Lucene search
K
PtsecurityMost viewed

184517 matches found

Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•21 views

PT-2026-47316

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description A buffer overflow occurs in the mod proxy html module, which can be triggered by an untrusted backend. Recommendations Upgrade to version 2.4.68...

9.8CVSS5.7AI score0.00805EPSS
Exploits0References153
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•21 views

PT-2026-47441

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An unsafe execution issue exists in the Bazar form field calculator CalcField.php. The application uses a complex recursive regular expression to sanitize user-defined mathematical formulas before th...

9.8CVSS5.9AI score0.00561EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•21 views

PT-2026-47360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the of unittest changeset function. The variable parent and nchangeset both point to the same struct device node. When of node putnchangeset is called, i...

9.8CVSS5.3AI score0.03663EPSS
Exploits15References340
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•21 views

PT-2026-47301

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator exits upon encountering any error while accepting incoming HTTP or RTR connections. This includes recoverable errors, such as exhausting available file descriptors. An attacker...

8.7CVSS5.5AI score0.00333EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•21 views

PT-2026-47438

Name of the Vulnerable Software and Affected Versions Tenda F451 versions 1.0.0.7 through 1.0.0.9 Description A stack-based buffer overflow exists in the Web Management Interface. This issue occurs within the fromNatlimit function located in the /goform/Natlimit file. A remote attacker can trigge...

9CVSS8.8AI score0.00476EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•21 views

PT-2026-47244

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An SQL injection issue exists that can be initiated remotely. The flaw is located in an unknown function within the '/archive5.php' endpoint, where manipulation of the sy...

7.5CVSS7.5AI score0.0029EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/07 12:0 a.m.•21 views

PT-2026-47189

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 0.12.1 Description An authorization bypass exists in the resume endpoint. The issue occurs within the resolve session by title function located in the hermes state.py file. A remote attacker can...

6.5CVSS6.6AI score0.00225EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/07 12:0 a.m.•21 views

PT-2026-47198

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such manipulation of the...

5.5CVSS5.5AI score0.00323EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/07 12:0 a.m.•21 views

PT-2026-47200

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

5.8CVSS5AI score0.00232EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/07 12:0 a.m.•21 views

PT-2026-47199

A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=room types. Performing a manipulation of the argument room results in cross site scripting. The attack is possible to be carried out...

4.8CVSS3.9AI score0.00214EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/07 12:0 a.m.•21 views

PT-2026-47190

Name of the Vulnerable Software and Affected Versions BeikeShop versions prior to 1.6.0.22 Description Improper authorization exists in the Stripe Plugin component. A remote attacker can manipulate the Request argument within the callback function of the file...

7.5CVSS7.2AI score0.00294EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/06 12:0 a.m.•21 views

PT-2026-47158

Name of the Vulnerable Software and Affected Versions Mage AI versions prior to 0.9.80 Description A cross-site scripting issue exists in the Sign-in Flow component within the useMutation function of the file mage ai/frontend/components/Sessions/SignForm/index.tsx. Manipulation of the...

5.3CVSS5.2AI score0.00263EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/06 12:0 a.m.•21 views

PT-2026-47134

Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin for Create and Sell Online Courses versions prior to 4.3.7 Description An issue exists that allows unauthenticated attackers to extract sensitive data through an unrestricted SELECT fallback query. By sending ...

5.3CVSS5.5AI score0.00353EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/06 12:0 a.m.•21 views

PT-2026-47141

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/06 12:0 a.m.•21 views

PT-2026-47131

Name of the Vulnerable Software and Affected Versions WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More versions prior to 1.10.0.2 Description The plugin is subject to insufficient verification of data authenticity. The PayPal Commerce webhook endpoint...

5.3CVSS5.5AI score0.00202EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/06 12:0 a.m.•21 views

PT-2026-47140

Name of the Vulnerable Software and Affected Versions SEO Plugin by Squirrly SEO versions prior to 12.4.17 Description The plugin fails to properly verify if a user is authorized to perform specific actions. This allows authenticated attackers with contributor-level access or higher to execute...

4.3CVSS5.4AI score0.00296EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/06 12:0 a.m.•21 views

PT-2026-47144

Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions prior to 1.8.42 Description Insufficient escaping of user-supplied parameters and lack of proper preparation of SQL queries allow authenticated attackers...

6.5CVSS5.6AI score0.00325EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47047

Name of the Vulnerable Software and Affected Versions Arista Edge Threat Management - Arista Next Generation Firewall NGFW affected versions not specified Description A command injection issue exists in the Captive Portal Custom Handler. An administrative account logged into the user interface ca...

7CVSS5.8AI score0.0988EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46950

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description An unauthenticated stored cross-site scripting issue exists in the log viewer due to unescaped template variables. This allows attackers to execute arbitrary scripts in users' browsers by injecting...

