Lucene search
K
PtsecurityMost viewed

184377 matches found

Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.25 views

PT-2026-41977

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description A stored cross-site scripting XSS issue exists due to improper sanitization of elements. The application permits the use of javascript: URIs within the src attribute, which execute when a malicious...

9.3CVSS5.4AI score0.0023EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.25 views

PT-2026-41840

Name of the Vulnerable Software and Affected Versions Piotnet Addons for Elementor Pro versions prior to 7.1.71 Description Missing file type validation in the pafe ajax form builder function allows unauthenticated attackers to upload arbitrary files to the server. The plugin employs an incomplet...

9.8CVSS6.2AI score0.00953EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.25 views

PT-2026-41774

Name of the Vulnerable Software and Affected Versions TinyIce versions 0.8.95 through 2.4.1 Description TinyIce is a streaming server for audio and video. A missing authentication check on the WebRTC ingest endpoint 'POST /webrtc/source-offer?mount=' allows unauthenticated users to inject streams...

8.2CVSS5.7AI score0.00357EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.25 views

PT-2026-41767

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of the docker cp command. When copying files into a container, the daemon creates a temporary filesystem view by bind-mounting volumes. A process...

7.2CVSS5.9AI score0.00104EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.25 views

PT-2026-41689

Name of the Vulnerable Software and Affected Versions Neotoma versions 0.6.0 through 0.11.0 Description Neotoma can treat public reverse-proxied requests as local when the application receives them over a loopback socket and no Bearer token is present. This occurs in deployments behind a reverse...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.25 views

PT-2026-41186

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description The task create tool spawns durable sub-agents that inherit insecure default settings. Specifically, the allow shell variable defaults to true and the auto approve variable defaults to true. When ...

9.6CVSS5.9AI score0.0026EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.25 views

PT-2026-41176

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.31 Description A Cross-Site Scripting issue exists in the SVG renderer implementation. This allows the permanent storage of HTML or JavaScript code within the application, which is then executed in the context ...

5.1CVSS5.8AI score0.00165EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.25 views

PT-2026-41145

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions prior to 2.39.0 Description The backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function ExtractTarGz in api/archive/targz.go constructs...

5.5CVSS5.9AI score0.00606EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.25 views

PT-2026-41185

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description Server-Side Request Forgery SSRF occurs when the application fails to properly validate IPv6 addresses provided directly in a URL, such as http://::1. While the system validates hostnames that...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.25 views

PT-2026-40895

Name of the Vulnerable Software and Affected Versions CC Child Pages versions prior to 2.1.2 Description The CC Child Pages plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Authenticated attackers with Contributor-lev...

6.4CVSS6AI score0.00156EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.25 views

PT-2026-40001

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.00195EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.25 views

PT-2026-40439

Name of the Vulnerable Software and Affected Versions DNS Cluster affected versions not specified Description SSL verification is disabled in the DNS Cluster system. This allows a malicious server to perform a man-in-the-middle attack, which is a technique where an attacker intercepts communicati...

8.2CVSS5.8AI score0.00252EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.25 views

PT-2026-39986

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

7.2CVSS5.9AI score0.00274EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.25 views

PT-2026-40101

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability i...

8.5CVSS5.8AI score0.00147EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.25 views

PT-2026-39574

Zephyr sockets created with IPPROTO TLS 1 3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtls ssl conf min tls version. The ClientHello advertises both versions and the...

5.3CVSS5.8AI score0.00243EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.25 views

PT-2026-39829

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions...

5.8AI score0.00242EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.25 views

PT-2026-39664

Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.39 Description BentoML is a Python library used for building online serving systems optimized for AI applications and model inference. A flaw exists where a malicious bentofile.yaml file containing a...

8.8CVSS5.8AI score0.00321EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.25 views

PT-2026-38919

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions 4.21.0.0 through 4.22.0.0 Description Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. The Proxmox extension improperly uses a user-editable instance...

