PT-2022-11: Remote Buffer Overflow in HPE iLO Amplifier Pack

The vulnerability was identified in HPE iLO Amplifier Pack versions prior to 2.12. These vulnerabilities could be exploited by a highly privileged user to remotely execute code that could lead to a loss of confidentiality, integrity, and availability. Vulnerability status: Confirmed by vendor Dat...

PT-2021-15259 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 3.13 Rocket.Chat version 3.12.2 Rocket.Chat version 3.11.3 Description: An information disclosure issue exists in the Rocket.Chat server that allows email addresses to be disclosed through enumeration and...

PT-2021-11776 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11 Description: A NULL pointer dereference flaw may occur in the sco sock getsockopt function in net/bluetooth/sco.c due to the lack of a sanity check for a socket connection when using BT SNDMTU/BT RCVMTU for...

PT-2021-8095 · Red Hat +3 · Ansible Tower +4

Name of the Vulnerable Software and Affected Versions: Red Hat Ansible Automation Platform versions prior to 1.2.2 Ansible Tower versions prior to 3.8.2 Description: A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in...

PT-2022-4817 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a boundary error when setting a font with malicious data using the ioctl cmd PIO FONT, which can cause the kernel to write memory out of bounds. This can...

PT-2020-6885 · WordPress · Contact Form 7

Name of the Vulnerable Software and Affected Versions: Contact Form 7 versions prior to 5.3.2 Description: The issue is related to an Unrestricted File Upload vulnerability in the Contact Form 7 plugin for WordPress, which can lead to remote code execution. This is because a filename may contain...

PT-2020-16888 · Icewarp · Icewarp

Name of the Vulnerable Software and Affected Versions: IceWarp version 11.4.5.0 Description: The issue allows for a Cross-Site Scripting XSS attack via the language parameter. This can potentially lead to malicious script execution on the client-side. The estimated number of affected devices and...

PT-2020-6663 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue was discovered in the Linux kernel, specifically in the llcp sock connect function related to the NFC protocol. This issue is associated with incorrect memory...

PT-2020-3440 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 8.0.20 and prior Description: The issue allows a highly privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the unauthorized ability to...

PT-2020-15373 · Jenkins · Jenkins Deployhub Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins DeployHub Plugin versions 8.0.14 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. The credentials are...

PT-2020-3260 · Apache +8 · Apache Http Server +8

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.0 through 2.4.41 Description: The issue is related to the mod proxy ftp function in the Apache HTTP Server, which may use uninitialized memory when proxying to a malicious FTP server. This could allow a remote...

PT-2019-14826

Name of the Vulnerable Software and Affected Versions Puma versions prior to 3.12.2 Puma versions prior to 4.3.1 Description A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened th...

PT-2019-4784

Name of the Vulnerable Software and Affected Versions Nokogiri versions 1.10.3 and earlier Rexical versions 1.0.6 and earlier Description A command injection issue allows commands to be executed in a subprocess via Ruby's Kernel.open method. This occurs when the undocumented method...

PT-2019-4623 · Django +2 · Django +2

Name of the Vulnerable Software and Affected Versions: Django versions 1.11.x through 1.11.18 Django versions 2.0.x through 2.0.10 Django versions 2.1.x through 2.1.5 Description: The issue is related to uncontrolled memory consumption, which can lead to a complete depletion of resources,...

PT-2019-4489 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel version 4.19.83 Description: The issue is related to a use-after-free read in the debugfs remove function in fs/debugfs/inode.c, which can be used to remove a file or directory in debugfs that was previously created with a call t...

PT-2018-2518

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.5.14 Ansible versions prior to 2.6.11 Ansible versions prior to 2.7.5 Description The issue is related to a information disclosure flaw in vvv+ mode when no log is on, which can lead to the leakage of sensitive data...

PT-2018-2561 · Nginx +4 · Nginx +4

Name of the Vulnerable Software and Affected Versions: nginx versions prior to 1.15.6 nginx versions prior to 1.14.1 Description: The issue is related to the implementation of the HTTP/2 protocol in the nginx server, which can lead to uncontrolled resource consumption. This can allow a remote...

PT-2018-2775 · Gnu +5 · Glibc +5

Name of the Vulnerable Software and Affected Versions: glibc versions 2.27 and earlier Description: The issue is caused by an integer overflow in the mempcpy function of the glibc library, which provides system calls and basic functions. This overflow can occur when processing very long pathname...

PT-2017-4054

Name of the Vulnerable Software and Affected Versions Hikvision DS-2CD2xx2F-I Series versions V5.2.0 build 140721 through V5.4.0 build 160530 Hikvision DS-2CD2xx0F-I Series versions V5.2.0 build 140721 through V5.4.0 Build 160401 Hikvision DS-2CD2xx2FWD Series versions V5.3.1 build 150410 through...

PT-2016-4567 · Php +3 · Phpmailer +3

Name of the Vulnerable Software and Affected Versions: PHPMailer versions prior to 5.2.20 Description: The issue is related to the isMail transport in PHPMailer, where improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP might allow...

PT-2015-13: Unauthorized Access in Siemens SIMATIC HMI Devices

The specialists of the Positive Research center have detected a Unauthorized Access vulnerability in Siemens SIMATIC HMI Devices. The vulnerability allows remote attackers to obtain password hashes for SIMATIC WinCC users and complete authentication. How to fix Update your sofware up to the lates...

