PT-2026-43941

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A memory leak and use-after-free issue exists in the spi: ch341 driver. The problem occurs during probe failures when the...

PT-2026-43924

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Landlock security module where the LOG SUBDOMAINS OFF setting is not correctly inherited across fork. The hook cred transfer function only copies the Landlock...

PT-2026-43969

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component within the nft bitwise function. The carry propagation logic calculates the carry from the adjacent 32-bit word using BITS PER TYPEu32 - shift...

PT-2026-43909

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Memory leaks occur in the weighted interleave auto store function within the mm/mempolicy component. The issue arises because the old wi state is fetched only when the input is null. Thi...

PT-2026-43910

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the RDMA/rxe component where the rxe rcv function fails to properly validate the incoming packet length before calculating the payload size. The payload size calculation...

PT-2026-43857

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the slub allocator where the krealloc and kvrealloc functions can cause data loss or buffer overflows. This occurs during the reallocation fallback path when forcing a...

PT-2026-43950

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs during device setup failure in the SPI Serial Peripheral Interface subsystem. Specifically, if the spi setup function fails while registering a device, the...

PT-2026-43893

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The net:qrtr:ns component lacks bound checking on the number of lookups a client can perform. A malicious local client could...

PT-2026-43942

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A Use-After-Free UAF and memory leak issue exists in the atmel-sha204a crypto component. The problem occurs during the device removal process if the Atmel I2C workqueue is not flushed befor...

PT-2026-43873

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A 32-bit integer overflow exists in the nouveau gem pushbuf reloc apply function within the drm/nouveau component. The issue occurs during the validation of relocations where the additio...

PT-2026-43912

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the md/md-llbitmap component where the system fails to check the In sync flag when reading bitmap pages from member disks. The code iterates through all rdevs and read...

PT-2026-43592

Name of the Vulnerable Software and Affected Versions Synology Storage Manager versions prior to 1.0.1-1100 Description A flaw in the volume encryption component allows local attackers to obtain sensitive information. This occurs because the application uses the GET request method with sensitive...

PT-2026-44118

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO is an open-source framework for intelligent automation across devices and platforms. The software uses the user-controlled task name value directly when constructing session log...

PT-2026-44116

Name of the Vulnerable Software and Affected Versions Tanium Connect affected versions not specified Description An issue in Tanium Connect allows for unauthorized code execution, which occurs when an attacker can run arbitrary commands on the system without proper authorization. Recommendations ...

PT-2026-44033

A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b b d and earlier allows attackers to resume failed Multijob builds...

PT-2026-43842

In the Linux kernel, the following vulnerability has been resolved: ublk: use READ ONCE to read struct ublksrv ctrl cmd struct ublksrv ctrl cmd is part of the io uring sqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them...

PT-2026-43995

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

PT-2026-43542

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

PT-2026-43513

The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute, which is interpolated directly into an HTML iframe 'src' attribute...

PT-2026-43515

The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'postcategorygallery' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as...

PT-2026-44032

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions prior to 1.1.6 Description Insufficient sanitization of filenames received from federated peers when constructing export destination paths allows a remote administrator of a federated server to perform a path...

PT-2026-43658

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

PT-2026-43533

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

PT-2026-43483

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

PT-2026-44092

CVE-2026-8089 🎊 This was a reflected XSS in @getwemail I've stopped hunting CVEs for a while now but the submissions keep rolling in slowly. You can check it out on wpscan: https://t.co/DYSaWuKQ0x More to come!...

PT-2026-43973

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...

PT-2026-43608

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

PT-2026-43642

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...

PT-2026-44015

Name of the Vulnerable Software and Affected Versions Jenkins Credentials Binding Plugin versions 720.v3f6decef43ea and earlier Description Insufficient sanitization of file names for file and zip file credentials allows attackers who can provide credentials to a job to write files to arbitrary...

PT-2026-44050

Name of the Vulnerable Software and Affected Versions TeamSpeak 3 Server versions prior to 3.13.8 Description A use after free issue exists in the Connection State Management component. The flaw occurs when the server receives two clientinit packets in rapid succession on UDP port 9987. While one...

PT-2026-43555

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24api getUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

PT-2026-43989

Name of the Vulnerable Software and Affected Versions IBM Aspera High-Speed Transfer Endpoint versions 3.7.4 through 4.4.7 Fix Pack 1 IBM Aspera High-Speed Transfer Server versions 3.7.4 through 4.4.7 Fix Pack 1 Description A potential denial of service exists in the asperahttpd component. An...

PT-2026-43776

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtk clk register gate to use mtk gate struct" the mtk gate structs are no longer just used for initialization/registration, but...

PT-2026-43591

Name of the Vulnerable Software and Affected Versions Synology Assistant versions prior to 7.0.6-50085 Description An origin validation error allows local users to write arbitrary files with restricted content during the installation process. Recommendations Update to version 7.0.6-50085 or later...

PT-2026-43569

The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString method which compiles user-supplied template content into PHP code and executes it via eval...

PT-2026-43648

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...

PT-2026-47207

Unknown description...

PT-2026-44022

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...

PT-2026-43843

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the amdgpu ras init function. When the amdgpu nbio ras sw init function fails, the system returns an error code immediately without freeing the allocated con...

PT-2026-44007

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get resource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

PT-2026-43812

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix race condition during PASID entry replacement The Intel VT-d PASID table entry is 512 bits 64 bytes. When replacing an active PASID entry e.g., during domain replacement, the current implementation calculates a ne...

PT-2026-43610

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

PT-2026-44096

Name of the Vulnerable Software and Affected Versions Gladinet Triofox affected versions not specified Description A stack-based buffer overflow condition exists in the WOSDefaultHttpModule.dll library. This issue occurs when the system processes a long URL path that begins with the '/woshome'...

PT-2026-43600

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a no...

PT-2026-43590

Name of the Vulnerable Software and Affected Versions Synology Active Backup for Business Agent versions prior to 3.1.0-4967 Description An origin validation error occurs during installation, which allows local users to write arbitrary files containing restricted content. Recommendations Update t...

PT-2026-43594

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

PT-2026-43733

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the caif serial component of the Linux kernel. A race condition occurs between the ldisc close function and packet transmission. Specifically, ldisc clos...

PT-2026-43803

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the goldfish power supply component. The problem occurs because the devm variant for requesting an IRQ is used before the devm variant for allocating or...

PT-2026-44589

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in WebGL allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A...

PT-2026-43762

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A livelock issue exists between quotactl and freeze super in kernels with preemption disabled. When a filesystem is frozen, the quotactl block function enters a retry loop using the sb...