Lucene search
K
PtsecurityMost viewed

184508 matches found

Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-45901

Name of the Vulnerable Software and Affected Versions morgan versions 1.2.0 through 1.10.1 Description The logging middleware fails to neutralize control characters when the :remote-user token extracts the Basic auth username from the Authorization request header. An unauthenticated attacker can...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-46665

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An uninitialized use in ANGLE Almost Native Graphics Layer Engine, a compatibility layer between OpenGL ES and native graphics APIs, allows a remote attacker to leak cross-origin data...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-46823

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in ImageCapture allows a remote attacker who has already compromised the renderer process to perform privilege escalation through the use of a crafted HT...

9.6CVSS5.5AI score0.00493EPSS
Exploits0References439
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-45685

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

5.1CVSS4.1AI score0.00237EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-45888

Name of the Vulnerable Software and Affected Versions EmergencyWP – Dead Man's switch & legacy deliverance versions prior to 1.4.3 Description The plugin is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the form settings ui function. This allows...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-45837

Name of the Vulnerable Software and Affected Versions tesla versions 0.6.0 through 1.18.2 Description Improper handling of highly compressed data allows a denial of service via a decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression i...

8.2CVSS6AI score0.00329EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-45709

Name of the Vulnerable Software and Affected Versions Remove meta boxes per user role versions prior to 1.02 Description The plugin is subject to Cross-Site Request Forgery, a flaw where an attacker tricks a victim into executing an unwanted action. This occurs due to missing or incorrect nonce...

4.3CVSS5.4AI score0.00132EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-45746

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...

5.8AI score0.00442EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-45769

Name of the Vulnerable Software and Affected Versions Verizon IMS affected versions not specified Description The SIP signaling stack implements SIP signaling without IPsec integrity protection, specifically lacking Security-Client/Security-Server headers and ESP traffic. This allows an on-path...

7.4CVSS5.4AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-45790

Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...

5.8AI score0.00184EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45550

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45607

A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used...

9CVSS6.2AI score0.00472EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45279

A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock manager.php. This manipulation of the argument txt search category causes sql injection. The attack may be initiated remotely. The exploit has...

6.5CVSS6.5AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45440

Name of the Vulnerable Software and Affected Versions Gravity Forms versions prior to 2.10.0.2 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, exists in Gravity Forms. This allows an attacker to access files and directories outside of the...

9.6CVSS5.8AI score0.005EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45413

Name of the Vulnerable Software and Affected Versions Vertex versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 Description Vertex, a management tool for Private Tracker users to manage streaming and watching videos, is subject to path traversal. Path traversal is a flaw that allow...

8.6CVSS5.6AI score0.00414EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45438

Name of the Vulnerable Software and Affected Versions VeronaLabs WP Statistics versions prior to 14.16.6 Description Improper neutralization of input during web page generation allows for DOM-Based Cross-Site Scripting XSS, a flaw where the application contains client-side JavaScript that process...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45509

FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC INDICATION message with a ran func id that does not exist in its registry. The lookup returns NULL, triggering assert in Debug builds SIGABRT or NULL pointer dereference in Release builds SIGSEGV. A remote unauthenticated attacker can cra...

5.9AI score0.00642EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45571

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00076EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45593

In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

6AI score0.00082EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45369

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Apache ActiveMQ Web versions prior to 5.19.7 Apache ActiveMQ Web versions 6.0.0 through 6.2.5 Description An improper neutralization of input during web page...

6.1CVSS5.8AI score0.01107EPSS
Exploits1References25
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45547

Insufficient granularity of access control in ASP AMD Secure Processor may allow an attacker with an untrusted user space application to map sensitive SMN System Management Network apertures leading to a potential escalation of privileges...

7.1CVSS5.8AI score0.00097EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45382

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description The EmailOperator and airflow.utils.email helpers establish SMTP STARTTLS connections without verifying the remote certificate when the deployment is configured with smtp starttls=True and smt...

5.9CVSS5.5AI score0.00185EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45394

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function create supplier of the file /Export csv/export of the component Supplier Creation Interface. This manipulation of the argument Address/Company Name causes csv injection...

5.8CVSS5.5AI score0.00248EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45437

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS5.9AI score0.00171EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45408

Name of the Vulnerable Software and Affected Versions logback-core versions prior to 1.5.34 Description Deserialization of untrusted data in the HardenedObjectInputStream module allows for Object Injection, although the impact is heavily restricted. An attacker capable of influencing serialized...

