Lucene search
K

1086375 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50846

Name of the Vulnerable Software and Affected Versions Avada Fusion Builder versions prior to 3.15.4 Description The Avada Fusion Builder plugin for WordPress allows unauthenticated attackers to delete arbitrary files on the server due to insufficient file path validation in the maybe delete files...

9.1CVSS6.7AI score0.01193EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-50984

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to provide crafted video frame pixels that overlap with internal encoder layer...

7.1CVSS6AI score0.00399EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-50981

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description A heap buffer overflow occurs in the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode allows the first-pass stats ring buffer wrap-around guard to...

7.6CVSS6.2AI score0.00275EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51001

Name of the Vulnerable Software and Affected Versions Slopsmith versions prior to 0.2.9-alpha.5 Description Slopsmith is a web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC. A path-traversal issue in the archive extractors allows an attacker to write arbitrary files...

9.4CVSS6.7AI score0.00568EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.9 views

PT-2026-50982

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description An arbitrary address write issue exists in the reference AV1 codec implementation. A missing bounds check in the Scalable Video Coding SVC layer ID control function allows an attacker to injec...

7.1CVSS6.1AI score0.00272EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50906

Name of the Vulnerable Software and Affected Versions Comodo Chromodo Browser version 52.15.25.664 Description The ChromodoUpdater service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker to place a malicious executable within the service path to...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50994

Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An unrestricted file upload issue allows authenticated attackers to upload arbitrary PHP files. This is achieved by submitting malicious files through the profile pic parameter via POST request...

8.8CVSS6.4AI score0.0067EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51631

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Gogs accepts organization names containing path traversal sequences ../, which allows repositories to be written to arbitrary locations on the filesystem. This occurs because the...

10CVSS6.1AI score0.01107EPSS
Exploits0References16
VulnCheck KEV
VulnCheck KEV
added 2026/06/19 12:0 a.m.8 views

VulnCheck KEV: CVE-2026-7515

The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...

9.8CVSS6.5AI score0.00886EPSS
In wildExploits2References2
CVE
CVE
added 2026/06/18 11:54 p.m.65 views

CVE-2026-40624

CVE-2026-40624 affects AVer PTC cameras: PTC500S, PTC115, PTC500+, and PTC115+. The advisory states that improper input validation in these devices may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request. The CVSS metrics indicate a CRI...

9.8CVSS5.8AI score0.00616EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 11:54 p.m.40 views

CVE-2026-40624 AVer PTC cameras Files or Directories Accessible to External Parties

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request...

9.8CVSS0.00616EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 11:37 p.m.92 views

CVE-2026-12046

CVE-2026-12046: pgAdmin 4 exposes unauthenticated deserialization sink in SQL Editor close and update_connection routes (DELETE /sqleditor/close/, POST /sqleditor/initialize/sqleditor/update_connection///). Missing @pga_login_required allows unauthenticated access to pickle.loads on session['grid...

9.5CVSS6.8AI score0.00715EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.33 views

CVE-2026-12046 pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/updateconnection/// -- were the only routes in the module missing the @pgaloginrequired decorator. Both reach a pickle.loads sink on session'gridData''commandobj':...

9.5CVSS0.00715EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 11:37 p.m.83 views

CVE-2026-12045

The CVE-2026-12045 affects pgAdmin 4 (from version 9.13 up to before 9.16) and concerns the AI Assistant read-only transaction bypass. A prompt-injection vulnerability allows an attacker who can influence content seen by the AI Assistant to craft LLM-generated SQL payloads that bypass the BEGIN T...

9.4CVSS7AI score0.00506EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.34 views

CVE-2026-12045 pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...

9.4CVSS0.00506EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 11:16 p.m.15 views

CVE-2026-56078

PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...

8.8CVSS0.00687EPSS
Exploits0References3
Circl
Circl
added 2026/06/18 11:11 p.m.4 views

GHSA-JC38-X7X8-2XC8

creationtimestamp| type| source ---|---|--- 2026-06-18 23:11:33+00:00| seen| https://gist.github.com/alon710/c26988bce97f88a79fd114238aa121f6...

5AI score
Exploits0References1
Circl
Circl
added 2026/06/18 10:41 p.m.4 views

GHSA-5739-39V2-5754

creationtimestamp| type| source ---|---|--- 2026-06-18 22:41:42+00:00| seen| https://gist.github.com/alon710/c128a0f63af7d1e750d123d65278758d...

5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 10:28 p.m.14 views

Malicious code in runtime-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ac68a991ebaacd1aef772aa462ad53510471f9f4439659a6e685e877aa460e On require, index.js lines 70-77 fetches JSON from https://jsonkeeper.com/b/CI3HT, extracts the .cookie field from the response, and passes it to new...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/06/18 10:28 p.m.10 views

MAL-2026-6144 Malicious code in runtime-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ac68a991ebaacd1aef772aa462ad53510471f9f4439659a6e685e877aa460e On require, index.js lines 70-77 fetches JSON from https://jsonkeeper.com/b/CI3HT, extracts the .cookie field from the response, and passes it to new...

6.5AI score
Exploits0References2
Rows per page
Query Builder