9.1CVSS5.8AI score0.005EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.25 views

PT-2026-38675

Name of the Vulnerable Software and Affected Versions cPanel Nova plugin versions prior to 11.136.0.9 cPanel Nova plugin versions prior to 11.136.1.10 WP Squared cPanel Nova plugin versions prior to 11.134.0.25 cPanel Nova plugin versions prior to 11.132.0.31 cPanel Nova plugin versions prior to...

8.8CVSS6.1AI score0.00493EPSS
Exploits0References31
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.25 views

PT-2026-38407

Name of the Vulnerable Software and Affected Versions PyTorch Lightning versions 2.6.2 through 2.6.3 Description PyTorch Lightning, a deep learning framework used to pretrain and finetune AI models, contains compromised versions that include malicious code. This code introduces functionality...

9.8CVSS5.8AI score0.00392EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.25 views

PT-2026-38450

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.25 views

PT-2026-38334

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.0.0 through 3.2.8 OpenEXR versions 3.3.0 through 3.3.10 OpenEXR versions 3.4.0 through 3.4.10 Description The IDManifest::init function reconstructs strings from a prefix-compressed representation. When a previous string...

9.1CVSS6AI score0.00354EPSS
Exploits1References32
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.25 views

PT-2026-37469

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where the Integrity Measurement Architecture IMA measurement buffer passed from a previous kernel may fall outside the addressable RAM of a new kernel when the second-sta...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.25 views

PT-2026-37907

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

5.8CVSS6.7AI score0.02879EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.25 views

PT-2026-38275

Name of the Vulnerable Software and Affected Versions com.ritense.valtimo:document versions 12.0.0 through 12.31.0 com.ritense.valtimo:case versions 13.0.0 through 13.22.0 com.ritense.valtimo:contract versions 13.4.0 through 13.22.0 Description Valtimo is an open-source business process automatio...

9.1CVSS6AI score0.00576EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.25 views

PT-2026-38305

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.32 Description A logical flaw in the URL checking logic allows attackers to bypass security filters, leading to Server-Side Request Forgery SSRF. The system uses the validate url function to perform security...

9.8CVSS5.8AI score0.00378EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.25 views

PT-2026-38272

Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The SimplePdo::insert, SimplePdo::update, and SimplePdo::delete functions build SQL statements by concatenating the $table argument and the keys of the $data array directly into the query without...

8.8CVSS5.9AI score0.00396EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.25 views

PT-2026-37283

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.1.3 Description The MCP HTTP transport accepts JSON-RPC tools/call requests without requiring authentication, sessions, origins, or token checks, dispatching them directly to the orchestrator's tool registry...

8.7CVSS5.8AI score0.00471EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.25 views

PT-2026-37212

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A stack-based buffer overflow occurs in the sprintf function within the yyxz.asp file. This issue allows a remote attacker to trigger the overflow by manipulating the ID argument. Recommendations A...

9CVSS7.4AI score0.0408EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.25 views

PT-2026-36549

Name of the Vulnerable Software and Affected Versions mem0ai mem0 versions prior to 1.0.12 Description An unsafe deserialization issue exists in the pickle.load and pickle.dump functions within the mem0/vector stores/faiss.py file. This allows a remote attacker to perform a manipulation that...

6.5CVSS6.6AI score0.00315EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.25 views

PT-2026-34013

An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...

9CVSS5.8AI score0.0044EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.25 views

PT-2026-34038

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension bundle ID uk.craigbass.clearancekit.opfilter can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any...

8.2CVSS5.7AI score0.00105EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.25 views

PT-2026-30991

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements.This issue affects...

6.9CVSS5.9AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.25 views

PT-2026-29688

Name of the Vulnerable Software and Affected Versions W3 Total Cache versions up to and including 2.9.3 Description The W3 Total Cache plugin for WordPress is susceptible to information disclosure. The plugin bypasses its output buffering and processing when the User-Agent header contains "W3 Tot...