6.3CVSS6.1AI score0.00342EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45606

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45613

In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation...

4CVSS5.9AI score0.00074EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45519

CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive...

8.2CVSS5.8AI score0.00186EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45572

In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45498

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initia...

6.5CVSS5.4AI score0.00276EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.21 views

PT-2026-45218

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.21 views

PT-2026-45077

Name of the Vulnerable Software and Affected Versions Traccar Client versions prior to 9.7.20 Description The application registers a custom org.traccar.client://config deep-link scheme that allows the silent modification of persistent configuration settings without user confirmation or...

9.3CVSS5.3AI score0.00323EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.21 views

PT-2026-44843

Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.50 FreePBX versions prior to 17.0.11 Description The CDR Reports module page allows SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. This issue occurs throug...

8.5CVSS5.9AI score0.00289EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.21 views

PT-2026-45144

Name of the Vulnerable Software and Affected Versions libzypp versions prior to 17.38.10 Description A relative path traversal issue exists when processing repository metadata. Remote attackers can exploit this by supplying malicious repositories to overwrite files on the system, which may result...

8.8CVSS6AI score0.006EPSS
Exploits0References53
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.21 views

PT-2026-44947

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2026.1.1 Description Command execution is possible through the guest user account. Recommendations Update to version 2026.1.1...

8.8CVSS5.9AI score0.00332EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.21 views

PT-2026-44938

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6 Description Dokploy is a self-hostable Platform as a Service PaaS containing a path traversal issue. This allows authenticated users to write arbitrary files to the filesystem during application deployment. Whe...

9.9CVSS6.5AI score0.0066EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.21 views

PT-2026-44770

Name of the Vulnerable Software and Affected Versions Acer Wave 7 router affected versions not specified Description The acer cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for both web and Telnet...

10CVSS5.8AI score0.00518EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.21 views

PT-2026-44968

Name of the Vulnerable Software and Affected Versions Frontier X2 affected versions not specified Frontier X mobile application affected versions not specified Description The Frontier X2 device permits unauthenticated Bluetooth Low Energy BLE read and write access to critical Generic Attribute...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.21 views

PT-2026-44995

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the PERM EDIT...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.21 views

PT-2026-44897

OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can bypass private-network SSRF policies by reusing blocked tabs to export or inspect content that should...

6.5CVSS5.8AI score0.00155EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44480

Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Description AppArmor SAUCE patches fail to acquire a lock when modifying a linked list. This allows an unprivileged local user to trigger a race condition, which can lead to a use-after-free UAF—a situation where a...

7.8CVSS6AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44427

Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.362.1 Description The SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to the "/api/acs" endpoint without verifying if it corresponds to a previously issued AuthnRequest...

9.1CVSS5.9AI score0.0023EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44179

Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.29.3 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers with subscriber-level...

8.8CVSS5.9AI score0.00402EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44207

Name of the Vulnerable Software and Affected Versions Eupago Gateway For Woocommerce WordPress plugin versions prior to 4.7.2 Description The plugin fails to properly restrict access to its refund request handler. This allows unauthenticated attackers to initiate refunds for any WooCommerce order...

8.6CVSS5.8AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44211

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44235

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A memory corruption issue exists in the RDMA hns component. The function hns roce qp remove is called without the required locks during the error unwind process within the hns roce create q...

7.8CVSS5.9AI score0.001EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44274

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A heap leak exists in the usblp driver when handling IEEE 1284 device IDs. The usblp ctrl msg function discards the actual number of bytes transferred during a usb control msg call. If a...

9.8CVSS5.8AI score0.00501EPSS
Exploits0References293
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44208

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44369

Roundcube's HTML sanitization path for message rendering allows loopback, localhost, RFC1918, link-local, and ULA URLs even when remote content loading is disabled. A remote attacker can send an HTML email that causes the victim's browser to issue requests to local or private-network services...

4.7CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44299

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An error path fall-through exists in the mlx5 ib dev res srq init function. When the function allocates two Send Receive Queues SRQs, s0 and s1, a failure in ib create srq for s1 causes...

7.8CVSS5.8AI score0.00142EPSS
Exploits0
Total number of security vulnerabilities5000