Lucene search
+L

990 matches found

ptsecurity
ptsecurity
added 2026/02/10 12:0 a.m.5 views

PT-2026-7251

Name of the Vulnerable Software and Affected Versions NX versions prior to 2512 Description The application contains a data validation issue that may allow an attacker with local access to manipulate internal data during the PDF export process. This could potentially lead to arbitrary code...

7.8CVSS5.8AI score0.00134EPSS
Exploits0References6
nessus
nessus
added 2026/02/09 12:0 a.m.5 views

Fedora 42 : plantuml (2026-0d819a3a70)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0d819a3a70 advisory. Update to version 1.2026.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

6.1CVSS5.6AI score0.00303EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/02/08 12:0 a.m.10 views

PT-2026-6942

Name of the Vulnerable Software and Affected Versions JAY Login & Register plugin for WordPress versions prior to 2.6.04 Description The JAY Login & Register plugin for WordPress is susceptible to a privilege escalation issue. The plugin permits a user to modify arbitrary user meta data via the j...

8.8CVSS5.6AI score0.0031EPSS
Exploits0References10
nuclei
nuclei
added 2026/02/07 12:3 a.m.11 views

WordPress List Site Contributors < 1.1.8 - Reflected XSS

WordPress List Site Contributors plugin 1.1.8 contains a reflected XSS caused by insufficient sanitization and escaping of the 'alpha' parameter, letting unauthenticated attackers inject scripts, exploit requires user interaction. id: CVE-2026-0594 info: name: WordPress List Site Contributors 1.1...

6.1CVSS5.2AI score0.00693EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/02/07 12:0 a.m.12 views

PT-2026-6893

Name of the Vulnerable Software and Affected Versions Wonka Slide versions up to and including 1.3.3 Description The Wonka Slide plugin for WordPress is susceptible to Stored Cross-Site Scripting through the list class shortcode. Insufficient input sanitization and output escaping on user-supplie...

6.4CVSS5.7AI score0.0019EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/02/07 12:0 a.m.23 views

PT-2026-6891

Name of the Vulnerable Software and Affected Versions Video Onclick plugin for WordPress versions prior to 0.4.8 Description The Video Onclick plugin for WordPress is susceptible to Stored Cross-Site Scripting through the youtube shortcode. This is due to inadequate input sanitization and output...

6.4CVSS5.4AI score0.0019EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/02/07 12:0 a.m.12 views

PT-2026-6918

Name of the Vulnerable Software and Affected Versions Tasin1025 SwiftBuy versions prior to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7 Description A security flaw exists in Tasin1025 SwiftBuy. The issue involves improper restriction of excessive authentication attempts within an unknown functionalit...

6.3CVSS4.9AI score0.00681EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2026/02/06 12:0 a.m.10 views

PT-2026-6718

Name of the Vulnerable Software and Affected Versions Yoast SEO versions prior to 26.9 Description The Yoast SEO plugin for WordPress is affected by a Stored Cross-Site Scripting issue. Insufficient input sanitization and output escaping in the yoast-schema block attribute allows authenticated...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/02/06 12:0 a.m.16 views

PT-2026-6835

Name of the Vulnerable Software and Affected Versions Nebula versions 1.7.0 through 1.10.2 Description Nebula is a scalable overlay networking tool. When using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a...

8.1CVSS5.5AI score0.00133EPSS
Exploits0References145
nessus
nessus
added 2026/02/06 12:0 a.m.10 views

Fedora 43 : open-vm-tools (2026-55bb6efd14)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-55bb6efd14 advisory. Update to 13.0.10. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

7.8CVSS7.8AI score0.0788EPSS
Exploits3References2
nuclei
nuclei
added 2026/02/05 7:9 a.m.12 views

ProfileGrid <= 5.7.8 - SQL Injection

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied 'search' parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-30490...

9.8CVSS8.6AI score0.02267EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/02/05 12:0 a.m.6 views

PT-2026-6280

Name of the Vulnerable Software and Affected Versions web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior Description The software contains an open redirect issue. Successful exploitation could allow a user to be redirected to a website chosen by an attacker when accessing a...

5.1CVSS5.4AI score0.00294EPSS
Exploits0References17
nuclei
nuclei
added 2026/02/04 7:0 a.m.10 views

CMP WordPress < 4.0.19 - Broken Access Control

CMP WordPress plugin 4.0.19 contains an arbitrary page layout change caused by insufficient access control in the coming soon page feature, letting unauthenticated users modify the layout, exploit requires no authentication. id: CVE-2022-0188 info: name: CMP WordPress 4.0.19 - Broken Access Contr...

5.3CVSS5.6AI score0.02315EPSS
Exploits2References1
nuclei
nuclei
added 2026/02/04 7:0 a.m.70 views

Puppeteer Renderer - Directory Traversal

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server. id: CVE-2024-36527 info: name: Puppeteer Renderer - Directory Traversal author: Stux severity: medium...

6.5CVSS9.1AI score0.02559EPSS
Exploits1References2
saint
saint
added 2026/02/04 12:0 a.m.101 views

React Native Community CLI remote command execution

Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...

9.8CVSS6.1AI score0.62378EPSS
Exploits5
ptsecurity
ptsecurity
added 2026/02/04 12:0 a.m.5 views

PT-2026-6260

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.2 Description n8n is a workflow automation platform. A Cross-Site Scripting XSS issue exists in the handling of webhook responses and related HTTP endpoints. The Content Security Policy CSP sandbox protection may no...

8.5CVSS5.5AI score0.00224EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/02/04 12:0 a.m.14 views

PT-2026-6102

Name of the Vulnerable Software and Affected Versions GLPI versions 0.85 through 10.0.22 Description GLPI is an asset and IT management software package. An authenticated user can perform a SQL injection. This allows for potential unauthorized access or modification of data within the system...

8.8CVSS5.7AI score0.00264EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.7 views

PT-2026-6235

Name of the Vulnerable Software and Affected Versions The Events Calendar Shortcode & Block versions through 3.1.1 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection ...

6.5CVSS5.4AI score0.00127EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.14 views

PT-2026-6012

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.2.6 Description The LatePoint – Calendar Booking Plugin for Appointments and Events for WordPress is susceptible to Stored Cross-Site Scripting. This is due to...

7.2CVSS5.8AI score0.00363EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.10 views

PT-2026-6215

Name of the Vulnerable Software and Affected Versions Ajay Better Search versions through 4.2.1 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This could allow an attacker to inject...

5.9CVSS5.4AI score0.00172EPSS
Exploits0References2
Rows per page
Query Builder