Lucene search
K
PtsecurityMost viewed

184491 matches found

Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•22 views

PT-2026-49006

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.30.1 Description A prototype pollution issue exists in the apos.util.set function, which traverses dot-notation paths without sanitizing the proto property. This allows an authenticated editor to write arbitra...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•22 views

PT-2026-48985

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description Four authorization and information disclosure issues exist within the chat...

5.3CVSS5.2AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•22 views

PT-2026-48883

Name of the Vulnerable Software and Affected Versions jmespath.php versions prior to 2.9.1 Description Insufficient escaping of parsed JMESPath function names into generated PHP source allows for the generation and execution of attacker-controlled PHP code. This occurs when JmesPathCompilerRuntim...

9.8CVSS5.6AI score0.0032EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•22 views

PT-2026-48962

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.80 Parse Server versions prior to 9.9.1-alpha.6 Description A relation query using the $relatedTo operator allows an unauthenticated client to read the membership of a Relation field. This occurs even if the...

6.9CVSS5.2AI score0.00276EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•22 views

PT-2026-48728

Name of the Vulnerable Software and Affected Versions SolidInvoice versions prior to 2.3.17 Description API tokens used to authenticate REST API requests are stored as plaintext strings within the api tokens database table. An attacker with read access to the database, obtained via methods such a...

8.1CVSS5.5AI score0.00197EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•22 views

PT-2026-48652

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.9 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description Improper input handling of file names allows an authenticated user with developer-role permissions to...

3.7CVSS5.2AI score0.00158EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•22 views

PT-2026-48625

Name of the Vulnerable Software and Affected Versions Spring for GraphQL versions 1.3.0 through 1.3.8 Spring for GraphQL versions 1.4.0 through 1.4.5 Spring for GraphQL versions 2.0.0 through 2.0.3 Description Applications are susceptible to unsafe deserialization when processing paginated GraphQ...

9.8CVSS5.9AI score0.0043EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•22 views

PT-2026-48650

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.10 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description Incorrect authorization enforcements allow an authenticated user with developer-role permissions to...

5.4CVSS5.2AI score0.00187EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•22 views

PT-2026-48690

Name of the Vulnerable Software and Affected Versions @openzeppelin/wizard versions prior to 0.10.9 Description The OpenZeppelin Contracts Wizard generates example test files for Hardhat test/test.ts and Foundry test/.t.sol that interpolate user-supplied strings opts.name and opts.uri into the te...

8.8CVSS6AI score0.0004EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•22 views

PT-2026-48613

Name of the Vulnerable Software and Affected Versions Spring Web Flow version 4.0.0 Spring Web Flow versions 3.0.0 through 3.0.1 Spring Web Flow versions 2.5.0 through 2.5.1 Description Applications that configure the WebFlowELExpressionParser are susceptible to the use of malicious Unified EL...

6.4CVSS5.8AI score0.00225EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•22 views

PT-2026-48646

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 12.0 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue exists where incorrect authorization checks could allow an authenticated user to access...

3.1CVSS5.2AI score0.00236EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•22 views

PT-2026-48649

Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, a...

5.1CVSS5.4AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•22 views

PT-2026-48626

Name of the Vulnerable Software and Affected Versions Spring for GraphQL versions 1.0.0 through 1.0.6 Spring for GraphQL versions 1.3.0 through 1.3.8 Spring for GraphQL versions 1.4.0 through 1.4.5 Spring for GraphQL versions 2.0.0 through 2.0.3 Description Applications using the WebSocket...

8.1CVSS5.6AI score0.00182EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•22 views

PT-2026-48502

Name of the Vulnerable Software and Affected Versions draw.io versions prior to 29.7.12 Description A crafted .drawio file can execute arbitrary JavaScript in the editor's origin when opened. The issue exists in a feature-detection routine within the Text Format panel that reads the raw cell labe...

6.1CVSS5.8AI score0.00221EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•22 views

PT-2026-48556

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser...

5.4CVSS5.5AI score0.00141EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•22 views

PT-2026-48568

🔴 CVE-2026-52726 is being exploited for RCE: attackers can drop malicious .git/hooks payloads via Dulwich's submodule path traversal flaw. This bypasses standard protections. Patch immediately to prevent full compromise. NerdieNews CyberSecurity Vulnerability https://t.co/tIoG1l3nqd...

7.5CVSS5.4AI score0.00448EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•22 views

PT-2026-48377

Name of the Vulnerable Software and Affected Versions File Station 5 versions prior to 5.5.6.5243 Description A buffer overflow occurs, which is a condition where a program writes more data to a block of memory than it is allocated to hold. Remote attackers can exploit this issue to modify memory...

9.1CVSS5.7AI score0.00318EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•22 views

PT-2026-48366

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.2.9.3492 build 20260507 QuTS hero versions prior to h5.2.9.3499 build 20260514 QuTS hero versions prior to h5.3.4.3500 build 20260520 QuTS hero versions prior to h6.0.0.3459 build 20260409 Description A NULL pointer...

7.2CVSS5.8AI score0.00331EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•22 views

PT-2026-48602

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.2 Description After the handleOperatorCreateAPIKey function in internal/web/operators.go:251 generates a 32-byte bearer token, the application redirects the browser to the endpoint /ui/operators/?new key=&key...

5.5CVSS5.9AI score0.00012EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•22 views

PT-2026-48486

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description A memory corruption issue occurs during the processing of tunnel traffic. An authenticated user can trigger system reboots by sending a maliciously crafted packet. If these...

6.9CVSS5.3AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•22 views

PT-2026-48531

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the SCRAM authentication handling. A malicious or machine-in-the-middle broker can freeze the client event loop by providing an excessively large iteration...

