Lucene search
K
PtsecurityMost viewed

184496 matches found

Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47271

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search staff to assign pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47322

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description Improper Privilege Management allows local .htaccess authors to read files using the privileges of the httpd user. Recommendations Upgrade to version 2.4.68...

9.8CVSS5.4AI score0.97108EPSS
Exploits23References131
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47274

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47206

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47334

A vulnerability was identified in imvks786 student management system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

7.5CVSS7AI score0.00328EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47346

Name of the Vulnerable Software and Affected Versions AdGuard Home versions prior to 0.107.77 Description When started with the --glinet flag, the software contains an authentication bypass that allows unauthenticated attackers to gain full administrative access. This occurs due to unsanitized...

9.4CVSS5.7AI score0.00542EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47347

Name of the Vulnerable Software and Affected Versions cowlib versions 2.9.0 and later Description Improper neutralization of CRLF sequences in HTTP headers allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. The function escape string/2 in cow http struct hd onl...

6.3CVSS5.9AI score0.00313EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47512

Name of the Vulnerable Software and Affected Versions Google Chrome on macOS versions prior to 149.0.7827.103 Description Insufficient validation of untrusted input in Dawn allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page...

9.6CVSS6AI score0.01654EPSS
Exploits4References81
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•22 views

PT-2026-47253

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. I...

4.8CVSS3.8AI score0.00223EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/07 12:0 a.m.•22 views

PT-2026-47195

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.3 Description An information disclosure issue exists in the User List Endpoint. The manipulation of the salt argument within the queryPageList function of the...

3.1CVSS5.2AI score0.0022EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/06 12:0 a.m.•22 views

PT-2026-47133

Name of the Vulnerable Software and Affected Versions EmbedPress versions prior to 4.5.4 Description The EmbedPress plugin for WordPress is subject to Stored Cross-Site Scripting XSS, a flaw where malicious scripts are permanently stored on the target server. The issue occurs due to insufficient...

6.4CVSS5.7AI score0.00234EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-46932

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

5.3CVSS5.6AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-46928

Name of the Vulnerable Software and Affected Versions Samsung Android USB Driver for Windows versions prior to 1.9.5.0 Description Improper input validation allows a local attacker to access out-of-bounds memory. Out-of-bounds memory access occurs when a program reads or writes data outside the...

5.9CVSS5.9AI score0.00101EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-46960

Name of the Vulnerable Software and Affected Versions tittuvarghese CollegeManagementSystem affected versions not specified Description A remote SQL injection can be triggered by manipulating the department code argument within an unknown function of the file 'dashboard page/forms/fetch.php'. SQL...

7.5CVSS7.3AI score0.00284EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-47093

Name of the Vulnerable Software and Affected Versions DbGate versions prior to 7.1.9 Description The "POST /runners/load-reader" endpoint accepts a functionName parameter that is directly interpolated into a JavaScript code template without sanitization or validation. An authenticated user with...

8.8CVSS5.9AI score0.0051EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-47036

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server affected versions not specified Description The Vault service uses a hard-coded cryptographic key to sign file download URLs. Since this key is identical across all installations, an unauthenticated network attacker ca...

10CVSS5.5AI score0.00478EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-47062

🚨 Multiple Critical Vulnerabilities Disclosed in DbGate Several severe vulnerabilities in DbGate can allow attackers to achieve remote code execution: • CVE-2026-47668 - Unauthenticated RCE via JSON Script Runner dbgate-serve • CVE-2026-47669 - Zip Slip arbitrary file write leading to RCE •...

6AI score0.00336EPSS
Exploits2References1
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-46991

Name of the Vulnerable Software and Affected Versions mcp-server-kubernetes versions prior to 3.7.0 Description The kubectl generic tool in mcp-server-kubernetes passes user-supplied flags and arguments directly to kubectl without an allowlist, enabling a privilege escalation attack. An attacker...

6.1CVSS5.5AI score0.00267EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-46899

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

6.4CVSS5.8AI score0.00148EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-46949

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description An unauthenticated reflected cross-site scripting issue exists in the 'server.log' endpoint. This allows attackers to inject arbitrary HTML and JavaScript code via the search parameter. By crafting...

6.1CVSS5.2AI score0.00324EPSS
Exploits2References6
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•22 views

PT-2026-46878

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

5.6AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46219

A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add post.php. Performing a manipulation of the argument up file to post results in unrestricted upload. The attack may be initiated remotely. The exploit has...

6.5CVSS6.3AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46886

UserController::upsertUser writes user data in SYSTEM SCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

6.5CVSS5.8AI score0.00034EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46848

Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...

5.4CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46192

Name of the Vulnerable Software and Affected Versions OpenShift Cloud Credential Operator affected versions not specified Description A flaw exists in the Mint-mode IAM policies for AWS within the OpenShift Cloud Credential Operator. Operator credentials are provisioned with account-wide scope fo...

