Lucene search
K
PtsecurityMost viewed

184484 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.22 views

PT-2026-52463

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

5.9AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.22 views

PT-2026-51657

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default and listens for UDP messages on port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes...

10CVSS6.8AI score0.00427EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.22 views

PT-2026-51876

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the rtl8150 start xmit function within the net: usb: rtl8150 component. The problem occurs when accessing the skb-len variable for transmission statistic...

9.8CVSS5.9AI score0.00543EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.22 views

PT-2026-51794

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.22 views

PT-2026-51770

Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER record build time RPC function that allows unauthenticated attackers to insert arbitrary build-time records. Attackers can exploit this by calling POST /rest/v1/rpc/record build time with a publi...

8.8CVSS6AI score0.00269EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.22 views

PT-2026-51653

Name of the Vulnerable Software and Affected Versions Hoppscotch affected versions not specified Description Four independent weaknesses allow an unauthenticated request to lead to full server compromise. Recommendations At the moment, there is no information about a newer version that contains a...

10CVSS5.9AI score0.0059EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.22 views

PT-2026-51595

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.10.0 through 2.18.7 jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.1.0 through 3.1.3 Description An issue exists in the PolymorphicTypeValidator PTV, the primary safety mechanism for...

8.1CVSS6.5AI score0.00617EPSS
Exploits1References33
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.22 views

PT-2026-51433

Vulnerability Details CWE: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory The official docker-compose.yml line 61 mounts the entire project root directory as the Apache document root: yaml volumes: - "./:/var/www/html/AVideo" This causes the .env file —...

7.5CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.22 views

PT-2026-51452

Name of the Vulnerable Software and Affected Versions Budibase versions 3.37.2 through 3.38.x Description Budibase contains an issue where the GET /api/chat-links/:instance/:token/handoff endpoint is public and lacks authentication and Cross-Site Request Forgery CSRF protection. This allows an...

7.3CVSS5.8AI score0.00192EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.22 views

PT-2026-51212

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description A server-side request forgery SSRF exists in the MCP OpenAPI Spec Loader component. The issue occurs within the load openapi spec async function located in the litellm/proxy/ experimental/mc...

6.5CVSS6.7AI score0.00262EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.22 views

PT-2026-51131

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains a flaw allowing unauthenticated attackers to delete arbitrary files on the server. This occurs due to insufficient file path validation...

7.5CVSS6.8AI score0.0078EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.22 views

PT-2026-51192

Name of the Vulnerable Software and Affected Versions EaseUS Partition Master versions prior to 14.6 Description A security flaw exists in the Kernel Driver component within the EUEDKEPM.sys library. An unknown function in this library allows for improper access controls, which can be exploited b...

8.5CVSS7.1AI score0.00109EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50847

Name of the Vulnerable Software and Affected Versions Bogo plugin for WordPress versions prior to 3.9.2 Description An issue exists where authenticated attackers with subscriber-level access and above can extract the raw title, content, excerpt, and password of private, draft, or password-protect...

4.3CVSS5.9AI score0.00254EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50846

Name of the Vulnerable Software and Affected Versions Avada Fusion Builder versions prior to 3.15.4 Description The Avada Fusion Builder plugin for WordPress contains a flaw allowing unauthenticated attackers to delete arbitrary files on the server. This issue stems from insufficient file path...

9.1CVSS6.8AI score0.01193EPSS
Exploits1References23
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50828

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module versions 1.000 and prior Description An integer overflow or wraparound in the EtherNet/IP function allows a remote attacker to cause a denial-of-service DoS condition. By rapidl...

8.7CVSS6AI score0.00379EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50848

Name of the Vulnerable Software and Affected Versions WP Hotel Booking versions prior to 2.3.1 Description Several AJAX handlers do not enforce capability checks, which allows authenticated users with Subscriber-level access to read booking line items of other users, enumerate active coupons, and...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-51003

Name of the Vulnerable Software and Affected Versions Joomla com booking component version 2.4.9 Description An information disclosure issue allows unauthenticated attackers to enumerate user accounts. By exploiting the getUserData function in the customer controller, attackers can send GET...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50829

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP affected versions not specified Description An Expected Behavior Violation allows a remote attacker to cause a denial-of-service DoS condition. By continuously...

8.7CVSS5.9AI score0.00367EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50893

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x through 26.3.0 Description A flaw in TLS hostname handling occurs when Node.js processes unicode dot separators, leading to a mismatch between resolver and verifier hostname normalization. This discrepancy can result in a...

7.7CVSS7AI score0.02806EPSS
Exploits0References146
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-51102

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An issue exists in components based on BaseFileComponent, including Docling DoclingInlineComponent, Docling Serve DoclingRemoteComponent, Read File FileComponent, NVIDIA Retriever Extraction...

9.6CVSS6.7AI score0.00411EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50648

Name of the Vulnerable Software and Affected Versions Worksnaps versions prior to 1.6.20260201 Description The Worksnaps client application binaries contain hardcoded cloud credentials and secret material. These exposed credentials include AWS access keys and S3 bucket names, which authenticated ...

9.3CVSS5.9AI score0.00388EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50657

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This issue affects Ocean Product Sharing: from n/a through 2.2.2...

5.9CVSS5.2AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50664

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

8.6CVSS5.8AI score0.00947EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50690

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.69.0 Description Custom task definitions in workspace files, such as .theia/tasks.json and .vscode/tasks.json, can be executed without requiring workspace trust. This allows an attacker to create a malicious...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50780

Name of the Vulnerable Software and Affected Versions nanobot versions prior to 0.1.5.post4 Description The WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The bridge downloads media...