8.7CVSS5.5AI score0.00517EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•22 views

PT-2026-47631

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•22 views

PT-2026-47803

Name of the Vulnerable Software and Affected Versions Zoom Workplace versions prior to 7.0.4 for Android Zoom Workplace versions prior to 7.0.3 for iOS Description Improper authorization in the handler for custom URL schemes allows an unauthenticated user to perform an escalation of privilege via...

8.1CVSS5.2AI score0.00211EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•22 views

PT-2026-48117

Name of the Vulnerable Software and Affected Versions Windows HTTP.sys affected versions not specified Description An unauthenticated remote attacker can cause a denial of service in the Windows kernel-mode web listener core HTTP.sys by exploiting uncontrolled resource consumption in HTTP/2. The...

7.8CVSS7.4AI score0.48438EPSS
Exploits2References44
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•22 views

PT-2026-47649

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description WebSocket session IDs in the spring-websocke...

7.5CVSS5.2AI score0.00171EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•22 views

PT-2026-48202

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picName parameter of the formDelwebAuthPic function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•22 views

PT-2026-48306

Name of the Vulnerable Software and Affected Versions Spring REST Docs version 4.0.0 Spring REST Docs versions 3.0.0 through 3.0.5 Spring REST Docs versions 2.0.0.RELEASE through 2.0.8.RELEASE Description An XXE XML External Entity injection attack can occur when using spring-restdocs-webtestclie...

5.9CVSS6AI score0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•22 views

PT-2026-47767

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

8.8CVSS5.8AI score0.0027EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•22 views

PT-2026-47647

Name of the Vulnerable Software and Affected Versions Reactor Netty versions 1.0.0 through 1.0.51 Reactor Netty versions 1.1.0 through 1.1.35 Reactor Netty versions 1.2.0 through 1.2.17 Reactor Netty versions 1.3.0 through 1.3.5 Description The Reactor Netty HTTP client may leak credentials when...

6.1CVSS5.8AI score0.00172EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•22 views

PT-2026-48074

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47323

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A buffer over-read occurs during outbound OCSP Online Certificate Status Protocol requests sent to an attacker-controlled OCSP server. A buffer over-read is a condition where a syste...

7.5CVSS5.6AI score0.00805EPSS
Exploits0References154
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47328

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS5.4AI score0.00294EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47258

A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has bee...

6.9CVSS5.4AI score0.00432EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47243

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content hash can lead to use of weak hash...

2.5CVSS4.5AI score0.00082EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-48375

Name of the Vulnerable Software and Affected Versions ansible.posix affected versions not specified Description A local privilege escalation issue exists in the authorized key module. The keyfile function utilizes os.chown instead of os.lchown and opens files without the O NOFOLLOW flag when...

7.3CVSS5.6AI score0.00161EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47264

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS4.6AI score0.0025EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47271

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search staff to assign pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47322

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description Improper Privilege Management allows local .htaccess authors to read files using the privileges of the httpd user. Recommendations Upgrade to version 2.4.68...

9.8CVSS5.4AI score0.97108EPSS
Exploits23References131
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47274

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47206

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47334

A vulnerability was identified in imvks786 student management system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

7.5CVSS7AI score0.00328EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47346

Name of the Vulnerable Software and Affected Versions AdGuard Home versions prior to 0.107.77 Description When started with the --glinet flag, the software contains an authentication bypass that allows unauthenticated attackers to gain full administrative access. This occurs due to unsanitized...

9.4CVSS5.7AI score0.00542EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47347

Name of the Vulnerable Software and Affected Versions cowlib versions 2.9.0 and later Description Improper neutralization of CRLF sequences in HTTP headers allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. The function escape string/2 in cow http struct hd onl...

6.3CVSS5.9AI score0.00313EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/07 12:0 a.m.•22 views

PT-2026-47195

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.3 Description An information disclosure issue exists in the User List Endpoint. The manipulation of the salt argument within the queryPageList function of the...

3.1CVSS5.2AI score0.0022EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/06 12:0 a.m.•22 views

PT-2026-47133

Name of the Vulnerable Software and Affected Versions EmbedPress versions prior to 4.5.4 Description The EmbedPress plugin for WordPress is subject to Stored Cross-Site Scripting XSS, a flaw where malicious scripts are permanently stored on the target server. The issue occurs due to insufficient...

6.4CVSS5.7AI score0.00234EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-46932

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

5.3CVSS5.6AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-46928

Name of the Vulnerable Software and Affected Versions Samsung Android USB Driver for Windows versions prior to 1.9.5.0 Description Improper input validation allows a local attacker to access out-of-bounds memory. Out-of-bounds memory access occurs when a program reads or writes data outside the...

5.9CVSS5.9AI score0.00101EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-46960

Name of the Vulnerable Software and Affected Versions tittuvarghese CollegeManagementSystem affected versions not specified Description A remote SQL injection can be triggered by manipulating the department code argument within an unknown function of the file 'dashboard page/forms/fetch.php'. SQL...

7.5CVSS7.3AI score0.00284EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-47093

Name of the Vulnerable Software and Affected Versions DbGate versions prior to 7.1.9 Description The "POST /runners/load-reader" endpoint accepts a functionName parameter that is directly interpolated into a JavaScript code template without sanitization or validation. An authenticated user with...

8.8CVSS5.9AI score0.0051EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-47036

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server affected versions not specified Description The Vault service uses a hard-coded cryptographic key to sign file download URLs. Since this key is identical across all installations, an unauthenticated network attacker ca...

10CVSS5.5AI score0.00478EPSS
Exploits0References3
Total number of security vulnerabilities5000