Lucene search
K
PtsecurityRecent

184252 matches found

Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57179

phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the concatenatePaths function within src/phpMyFAQ/Export/Pdf/Wrapper.php. A user with FAQ editing privileges can store HTML containing crafted image paths that are processed during PDF generation. The path...

5.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57281

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOTP code again while the code remained inside the RFC 6238 acceptance window because the verifier used otplib's stateless check with window ...

6.4CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57253

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session....

4.2CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57211

A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...

6.8CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57183

In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible...

9.6CVSS6.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57153

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared-frag marker in iptfs consume frags iptfs consume frags transfers paged fragments from one socket buffer to another but fails to propagate the SKBFL SHARED FRAG flag. This is the same class of bug that...

6AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57152

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quote channel/1, which...

2.1CVSS6.3AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57288

Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the created by value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in...

5.7CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57290

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders header color and related branding color settings inside a CSS style block with HTML escaping that is insufficient for the CSS context, allowing a superadmin to inject arbitrary CSS that affects...

6.2CVSS6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57285

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show and printInventory authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and...

4.3CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•3 views

PT-2026-57293

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in update read delta points in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTA POINT, allowing a malicious RDP...

8.6CVSS6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57291

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report delete endpoint authorizes only reports.view and deletes CheckoutAcceptance::pending-find$acceptanceId by global ID without checking access to the related checkoutable asset, allowing a reports user in...

5CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57151

mtr is vulnerable to Out-of-bound read vulnerability in ipinfo lookup function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME field. ipinfo...

5.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57295

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar decompress plane rle only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

5.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57283

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•3 views

PT-2026-57275

The DataInjection plugin for GLPI 2.15.6 GLPI 11 builds concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embe...

7.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57284

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url-previous from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect-intended... when redirect option=back is submitted, allowing Snipe-IT to be used ...

6.1CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57294

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in channels/rdpecam/server/camera devi...

6.5CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57289

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...

5.3CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57247

HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...

5.1CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57248

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not...

9.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57260

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...

9.8CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57255

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check, allowing an organization or instance administrator to store a...

7.3CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57261

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...

9.6CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57233

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components...

9.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57227

An unauthenticated path traversal vulnerability exists in the web management interface of WTI Wireless Technology, Inc. version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web roo...

7.5CVSS6.1AI score
Exploits1References3
Positive Technologies
Positive Technologies
•added yesterday•8 views

PT-2026-57232

Summary tarteaucitron provides a list of cookies and buttons to delete them. If an attacker can write HTML with data attributes, they could create an element that silently deletes a cookie when clicked and trick a user to delete this cookie. Details tarteaucitron.cookie.purge is called on any...

4.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57236

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block size only against the MINBSIZE lower bound and does not validate the fs fsize fragment size, allowi...

2.4CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57210

9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy ca...

7.4CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57201

A flaw was found in the file type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...

9.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•3 views

PT-2026-57209

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chat pipeline/step/chat step/impl/base chat step.py do not consistently validate MCP transport type, allowing an...

8.8CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57205

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57207

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57161

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57163

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57178

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57186

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible...

8.1CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57188

PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are...

6.9CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57185

In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data...

7.3CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added yesterday•9 views

PT-2026-57197

Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author any admin.pages user, or anyone able to write to user/pages to exfiltrate configuration secrets. Although the sandbox replaces the 'config' variable with a redacted facade and strips Config::get/toArray from the method...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57200

In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible...

3.5CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57196

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agents file parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Pope...

9.4CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57194

PraisonAI pip package praisonaiagents before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow. resolve pydantic class src/praisonai-agents/praisonaiagents/workflows/workflows.py. When a workflow step uses a string output pydantic reference, the framework locates and...

8.5CVSS6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57156

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57158

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score
Exploits0References10
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57221

ESF-IDF is the Espressif Internet of Things IOT Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg parse dqt marker in components/esp driver jpeg/jpeg parse marker.c because the attacker-controlled DQT marker Tq nibble is used as ...

7.5CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57225

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57213

A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been made public and could be used. The vendor...

6.5CVSS6.3AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57217

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•3 views

PT-2026-57223

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin ...

9.2CVSS6.3AI score
Exploits0References3
Total number of security vulnerabilities184252