Lucene search
K
PtsecurityMost viewed

184379 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.24 views

PT-2026-52759

Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.24 views

PT-2026-52187

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max ttl, count, or time out request parameters due to insufficient input validation when constructing shell...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.24 views

PT-2026-52606

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.6.30 Description A cross-site scripting issue exists in the default security configuration of the Admin plugin page editor. Privileged users with page editing capabilities can inject malicious scripts to execute...

5.4CVSS6AI score0.00167EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.24 views

PT-2026-51458

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Organization team member management can be performed via GET requests without Cross-Site Request Forgery CSRF protection. CSRF is a security flaw where an attacker tricks a logged-in user into executin...

8.8CVSS6AI score0.00248EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.24 views

PT-2026-51407

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A weak parsing issue exists in the x-limited-key-id header. Remote attackers can bypass subkey enforcement by submitting duplicate headers, zero, or malformed values that result in falsy values or N...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.24 views

PT-2026-51462

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description Authenticated users with automation permissions can bypass the Server-Side Request Forgery SSRF blacklist through DNS rebinding. This occurs because the outbound fetch flow resolves the DNS twice:...

8.5CVSS5.8AI score0.00202EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.24 views

PT-2026-51258

Name of the Vulnerable Software and Affected Versions kortix-ai suna versions prior to 0.8.39 Description A weakness in the Auth Endpoint component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted websites. The issue exists within...

5.3CVSS5.7AI score0.00288EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.24 views

PT-2026-51229

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 and later Description A stored cross-site scripting issue exists in the User Permissions page. The software fails to properly perform HTML escaping when rendering user group names. This allows attackers with...

4.8CVSS5.8AI score0.00148EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.24 views

PT-2026-51132

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains insufficient authorization checks that allow unauthenticated attackers to delete and modify files on the server. This issue occurs within t...

7.5CVSS5.9AI score0.00433EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50838

Name of the Vulnerable Software and Affected Versions Blocksy Companion versions prior to 2.1.46 Description The Blocksy Companion plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings caused by insufficient input sanitization and output escaping. This allows...

4.4CVSS5.9AI score0.00208EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50837

Name of the Vulnerable Software and Affected Versions BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor versions prior to 4.5.4 Description Stored Cross-Site Scripting occurs via the blockId attribute of the 'betterdocs/category-slate-layout' Gutenberg block. The issue...

6.4CVSS6AI score0.00212EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-51063

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.3 Description When parsing a JSON object with a key of 254 bytes or longer, the Oj.load function in :object mode reads uninitialized stack memory. For keys 256 bytes or longer, the process also performs an out-of-boun...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-51037

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A cross-tenant authorization bypass exists in PostgREST endpoints. This issue allows API keys with organization-level read permissions to access webhook secrets and delivery logs belonging to other...

7.1CVSS5.9AI score0.00241EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50628

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS5.8AI score0.00355EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50792

Name of the Vulnerable Software and Affected Versions guzzlehttp/psr7 versions prior to 2.12.1 Description guzzlehttp/psr7 fails to reject Carriage Return CR and Line Feed LF characters in specific HTTP start-line fields, including the request method, protocol version, and response reason phrase...

4.8CVSS5.8AI score0.00158EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50796

Name of the Vulnerable Software and Affected Versions Relyra versions 1.0.0 through 1.1.0 Description Relyra is a SAML 2.0 Service Provider library for Elixir and Phoenix that accepts forged SAML signatures. This occurs because the SignatureValue is not cryptographically verified before the libra...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50224

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.5AI score0.00084EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50535

Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.2 Description A stored Cross-Site Scripting XSS issue exists in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside ...

5.8CVSS5.3AI score0.0012EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50545

Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile with an empty folder...

7.1CVSS5.4AI score0.00343EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50259

Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler versions prior to 3.4.2 Description A missing authorization check in the DataSource API allows unauthenticated users to expose arbitrary data source metadata. This occurs because the API does not require a login to acce...

9.8CVSS5.3AI score0.0039EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50518

Name of the Vulnerable Software and Affected Versions Hermes Agent versions prior to 0.16.0 Description A DNS rebinding issue in WebSocket endpoints allows remote attackers to bypass Host and Origin validation. This occurs because FastAPI HTTP middleware does not execute for WebSocket upgrade...

8.7CVSS6AI score0.006EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50235

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description A race condition in the eventCallback function of Nfc.h can lead to a use-after-free scenario. This issue allows for local escalation of privilege without requiring additional executio...

10CVSS5.5AI score0.00121EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50400

Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50526

Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description Improper access controls exist within the Student Self-Registration Endpoint in the /index.php file. This flaw allows for remote exploitation,...

7.5CVSS7.2AI score0.00284EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-50055

Vulnerability in the Oracle Property Manager product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Property...