7.2CVSS5.5AI score0.00183EPSS
Exploits2References6
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46976

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboard page/forms/fetch.php. The manipulation of the argument department...

5.3CVSS4AI score0.00273EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47011

Name of the Vulnerable Software and Affected Versions Cloudburst Network versions prior to 1.0.0.CR3-20260417.085727-30 Description An issue in the network components allows an attacker to stall the netty event loop, which is the core mechanism that handles network events, rendering it inoperable...

7.5CVSS5.5AI score0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47079

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS5.5AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46904

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

6.1CVSS5.5AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46955

Six live production platforms were compromised during responsible disclosure testing. LiteLLM CVE-2026-30623, Critical, patched, Windsurf CVE-2026-30615, Critical, reported, Bisheng CVE-2026-33224, Critical, patched, and DocsGPT CVE-2026-26015, Critical, patched…...

10CVSS5.7AI score0.01168EPSS
Exploits1References1
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47084

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A flaw in the token-exchange flow allows two concurrent requests using the same OAuth authorization code to each generate a distinct valid access token and refresh token pair. This occurs because...

6.3CVSS6AI score0.00197EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46952

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

6.9CVSS5.6AI score0.00294EPSS
Exploits2References3
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47016

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. Sixteen file-manager endpoints fail to verify if the requesting user owns the SSH...

8.1CVSS5.5AI score0.00282EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46977

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

4.8CVSS3.6AI score0.0021EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47041

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An improper session termination issue exists where authentication tokens remain valid after a user logs out. This allows an attacker who possesses a valid token to maintain persistent access to...

5.3CVSS5.5AI score0.00311EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47037

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 11.0.3 Description A flaw in the access control logic allows an attacker to submit a crafted HTTPS POST request to set a session variable used for authorization decisions. In installations including the optional Job...

5.3CVSS5.5AI score0.00236EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46946

Name of the Vulnerable Software and Affected Versions onnx onnx-mlir versions prior to 0.5.0.0 Description The Placeholder Node Cache Handler component contains an issue within the generate hash key function located in the src/Runtime/python/torch onnxmlir/src/torch onnxmlir/backend.py file. This...

3.6CVSS4.7AI score0.00078EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46947

A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack c...

3.6CVSS4.7AI score0.00075EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47078

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...

6.8CVSS5.5AI score0.00163EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46154

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...

7.2CVSS5.8AI score0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46156

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

8.8CVSS5.8AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46211

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

9.8CVSS6.4AI score0.00638EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46387

Name of the Vulnerable Software and Affected Versions WP Meta Sort Posts versions prior to 1.0 Description The WP Meta Sort Posts plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a type of attack where an unauthorized user tricks a victim into performing actions they did not...

4.3CVSS5.2AI score0.00128EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46204

Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint...

5.1CVSS5.8AI score0.00887EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46205

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46870

Impact The limit container paths directive in singularity.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed. For exampl...

4.8CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46858

Summary AVideo stores category descriptions from user input and later renders category description as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page...

5.4CVSS5.9AI score0.00162EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46206

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.ex...

8.6CVSS6.4AI score0.00146EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46232

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description The Shareable Playground also known as Public Flows feature allows unauthenticated users to execute workflows via a link. A flaw in the '/api/v1/build public tmp' endpoint enables attackers to execu...

9.6CVSS6.2AI score0.00688EPSS
Exploits1References15
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46885

Summary A low-privilege admin user with user recovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...

6.8CVSS5.8AI score0.00034EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46774

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient policy enforcement in CustomTabs allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References437
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46817

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An integer overflow in WebView allows a local attacker to cause a denial of service by using a malicious file. An integer overflow occurs when an arithmetic operation attempt...

9.6CVSS5.5AI score0.00456EPSS
Exploits0References437
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46147

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The software lacks handler call depth tracking when specific functions are called from within handlers during a policy violation. This can lead to a use-after-free condition, which occurs when a...

5.9CVSS5.2AI score0.00218EPSS
Exploits0References21
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46392

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description When operating in 802.1X mode, multi-auth unauthenticated hosts may be granted unauthorized access to a switch port if an EAPOL Extensible Authentication Protocol over LAN capable device i...

6.5CVSS5.4AI score0.00143EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46213

Name of the Vulnerable Software and Affected Versions Soliloquy Lite version 2.5.6 Description A persistent cross-site scripting issue allows authenticated attackers to inject malicious scripts by inserting script tags into the post title field. This is achieved by submitting POST requests to the...

5.4CVSS4.8AI score0.00171EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46393

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start 6rd tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6 6rd borderrelay leads to os command injection. It is possible to launch the attack remotely. The...

8.6CVSS6.7AI score0.02199EPSS
Exploits0References7
Total number of security vulnerabilities5000