7.2CVSS5.4AI score0.00328EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46146

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

8.5CVSS5.8AI score0.00098EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46210

Joomla com jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field 2 parameter to delete...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46137

Name of the Vulnerable Software and Affected Versions OpenStack Mistral versions prior to 22.0.0 Description An issue exists where a policy enforcement bypass allows arbitrary remote code execution when the API is exposed. Specific API endpoints do not properly validate user-supplied inputs,...

9.9CVSS6.5AI score0.00733EPSS
Exploits0References29
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46270

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device owner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECT MANAGER witho...

2.2CVSS5.8AI score0.00262EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46238

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An issue in the dashboard widgets allows an authenticated user to manipulate the fields option to influence the data returned by the New Users and New Organisations widgets. When a requested fie...

5.3CVSS5.4AI score0.00176EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46269

Name of the Vulnerable Software and Affected Versions Apache Fory fory-core versions prior to 1.1.0 Description Deserialization of untrusted data in the Java replace-resolve path on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks. B...

9.1CVSS5.5AI score0.0052EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46181

Name of the Vulnerable Software and Affected Versions WP eMember versions prior to 10.2.3 Description An issue in the software allows the retrieval of embedded sensitive system information by an unauthorized control sphere. Recommendations Update to a version later than 10.2.2...

5.3CVSS5.5AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46198

Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck config cookie parameter. Attackers can inject malicious SQL through the ck config cookie in multiple endpoints including login.php,...

8.8CVSS6.1AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46399

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats path of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

8.6CVSS6.8AI score0.02695EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46888

Description This report describes an open redirect in Shopware's public SSO entry point at GET /api/oauth/sso/auth. When the endpoint is reached without the expected SSO session state, the application falls back to the request's Referer header and uses that value as the redirect destination. In t...

4.3CVSS6AI score0.00029EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46840

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions 32 through 35.0.1 Description An unauthenticated malicious user can cause a service crash by submitting a crafted JSON string to certain endpoints on the API or JSON-RPC service. Recommendations Update OpenStack Ironi...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References21
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46200

Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46377

Unauthenticated Local File Inclusion in Etude = 1.6 versions...

8.1CVSS5.2AI score0.00348EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•22 views

PT-2026-46333

Unauthenticated Local File Inclusion in Iona = 1.0.8 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•22 views

PT-2026-46026

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access issue exists in the AMD display driver within the Linux kernel. The eng id variable is used as an index for the stream enc regs array, which contains only five...

7.8CVSS5.3AI score0.0012EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•22 views

PT-2026-46122

Name of the Vulnerable Software and Affected Versions Docling versions prior to 2.91.0 Description The LaTeX backend fails to validate path containment when handling the includegraphics, input, and include commands. This allows attackers to use path traversal sequences, such as ../../../etc/passw...

5.5CVSS5.9AI score0.00163EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•22 views

PT-2026-46004

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...

5.8AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•22 views

PT-2026-45906

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.11.0 Description An issue allows for the resolution of environment variables in AI Gateway secrets, enabling the exfiltration of sensitive server-side environment credentials to an attacker-controlled endpoint. This...

9.1CVSS8.2AI score0.00435EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•22 views

PT-2026-46078

Name of the Vulnerable Software and Affected Versions Net::Async::Statsd::Client versions prior to 0.006 Description Net::Async::Statsd::Client for Perl allows metric injections because metric names are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted...

6.5CVSS5.5AI score0.00203EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•22 views

PT-2026-46036

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Certain physical adapters on Power systems fail to support segmentation offload when the Maximum Segment Size MSS is less than 224 bytes. When the hardware attempts to perform segmentati...

8.7CVSS5AI score0.00389EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•22 views

PT-2026-45989

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...

5.8AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•22 views

PT-2026-46006

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.16.0 through 4.10.x Description A use-after-free race condition exists in the shared memory teardown logic of FF-A within SPMC/SP flows. This occurs when OP-TEE is configured as an SPMC for S-EL0 SPs using CFG SECURE...

7.8CVSS5.9AI score0.00187EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•22 views

PT-2026-46126

Name of the Vulnerable Software and Affected Versions jupyter enterprise gateway versions prior to 3.3.0 Description Unsafe Jinja2 template rendering allows for Kubernetes manifest injection. The server interpolates untrusted environment variables such as KERNEL XXX into Kubernetes manifests...

10CVSS6.3AI score0.00062EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•22 views

PT-2026-46000

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

5.8AI score0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•22 views

PT-2026-46552

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in WebAppInstalls allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanism that...

9.6CVSS5.9AI score0.00985EPSS
Exploits0References437
Total number of security vulnerabilities5000