7.2CVSS5.2AI score0.00453EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-50082

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-50131

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

7.5CVSS7.2AI score0.00723EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-50175

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description When @n8n/mcp-browser is operated in HTTP transport mode using the --transport http flag, the MCP endpoint allows session initialization and tool invocation requests without...

10CVSS5.9AI score0.00403EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-49916

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebCenter Content: Imaging version 12.2.1.4.0 Oracle Fusion Middleware WebCenter Content: Imaging version 14.1.2.0.0 Description An issue in the Core component of WebCenter Content: Imaging allows an unauthenticated...

9.8CVSS5.8AI score0.00483EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-50074

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...

3.2CVSS5.8AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.24 views

PT-2026-49290

Name of the Vulnerable Software and Affected Versions Ruoyi version 4.8.2 Description Cross Site Scripting XSS occurs at the '/system/notice/add' endpoint. XSS is a type of security flaw that allows an attacker to inject malicious scripts into web pages viewed by other users. Recommendations At t...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.24 views

PT-2026-49528

Name of the Vulnerable Software and Affected Versions i18next versions prior to 2.6.6 Description Prototype pollution occurs via crafted missing-key strings when used to persist missing translation keys. This happens when the Backend.writeFile function splits queued missing-key strings using the...

9.1CVSS5.9AI score0.00419EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.24 views

PT-2026-49247

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description Angular supports Hydration via provideClientHydration to optimize client-side bootstrap in Server-Side Rendered SSR environments...

8.6CVSS5.8AI score0.00179EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.24 views

PT-2026-49136

driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle 0x27 SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a...

8.8CVSS5.7AI score0.00459EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.24 views

PT-2026-48976

Name of the Vulnerable Software and Affected Versions Hash Elements versions prior to 1.5.5 Description An issue in HashThemes Hash Elements allows the retrieval of embedded sensitive system information to an unauthorized control sphere. Recommendations Update to version 1.5.5 or later...

4.3CVSS5.2AI score0.00175EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.24 views

PT-2026-48823

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description An improper input validation issue exists in certain devices running UniFi OS. A malicious actor with network access and low privileges can exploit this to escalate privileges within the...

9.9CVSS5.2AI score0.00303EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.24 views

PT-2026-49033

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description An approval display truncation issue allows authenticated users to hide command suffixes from approvers. This enables attackers to submit oversized exec commands that feature benign prefixes and...

8.5CVSS5.5AI score0.00232EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.24 views

PT-2026-49048

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.76 Description A heap buffer out-of-bounds read occurs in the antivirus engine when scanning a malformed PDF file. This issue may lead to local execution of code or a denial-of-service of the engine...

7.8CVSS5.7AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.24 views

PT-2026-48789

Name of the Vulnerable Software and Affected Versions Idira Identity Browser Extension Chrome, Firefox, and Edge builds versions prior to 26.8.1 Description An origin validation flaw exists within the internal web-page verification routines. This issue allows a remote attacker to trigger...

8.4CVSS5.6AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.24 views

PT-2026-48610

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum location notification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

4.7CVSS5.7AI score0.00188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.24 views

PT-2026-48617

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description The Wss4jSecurityInterceptor...

8.2CVSS5.8AI score0.00229EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.24 views

PT-2026-48810

Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.7.3 Description The ext in upload validation rule incorrectly checks the MIME-derived guessed extension instead of the extension provided in the client filename. This allows a file with an executable extension,...

9.8CVSS6.2AI score0.00078EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.24 views

PT-2026-48622

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description When WS-Addressing is used with...

8.6CVSS5.8AI score0.00383EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.24 views

PT-2026-48618

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description X509AuthenticationProvider could...

5.4CVSS5.8AI score0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.24 views

PT-2026-48443

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

9.1CVSS5.5AI score0.00288EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.24 views

PT-2026-48453

A missing authentication check on the Aix‑DB "/llm/process llm out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.24 views

PT-2026-48473

Name of the Vulnerable Software and Affected Versions go-base versions prior to the May 17, 2026 patch Description The software contains a hardcoded JWT signing secret set to "random" in the dev.env template and as a programmatic fallback in the viper.SetDefault function within cmd/serve.go. A...

9.1CVSS5.9AI score0.00055EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.24 views

PT-2026-47751

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

7.3CVSS5.4AI score0.00085EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.24 views

PT-2026-48333

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.24 Spring Security versions 5.8.0 through 5.8.26 Spring Security versions 6.3.0 through 6.3.17 Spring Security versions 6.4.0 through 6.4.17 Spring Security versions 6.5.0 through 6.5.10 Description T...

8.1CVSS5.8AI score0.00116EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.24 views

PT-2026-48200

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Total number of security vulnerabilities5000