8.7CVSS6AI score0.00276EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50637

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the 'user id' parameter due to missing validation on a user controlled key...

2.7CVSS5.4AI score0.0028EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50659

Name of the Vulnerable Software and Affected Versions googleapis/mcp-toolbox affected versions not specified Description An authentication bypass exists in the generic opaque token validation path validateOpaqueToken. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint...

9.3CVSS5.8AI score0.00195EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50742

Name of the Vulnerable Software and Affected Versions Podman versions prior to 5.7.1 Description Running a malicious container image where the WORKDIR path contains a symlink can allow an attacker to create a directory or modify ownership on the host filesystem. Modifying ownership is less likely...

5.3CVSS5.9AI score0.00317EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50580

Name of the Vulnerable Software and Affected Versions PTC Windchill PDMlink versions prior to 11.0 M030 PTC FlexPLM versions prior to 11.0 M030 CPS affected versions not specified Description A critical remote code execution RCE flaw exists due to the deserialization of untrusted data and imprope...

9.8CVSS7AI score0.01247EPSS
Exploits0References33
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50669

uBB.threads is vulnerable to a Cross-Site Request Forgery CSRF due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version...

8.6CVSS5.2AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50800

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics 365 affected versions not specified Description Improper access control allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50804

Name of the Vulnerable Software and Affected Versions Chef 360 versions prior to 1.7.0 Description A static credential embedded in the software allows unauthenticated access to internal message queues. These queue messages contain tenant-specific identifiers. Recommendations Update to version 1.7...

5.1CVSS5.9AI score0.0017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50410

Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 2.2.1 Apache Shiro versions prior to 3.0.0-alpha-2 Description A remote attacker can inject LDAP special characters into the Distinguished Name DN construction within the DefaultLdapRealm class. User-supplied...

9.1CVSS5.3AI score0.00494EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50567

Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Abstractions versions 4.0.0 through 4.1.0 Description When MySQL or PostgreSQL service bindings from VCAP SERVICES include TLS client credentials, the Connectors library writes these credentials to temporary files in...

4.7CVSS5.9AI score0.00065EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50534

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.7.2 Description The MCP SSE server allows unauthenticated cross-origin MCP tool invocation because the server defaults to an empty secret and the isAuthorized function returns true when the secret is empty. While...

9.1CVSS5.2AI score0.00297EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50233

In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00148EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50356

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

9.8CVSS5.2AI score0.0045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50331

Name of the Vulnerable Software and Affected Versions Geo Mashup versions prior to 1.13.20 Description An SQL injection flaw exists in the Geo Mashup plugin, which allows users with subscriber privileges to execute unauthorized SQL commands. Recommendations Update to version 1.13.20 or later...

8.5CVSS6AI score0.00332EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50292

Unauthenticated Cross Site Request Forgery CSRF in WordPress Dating Theme = 11.2.0 versions...

8.8CVSS5.2AI score0.00184EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50566

Name of the Vulnerable Software and Affected Versions Steeltoe.Security.Authentication.CloudFoundryBase versions prior to 3.4.0 Steeltoe.Security.Authentication.JwtBearer versions prior to 4.2.0 Steeltoe.Security.Authentication.OpenIdConnect versions prior to 4.2.0 Description The JWT signing key...

5.9CVSS5.8AI score0.0029EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50460

Name of the Vulnerable Software and Affected Versions Cisco Crosswork Network Controller affected versions not specified Description Insufficient input validation in the configuration template engine of the web-based management interface allows an authenticated remote attacker to execute arbitrar...

6.3CVSS6.4AI score0.00253EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50537

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. User-supplied...

8.6CVSS5.4AI score0.00492EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50211

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An out-of-bounds read exists in WebRTC Web Real-Time Communication, a project that provides websites and applications with real-time communication capabilities in Google Chrome on...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References40
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50507

Name of the Vulnerable Software and Affected Versions RTI Connext Micro versions 4.0.0 through 4.2.x Description An out-of-bounds read issue in the Core Libraries allows for overread buffers, which occurs when the software reads data past the end of the intended buffer. Recommendations Update to...

8.8CVSS6.1AI score0.00249EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50348

Unauthenticated SQL Injection in JobSearch = 3.2.9 versions...

9.3CVSS5.8AI score0.00297EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50597

Name of the Vulnerable Software and Affected Versions Filament versions 3.0.0 through 3.3.52 Description A disabled RichEditor field renders its raw state without sanitizing HTML. If the data stored in the field's state was not previously sanitized when the form state was filled, an attacker can...

7.6CVSS5.8AI score0.00168EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50430

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw exists in the aclp normalize acltxt function within aclparse.c. A malformed Access Control Instruction ACI string can trigger heap-buffer-overflow writes and reads during...

5.4CVSS5.8AI score0.00226EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50296

Unauthenticated Broken Access Control in MetForm Pro = 3.9.1 versions...

9.1CVSS5.2AI score0.00437EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50439

Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.31.0 through 1.31.1 NGINX Ingress Controller affected versions not specified NGINX Gateway Fabric affected versions not specified NGINX Instance Manager affected versions not specified Description A use-after-free...

9.2CVSS6.7AI score0.03225EPSS
Exploits3References85
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50607

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description Drupal core contains a gadget chain, which is a sequence of existing code fragments that can be leveraged during the deserialization of untrusted data. While this issue is not directly...

6.6AI score0.00161EPSS
Exploits0References4
Total number of security vulnerabilities5000