PT-2014-17: Weak encryption of account data in Wonderware Information Server

The specialists of the Positive Research center have detected a Weak encryption of account data vulnerability in Wonderware Information Server. Encryption of WIS is insufficient. This vulnerability could allow elevation of privileges if an attacker decrypts the credentials. The system would need ...

PT-2013-81: Cross-Site Request Forgery in Siemens SIMATIC S7-1500 CPU PLC

The specialists of the Positive Research center have detected a Cross-Site Request Forgery vulnerability in Siemens SIMATIC S7-1500 CPU PLC. The web server of the affected PLCs port 80/tcp and port 443/tcp might allow CSRF Cross-Site Request Forgery attacks, compromising integrity and availabilit...

PT-2013-30: Denial of Service in Siemens Simatic WinCC TIA Portal

The specialists of the Positive Research center have detected "Denial of Service" vulnerability in Siemens Simatic WinCC TIA Portal. By manipulating HTTP requests an authenticated attacker may crash the HMI’s web application. The web application will become unavailable until the device is...

PT-2026-48947

Name of the Vulnerable Software and Affected Versions SimpleHelp versions prior to 5.5.16 SimpleHelp 6.0 pre-release versions Description An authentication bypass exists in the OIDC OpenID Connect authentication flow. When OIDC is configured, the system accepts identity tokens submitted during...

PT-2026-48992

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

PT-2026-48690

Summary The OpenZeppelin Contracts Wizard generated Hardhat test/test.ts and Foundry test/.t.sol example test files that interpolated user-supplied strings opts.name, opts.uri into the test source without escaping. A crafted input could produce a generated test file in which the input string brok...

PT-2026-48664

SQL Injection vulnerability in damasac thaipalliative lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

PT-2026-47770

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...

PT-2026-47834

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference occurs in the OpenSSL QUIC server when receiving a QUIC initial packet containing an invalid or expired token. This issue is triggered specifically when address...

PT-2026-48268

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description Improper Input Validation allows for arbitrary code execution in the context of the current user. This issue can be exploited without requiring any user...

PT-2026-47767

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

PT-2026-47259

Name of the Vulnerable Software and Affected Versions VMware Cloud Foundation Operations affected versions not specified Description Stored cross-site scripting issues exist where a malicious actor with privileges to create policies, views, or text-widgets can inject scripts. This allows the...

PT-2026-47230

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

PT-2026-47237

A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing a manipulation of...

PT-2026-47175

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN 0042e200 of the file /cgi-bin/glc of the component SET USER PWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version...

PT-2026-47199

A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=room types. Performing a manipulation of the argument room results in cross site scripting. The attack is possible to be carried out...

PT-2026-47171

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev name results in command injection. It is possible to initiate the attack...

PT-2026-47123

Name of the Vulnerable Software and Affected Versions Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress versions prior to 1.0.16 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform...

PT-2026-47132

Name of the Vulnerable Software and Affected Versions Click to Chat – WA Widget versions prior to 4.39 Description The plugin is subject to Stored Cross-Site Scripting. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occurs because...

PT-2026-47125

Name of the Vulnerable Software and Affected Versions Master Addons For Elementor versions prior to 3.1.1 Description The plugin is subject to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. Authenticated attackers with author-level access or higher can...

PT-2026-47133

Name of the Vulnerable Software and Affected Versions EmbedPress versions prior to 4.5.4 Description The EmbedPress plugin for WordPress is subject to Stored Cross-Site Scripting XSS, a flaw where malicious scripts are permanently stored on the target server. The issue occurs due to insufficient...

PT-2026-47127

Name of the Vulnerable Software and Affected Versions MDJM Event Management plugin for WordPress versions prior to 1.7.8.4 Description The plugin allows arbitrary file upload because it does not perform validation on the file type, extension, or MIME type of uploaded files. This issue occurs with...

PT-2026-47142

Name of the Vulnerable Software and Affected Versions MapPress Maps for WordPress versions prior to 2.96.7 Description An authorization bypass exists due to missing ownership verification in REST API routes registered via the Mappress Api::rest api init function. The GET...

PT-2026-47148

Name of the Vulnerable Software and Affected Versions Protocol::HTTP2 versions prior to 1.13 Description The software is susceptible to an HTTP/2 Bomb, where a small request can expand into large server memory consumption. This occurs because the inbound HPACK path lacks a header-list size limit...

PT-2026-47144

Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions prior to 1.8.42 Description Insufficient escaping of user-supplied parameters and lack of proper preparation of SQL queries allow authenticated attackers...

PT-2026-47141

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

PT-2026-47061

Excited to share my research was accepted at @BlackHatEvents USA 2026! 🎩 I'll present how I achieved interactive access to users' AI assistants by chaining: 🔓 Prompt injection 🔓 Privilege escalation 🔓 Path traversal 🔓 .toml injection 🔓 and finally an LD PRELOAD exploit The impact: 🚨 CVE-2026-3219...

PT-2026-46904

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

PT-2026-47071

Name of the Vulnerable Software and Affected Versions Express Payment For Stripe versions prior to 1.28.1 Description The plugin is subject to Stored Cross-Site Scripting, a flaw where malicious scripts are permanently stored on the target server. The issue occurs within the register shortcode...