet function located in /filter core/filter pid.c. This occurs when the software processes a specially crafted media file, whic...
PT-2026-51772
Capgo before 12.128.2 allows direct patching of public.apps.owner org through PostgREST, bypassing the transfer app workflow and creating split-brain ownership. Attackers can directly update apps.owner org while leaving app versions.owner org unchanged, enabling old-org keys to retain access to...
PT-2026-51709
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv frag skb buffer function is called by batadv batman skb recv upon receiving a BATADV UNICAST FRAG packet. After reassembling the...
PT-2026-51755
Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists where the HTTP Referer: header persists even after being explicitly cleared. Although passing NULL to CURLOPT REFERER is intended to suppress the header, the internal state is...
PT-2026-51743
Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description When performing a transfer to a specific HTTP origin hostA using Digest authentication and subsequently changing the origin to a different one hostB while reusing the same handle, libcurl...
PT-2026-51751
Name of the Vulnerable Software and Affected Versions curl versions 7.7 through 8.20.x Description libcurl incorrectly reuses connections from its connection pool when certain mTLS mutual TLS configuration options, specifically those related to the private key, are modified. Because these TLS...
PT-2026-51976
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sixpack receive buf function where bytes with TTY error flags are not properly skipped. The function iterates through the flags buffer without advancing the data...
PT-2026-51871
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists during signal or timeout wakeup in the futex subsystem. When one task is performing a wait-requeue-pi operation and another is performing a requeue-PI operation, ...
PT-2026-52059
Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description An argument injection issue exists in the subtitle conversion process. The function ConvertTextSubtitleToSrtInternal interpolates the subtitle file path into FFmpeg command-line arguments without...
PT-2026-51990
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF subsystem where the DEVMAP HASH branch in the dev map redirect multi function uses hlist for each entry safe to iterate through hash buckets. This function is...
PT-2026-52998
CVE ID :CVE-2026-56119 Published : June 24, 2026, 3:12 p.m. | 1 hour, 27 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-51699
Name of the Vulnerable Software and Affected Versions WP Latest Posts versions prior to 5.0.12 Description The plugin is subject to Stored Cross-Site Scripting due to insufficient output escaping in the field and loop functions. These functions use a regular expression to extract the raw src...
PT-2026-52026
Warp is an agentic development environment. From 0.2023.10.24.08.03.stable 00 until 0.2026.05.06.15.42.stable 01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal...
PT-2026-52091
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a...
PT-2026-52125
Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue in the ImportDeviceList method allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM. This occurs due to insufficient validation of a...
PT-2026-51943
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the gfs2 module, the gfs2 logd function calls log flushing functions gfs2 ail1 start, gfs2 ail1 wait, and gfs2 ail1 empty without holding the sdp-sd log flush lock lock. These functio...
PT-2026-51687
Name of the Vulnerable Software and Affected Versions Avalon23 Products Filter for WooCommerce versions prior to 1.1.7 Description Stored Cross-Site Scripting occurs via the avalon23 qr shortcode. The issue stems from insufficient input sanitization and output escaping of user-supplied shortcode...