Lucene search
K

929 matches found

ptsecurity
ptsecurity
added 6 days ago7 views

PT-2026-56260

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0 Description An issue exists where the endpoint "/api/core/ai/record/getRecord" authenticates the caller but fails to implement team scoping when loading LLM request and response traces. By providing a known...

7.1CVSS6AI score0.00227EPSS
Exploits0References6
osv
osv
added last week5 views

GHSA-CHWM-M7G7-685G Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.9CVSS6.3AI score
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.11 views

PT-2026-54182

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description A race condition in the browser allows a local attacker with physical access to the device to obtain potentially sensitive information from process memory. Recommendations Update...

9.8CVSS6AI score0.00413EPSS
Exploits0References445
nvd
nvd
added 2026/06/29 6:16 p.m.15 views

CVE-2026-57951

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS0.00246EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/06/25 12:0 a.m.7 views

CVE-2026-37452

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component...

5.9AI score0.00398EPSS
Exploits1References3
cvelist
cvelist
added 2026/06/18 5:48 a.m.29 views

CVE-2026-55740 SQL Injection in Nur-Alam39 bus-ticket bus_info.php via busid parameter

Nur-Alam39 bus-ticket no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad contains an unauthenticated SQL injection vulnerability in businfo.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query select from businfo where id=$busid...

9.8CVSS0.00366EPSS
Exploits0References2
nvd
nvd
added 2026/06/17 10:54 a.m.10 views

CVE-2026-46977

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

3.2CVSS0.00162EPSS
Exploits0References1
nvd
nvd
added 2026/06/17 10:40 a.m.13 views

CVE-2026-35314

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Web Server Plugin. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Acces...

7.3CVSS0.00307EPSS
Exploits0References1
nessus
nessus
added 2026/06/17 12:0 a.m.10 views

Bosch Security Systems IP Cameras Improper Authentication (CVE-2021-23847)

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...

9.8CVSS8.4AI score0.01433EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.13 views

PT-2026-49948

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...

3.2CVSS5.8AI score0.00162EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.12 views

PT-2026-49839

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.5CVSS5.1AI score0.00272EPSS
Exploits0References2
cve
cve
added 2026/06/12 2:27 a.m.70 views

CVE-2026-47368

CVE-2026-47368 describes a path traversal vulnerability in certain UniFi OS devices. The issue could allow an attacker with network access to obtain data from UniFi OS devices or instances. The CVSS vector indicates a network, low complexity, no privileges required, with high confidentiality impa...

8.6CVSS5.4AI score0.00355EPSS
Exploits0References1
cve
cve
added 2026/06/09 5:34 p.m.34 views

CVE-2026-50636

CVE-2026-50636 affects LimeSurvey’s RemoteControl API, specifically the invite_participants and remind_participants methods. The root cause is that caller-supplied token-ID arrays are concatenated directly into a tid IN ('...') clause in TokenDynamic::findUninvited() without parameterization or i...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References3
nvd
nvd
added 2026/06/09 1:16 p.m.17 views

CVE-2017-20246

KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kcad' parameter in base.css.php or kittycatfish.php to extract sensiti...

8.8CVSS0.0027EPSS
Exploits0References4
nvd
nvd
added 2026/06/09 6:16 a.m.21 views

CVE-2026-41539

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS...

8.7CVSS0.00193EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.16 views

PT-2026-47687

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.2.9.3492 build 20260507 QuTS hero versions prior to h5.2.9.3499 build 20260514 QuTS hero versions prior to h5.3.4.3500 build 20260520 QuTS hero versions prior to h6.0.0.3500 build 20260520 Description A cross-site...

8.7CVSS4.9AI score0.00193EPSS
Exploits0References7
nessus
nessus
added 2026/06/09 12:0 a.m.9 views

EulerOS 2.0 SP11 : libarchive (EulerOS-SA-2026-2248)

According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing...

7.5CVSS7.2AI score0.00693EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34296

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

4.3CVSS7.3AI score0.00225EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:29 p.m.11 views

CVE-2026-46841

Vulnerability in Oracle REST Data Services component: General. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability c...

5.3CVSS5.4AI score0.00215EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:27 p.m.12 views

CVE-2026-22019

Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft component: Person Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise H...

5.4CVSS7.3AI score0.00152EPSS
Exploits0References1
Rows per page
Query Builder