Lucene search
K
PtsecurityMost viewed

184889 matches found

Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•21 views

PT-2026-51381

Name of the Vulnerable Software and Affected Versions phpseclib versions 0.1.1 through 1.0.29 phpseclib versions 2.0.0 through 2.0.54 phpseclib versions 3.0.0 through 3.0.53 Description An insecure default in the library allows an unauthenticated attacker to perform Server-Side Request Forgery...

5.8CVSS5.8AI score0.00133EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•21 views

PT-2026-51454

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description An authentication bypass exists in the Budibase server route POST /api/attachments/:datasourceId/url because it lacks the authorized... middleware. An anonymous attacker who can enumerate a workspa...

9.4CVSS6AI score0.00415EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•21 views

PT-2026-51230

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.5.0 through 5.9.13 Description An issue exists in the FieldsController::actionRenderCardPreview method where the fieldLayoutConfig POST parameter is passed directly to Fields::createLayout without being processed by...

8.6CVSS6.2AI score0.00493EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•21 views

PT-2026-51198

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue in the MCP Server Connection Testing component allows for server-side request forgery SSRF, which is a flaw that enables an attacker to induce the server-side application to make...

6.5CVSS6.6AI score0.00262EPSS
Exploits1References13
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•21 views

PT-2026-51237

phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser and updateUserRights endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit user permission can set is superadmin flag or grant arbitrary rights to escalate to...

8.8CVSS6AI score0.00251EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•21 views

PT-2026-51253

Name of the Vulnerable Software and Affected Versions OFFIS DCMTK versions prior to 3.7.1 Description A heap-based buffer overflow can occur in the XMLNode::parseFile function within the ofstd/libsrc/ofxml.cc library. This issue allows a remote attacker to execute a manipulation that leads to the...

7.5CVSS6.8AI score0.00279EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•21 views

PT-2026-51233

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.13 Craft CMS versions 4.0.0-RC1 through 4.17.7 Description An authorization bypass exists in the 'assets/preview-file' endpoint. The system fails to enforce per-asset view authorization before returning...

5.3CVSS5.9AI score0.00221EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•21 views

PT-2026-51203

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description A buffer overflow can be triggered remotely via the POST Request Handler. The issue exists within the formWlSiteSurvey function located in the /goform/formWlSiteSurvey file, specifically through the...

9CVSS7.6AI score0.00455EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•21 views

PT-2026-51263

A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack...

6.5CVSS6.3AI score0.0034EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•21 views

PT-2026-51223

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Improper access control in the public.get org members RPC function allows unauthenticated attackers to enumerate organization members. By using a public sb publishable key and an organization UUID,...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•21 views

PT-2026-51172

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.12.x Description Multimodal embeddings processing lacks sparse tensor validation. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests containing...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•21 views

PT-2026-51145

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.8 Description Insufficient input filtering in chat messages and custom agent functions allows for cross-site scripting XSS, a flaw where malicious scripts are injected into trusted websites. An attacker can execut...

6.1CVSS5.8AI score0.00222EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•21 views

PT-2026-51193

Name of the Vulnerable Software and Affected Versions IM-Magic Partition Resizer versions prior to 7.9.0 Description Improper access controls in the Kernel Driver component, specifically within the MDA NTDRV.sys library, allow for local privilege escalation. This issue occurs when a local attacke...

8.5CVSS7.1AI score0.00113EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•21 views

PT-2026-51190

Name of the Vulnerable Software and Affected Versions AOMEI Backupper versions prior to 8.3.0 Description An issue exists in the Kernel Driver component within the amwrtdrv.sys library. A local attacker can perform a manipulation of an unknown function to cause improper access controls...

8.5CVSS7AI score0.00111EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•21 views

PT-2026-51136

Name of the Vulnerable Software and Affected Versions SP LMS versions prior to 4.1.4 Description SP LMS com splms by JoomShaper contains a PHP Object injection flaw where user-controlled cookie data is deserialized without validation. Specifically, the application passes the lmsOrders cookie to a...

9.5CVSS6.3AI score0.02726EPSS
Exploits4References14
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•21 views

PT-2026-50864

The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fx file close even when the file was never successfully opened. Multiple error branches jump to...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•21 views

PT-2026-50913

Name of the Vulnerable Software and Affected Versions Matrix42 Remote Control Host version 3.20.0031 Description An unquoted service path issue exists in the FastViewerRemoteService and FastViewerRemoteProxy services. This allows local users to execute arbitrary code with SYSTEM privileges by...

8.5CVSS6.1AI score0.00119EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•21 views

PT-2026-50867

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

5.3CVSS5.8AI score0.00341EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•21 views

PT-2026-50842

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 3.16.0 Description A path traversal issue exists in the shared-folder upload endpoint '/api/folder/uploadToSharedFolder.php'. The FolderController validates the upload filename using basename and REGEX FILE NAME, but...

9.8CVSS6.3AI score0.0072EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•21 views

PT-2026-50898

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description A Cross-Site Request Forgery CSRF issue exists in the cas-auth plugin under default configurations. This allows a remote attacker to trick a victim into visiting a malicious webpage,...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•21 views

PT-2026-51036

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication bypass exists in the OTP One-Time Password verification process. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely indicate that...

9.4CVSS5.9AI score0.00188EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•21 views

PT-2026-51061

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.6.0 Description The Konnected integration registers an HTTP endpoint 'KonnectedView' located in homeassistant/components/konnected/ init .py that is configured to not require authentication. While write...