7.5CVSS5.8AI score0.00956EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.25 views

PT-2026-28321

Name of the Vulnerable Software and Affected Versions Grafana OSS affected versions not specified Description An authorization bypass exists in the provisioning contact points API. This allows users with the Editor role to modify protected webhook URLs without the necessary...

6.5CVSS5.9AI score0.00238EPSS
Exploits0References100
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.25 views

PT-2026-28182

Name of the Vulnerable Software and Affected Versions Saloon versions prior to 4.0.0 Description Saloon is a PHP library used for building API integrations and SDKs. The library used PHP's unserialize function in the AccessTokenAuthenticator::unserialize method, with allowed classes set to true, ...

9.8CVSS6.4AI score0.00622EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.25 views

PT-2026-23342

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Happy Baby happy-baby allows PHP Local File Inclusion.This issue affects Happy Baby: from n/a through = 1.2.12...

5.9AI score0.00403EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.25 views

PT-2026-23291

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX DroneX dronex allows PHP Local File Inclusion.This issue affects DroneX: from n/a through = 1.1.12...

5.9AI score0.00403EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.25 views

PT-2026-23321

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpDataTables wpDataTables wpdatatables allows PHP Local File Inclusion.This issue affects wpDataTables: from n/a through = 6.5.0.1...

5.9AI score0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.25 views

PT-2026-23338

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dixon dixon allows PHP Local File Inclusion.This issue affects Dixon: from n/a through = 1.4.2.1...

5.9AI score0.00403EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.25 views

PT-2026-23299

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Green Thumb greenthumb allows PHP Local File Inclusion.This issue affects Green Thumb: from n/a through = 1.1.12...

5.9AI score0.00403EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.25 views

PT-2026-22285

A vulnerability was detected in libvips 8.19.0. This affects the function vips bandrank build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now...

5.3CVSS5.9AI score0.00243EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.25 views

PT-2026-51783

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 Description A memory leak exists in multiple coders that write raw pixel data because allocated objects are not properly freed. An attacker can trigger this issue by processing specially crafted images,...

7.5CVSS5.8AI score0.00895EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.25 views

PT-2026-20802

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here...

5.5AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.25 views

PT-2026-42539

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.10 Description An issue exists where the '/user/update' endpoint does not restrict which fields a user can modify when updating their own account. This allows a user to change their user role to proxy admin,...

9CVSS5.3AI score0.00653EPSS
Exploits2References23
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.25 views

PT-2026-6612

Name of the Vulnerable Software and Affected Versions Tanium Deploy affected versions not specified Description Tanium Deploy suffers from an improper access controls issue. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

4.3CVSS5.4AI score0.00238EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.25 views

PT-2026-5187

Name of the Vulnerable Software and Affected Versions 66biolinks version 44.0.0 Description A directory traversal issue exists in the “Static Sites” feature. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences...

6.5CVSS5.5AI score0.00632EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.25 views

PT-2026-5206

Name of the Vulnerable Software and Affected Versions Acquia Content Hub versions 0.0.0 through 3.6.3 Acquia Content Hub versions 3.7.0 through 3.7.2 Description A Cross-Site Request Forgery CSRF issue exists in Acquia Content Hub. This allows attackers to perform actions on behalf of authenticat...

8.1CVSS5.9AI score0.0013EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.25 views

PT-2026-4802

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda W30E V2 versions up to and including V16.01.0.195037 Description The device features an insecure Cross-Origin Resource Sharing CORS policy on authenticated administrative endpoints. The configuration sets...

7.8CVSS5.4AI score0.00211EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.25 views

PT-2026-3489

Name of the Vulnerable Software and Affected Versions birkir versions prior to 0.4.0.beta.0 Description A flaw exists in birkir that could lead to a denial of service. The issue is located within the GraphQL Array Based Query Batch Handler component, specifically affecting an unknown function...

6.9CVSS5.7AI score0.00678EPSS
Exploits1References7
Total number of security vulnerabilities5000