175406 matches found
PT-2026-43767
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the dpaa2 caam probe function within the crypto CAAM module. The issue arises because cleanup logic was missing in the dpaa2 dpseci free function for error paths...
PT-2026-43567
Name of the Vulnerable Software and Affected Versions BOSH Director versions prior to 282.1.12 Description The AgentClienthandle method processes NATS replies and invokes inject compile log for every response, which reads the compile log id from response'value''result''compile log id' and passes ...
PT-2026-44647
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A heap buffer overflow occurs in WebCodecs, which is an API that allows developers to access low-level hardware-accelerated codecs for video and audio. This issue enables a remote...
PT-2026-44582
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in the Network component allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free occurs wh...
PT-2026-44635
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in ANGLE allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory corruption fl...
PT-2026-44617
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds read in ANGLE allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. An out of bounds read occurs when ...
PT-2026-44577
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in the USB component allows a remote attacker to execute arbitrary code through a crafted HTML page. Recommendations Update to version...
PT-2026-44611
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in the Accessibility component allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is trigger...
PT-2026-44603
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in the GPU component allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is triggered through...
PT-2026-44574
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An integer overflow in ANGLE allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update to version...
PT-2026-44578
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A type confusion issue exists in V8, the JavaScript and WebAssembly engine. This allows an attacker to execute arbitrary code within a sandbox if a user is convinced to install a...
PT-2026-44609
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds write occurs in ANGLE, which is a compatibility layer that allows OpenGL ES to run on various graphics APIs. This issue allows a remote attacker who has already...
PT-2026-44699
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An inappropriate implementation in the Media component allows a remote attacker who has already compromised the renderer process to leak cross-origin data using a specially crafted HTM...
PT-2026-44690
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in ANGLE Almost Native Graphics Layer Engine allows a remote attacker who has compromised the renderer process to potentially perform a sandb...
PT-2026-44677
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in ANGLE Almost Native Graphics Layer Engine, a compatibility layer between OpenGL ES and native graphics APIs, allows a remote attacker to...
PT-2026-44676
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An integer overflow in V8 allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. Recommendations Update to version 148.0.7778.216 o...
PT-2026-44659
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in the UI allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occurs...
PT-2026-44641
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in Input. A remote attacker can exploit heap corruption—a condition where memory is incorrectly managed in the heap area—via a crafted HTML page, provided...
PT-2026-44619
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Out of bounds memory access in ANGLE allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Recommendations Update to version 148.0.7778.216 ...
PT-2026-44681
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out-of-bounds write exists in the V8 JavaScript engine, which is the component responsible for compiling and executing JavaScript code. This issue stems from a JIT Just-In-Time loop...
PT-2026-43793
In the Linux kernel, the following vulnerability has been resolved: rust: pwm: Fix potential memory leak on init error When initializing a PWM chip using pwmchip alloc, the allocated device owns an initial reference that must be released on all error paths. If pinned init were to fail, the...
PT-2026-43737
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Memory leaks occur in the SUNRPC auth gss component during XDR decoding error paths. The functions gssx dec ctx, gssx dec status, and gssx dec name allocate memory using gssx dec buffer,...
PT-2026-43752
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the cpcap-battery component. The problem occurs because the devm variant for requesting an IRQ is used before the devm variant for allocating or...
PT-2026-43520
The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the shortcode args to ht...
PT-2026-43848
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the css alloc subchannel function where device initialize is called before the DMA masks are configured. If the dma set coherent mask or dma set mask functions fail, t...
PT-2026-43852
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 file system when allocating blocks during within-EOF Direct I/O DIO and writeback with dioread nolock enabled. When splitting a large unwritten extent, the ex...
PT-2026-43786
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Real-Time RT load balancing mechanism where a CPU can enter an infinite self-Inter-Processor Interrupt IPI loop, leading to a CPU hardlockup. This occurs when a CP...
PT-2026-43823
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The vidi connection ioctl function incorrectly retrieves driver data from drm dev-dev to obtain a struct vidi context pointer. Because drm dev-dev refers to the exynos-drm master device,...
PT-2026-43837
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the bonding ALB RX path. During rapid bond up/down cycles, the rlb deinitialize function frees the rx hashtbl while RX handlers are still active. This...
PT-2026-43984
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.1 Description Improper validation of symbolic links during archive extraction could allow remote code execution. Recommendations Update IBM Langflow OSS to a version later than 1.9.1...
PT-2026-44003
Name of the Vulnerable Software and Affected Versions RabbitMQ versions 3.7.0 through 4.0.12 RabbitMQ versions 4.1.0 through 4.1.1 Description RabbitMQ is a messaging and streaming broker that contains a security issue. Recommendations Update to version 4.0.13 Update to version 4.1.2...
PT-2026-43592
Name of the Vulnerable Software and Affected Versions Synology Storage Manager versions prior to 1.0.1-1100 Description A flaw in the volume encryption component allows local attackers to obtain sensitive information. This occurs because the application uses the GET request method with sensitive...
PT-2026-43991
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...
PT-2026-43535
The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the search simple fields options function in functions admin.php. This makes it possible for unauthenticated...
PT-2026-43559
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the sync data24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
PT-2026-44118
Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO is an open-source framework for intelligent automation across devices and platforms. The software uses the user-controlled task name value directly when constructing session log...
PT-2026-44116
Name of the Vulnerable Software and Affected Versions Tanium Connect affected versions not specified Description An issue in Tanium Connect allows for unauthorized code execution, which occurs when an attacker can run arbitrary commands on the system without proper authorization. Recommendations ...
PT-2026-44033
A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b b d and earlier allows attackers to resume failed Multijob builds...
PT-2026-43842
In the Linux kernel, the following vulnerability has been resolved: ublk: use READ ONCE to read struct ublksrv ctrl cmd struct ublksrv ctrl cmd is part of the io uring sqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them...
PT-2026-43995
IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...
PT-2026-43542
A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...
PT-2026-43513
The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute, which is interpolated directly into an HTML iframe 'src' attribute...
PT-2026-43515
The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'postcategorygallery' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as...
PT-2026-44032
Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions prior to 1.1.6 Description Insufficient sanitization of filenames received from federated peers when constructing export destination paths allows a remote administrator of a federated server to perform a path...
PT-2026-43658
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...
PT-2026-43533
The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...
PT-2026-43483
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...
PT-2026-44092
CVE-2026-8089 🎊 This was a reflected XSS in @getwemail I've stopped hunting CVEs for a while now but the submissions keep rolling in slowly. You can check it out on wpscan: https://t.co/DYSaWuKQ0x More to come!...
PT-2026-43973
Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...
PT-2026-43608
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...