7.6CVSS5.9AI score0.00193EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•21 views

PT-2026-50836

Name of the Vulnerable Software and Affected Versions Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation versions prior to 2.8.8 Description An issue exists where unauthenticated attackers can perform Server-Side Request Forgery SSRF, a flaw that allows a serv...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•21 views

PT-2026-51012

Name of the Vulnerable Software and Affected Versions gonic versions prior to 0.21.0 Description The Subsonic API endpoints '/rest/deletePlaylist.view' and '/rest/getPlaylist.view' lack per-resource authorization. An authenticated user, regardless of privilege level, can delete any playlist or re...

7.1CVSS5.8AI score0.00168EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•21 views

PT-2026-51009

Name of the Vulnerable Software and Affected Versions gonic versions prior to 0.21.0 Description An authenticated Subsonic user can bypass ownership checks to read or delete playlists belonging to other users and probe arbitrary file paths on the host for existence or readability. This occurs...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•21 views

PT-2026-50710

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting XSS vulnerability in AutoGPT's signup page. The application improperly trusts a URL parameter next, which is...

8.8CVSS5.5AI score0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•21 views

PT-2026-50701

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device...

5.8AI score0.00329EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•21 views

PT-2026-50719

Name of the Vulnerable Software and Affected Versions opentelemetry-collector-contrib sentryexporter affected versions not specified Description The Sentry exporter fails to validate the service.name resource attribute when constructing Sentry API URLs. Because this attribute is controlled by...

5.3CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•21 views

PT-2026-50706

Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...

5.1CVSS5.8AI score0.00289EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•21 views

PT-2026-50682

I got six CVEs in a major npm package including 4 RCEs. CVE-2026-54662, CVE-2026-54661, CVE-2026-54666, CVE-2026-54664, CVE-2026-54660, CVE-2026-54663 Full writeup with every sink and payload here: https://t.co/Pgwn5lgb9y infosec cybersecurity rce...

5.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•21 views

PT-2026-50646

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pff title is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cot import is disabled, so an authenticated user can...

7.6CVSS5.2AI score0.00171EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•21 views

PT-2026-50778

Name of the Vulnerable Software and Affected Versions Mojolicious::Sessions::Storable versions prior to 0.06 Description The software generates session IDs insecurely. The default session ID generator utilizes a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address o...

5.3CVSS5.9AI score0.00274EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•21 views

PT-2026-50782

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description pam usb provides hardware authentication for Linux using removable media. The software calls the xmlReadFile function with flags=0 when loading the configuration file, which allows libxml2 to process...

6.7CVSS5.8AI score0.00115EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•21 views

PT-2026-50795

Name of the Vulnerable Software and Affected Versions mcp-pinot versions prior to 3.1.0 Description mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. The software defaults to running an HTTP MCP server bound to 0.0.0.0:8080 without authentication. Th...

10CVSS5.9AI score0.00498EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50484

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI allows users with permissions to create, update, or import workspace models to store arbitrary meta.knowledge entries without verifying ownership or read access to the referenced files...

7.1CVSS6AI score0.00198EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50221

Name of the Vulnerable Software and Affected Versions OpenBSD versions prior to 076e2b1 Description The sppp pap input function in sys/net/if spppsubr.c allows authentication bypass when certain zero values are used for lengths. Real-world offensive activities targeting this issue have been...

5.8CVSS5.3AI score0.00211EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50609

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The Media module supports oEmbed, which utilizes two discovery mechanisms: providers.json and URL discovery. The URL discovery code can be exploited to trick the system into making...

5.5AI score0.00133EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50600

Name of the Vulnerable Software and Affected Versions org.hl7.fhir.utilities versions 6.9.8 and earlier Description The org.hl7.fhir.utilities library contains an XML External Entity XXE injection flaw. The saxonTransform function overloads instantiate a bare net.sf.saxon.TransformerFactoryImpl...

9.2CVSS6AI score0.00309EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50478

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An authorization bypass exists in the calendar event update process. The endpoint '/api/v1/calendars/events/event id/update' validates that the user has write access to the calendar where the even...

4.3CVSS5.9AI score0.00179EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50330

Name of the Vulnerable Software and Affected Versions JetSmartFilters versions prior to 3.8.2 Description An unauthenticated SQL Injection allows an attacker to interfere with the queries that an application makes to its database. This occurs in the JetSmartFilters WordPress plugin. Recommendatio...

9.3CVSS6AI score0.00372EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50598

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.1 Description Unauthenticated users with network access can upload unlimited amounts of data to the server, which can lead to disk space exhaustion and a resulting denial-of-service. Additionally, the server...

9.3CVSS5.8AI score0.00332EPSS
Exploits1References11
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50263

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

5.3AI score0.00312EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50543

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted...

5.8CVSS5.2AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50412

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

6.5CVSS5.2AI score0.00351EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50437

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager version 4.6.0.1 Description Use of a broken or risky cryptographic algorithm allows an unauthenticated attacker with remote access to potentially cause information disclosure and information tampering. Recommendations At...

4.8CVSS5.9AI score0.001EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50264

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

5.3AI score0.00433EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50553

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize image, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS5.3AI score0.00747EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50312

Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...

4.3CVSS5.2AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50483

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The application renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with securityLevel:...

8.7CVSS5.8AI score0.002EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50302

Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...

8.1CVSS5.4AI score0.00395EPSS
Exploits0References1
Total number of security vulnerabilities5000