Lucene search
K
PtsecurityMost viewed

184481 matches found

Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-43261

A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-43388

A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the argument studentId/cid can lead to sql injection. The attack can be launched remotely. The exploit...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-43187

A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read 2004 compressed section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The exploit has been ma...

4.8CVSS5.4AI score0.00143EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-43255

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS6.6AI score0.00679EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-43374

Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Management versions 7.0.3 Interim Fix 001 through Interim Fix 021 IBM Engineering Lifecycle Management versions 7.1.0 Interim Fix 001 through Interim Fix 009 IBM Engineering Lifecycle Management versions 7.2.0 through...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-43166

Name of the Vulnerable Software and Affected Versions Archive::Tar versions prior to 3.10 Description Archive::Tar for Perl allows memory exhaustion when processing a tar header with an attacker-controlled entry size field. The read tar function reads each entry's payload using $handle-read$$data...

7.5CVSS5.4AI score0.00437EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-43407

Name of the Vulnerable Software and Affected Versions oban web versions 2.12.0 through 2.12.4 Description A missing authorization issue in the Elixir.Oban.Web.Jobs.DetailComponent module allows unauthorized job worker substitution. The handle event"save-job", ... handler fails to perform...

5.3CVSS6AI score0.0041EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-44501

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A Server-Side Template Injection SSTI issue exists in the template rendering system. Administrators with access to features that render Twig templates—such as email templates, mass mail campaigns...

9.4CVSS6.2AI score0.01892EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.20 views

PT-2026-43080

A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotel...

6.9CVSS5.7AI score0.00352EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.20 views

PT-2026-43142

Name of the Vulnerable Software and Affected Versions Totolink CA750-PoE version 6.2c.510 Description An OS command injection issue exists in the Setting Handler component. A remote attacker can manipulate the webWlanIdx argument within the setWebWlanIdx function of the '/cgi-bin/cstecgi.cgi'...

6.5CVSS6.9AI score0.01057EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.20 views

PT-2026-43041

A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. This affects the function which of the file /src/application/skills-loader.ts of the component SkillsLoader. Performing a manipulation of the argument requires.bins results in command injection. T...

7.5CVSS6.8AI score0.01385EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.20 views

PT-2026-43020

A severe vulnerability was disclosed for Edimax EW-7438RPn CVE-2026-9482 https://t.co/41d9U3ZOrq...

5.8AI score0.00589EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.20 views

PT-2026-43078

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 Description Improper Isolation or Compartmentalization allows an administrator with sufficient entitlements for Implementations t...

7.2CVSS6.2AI score0.00652EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.20 views

PT-2026-42964

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is...

3.1CVSS5.2AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.20 views

PT-2026-42970

A vulnerability was detected in Edimax BR-6675nD 1.12. This vulnerability affects the function formsetPPPoE of the file /goform/formsetPPPoE of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. It is possible to initiate the atta...

9CVSS6.2AI score0.00445EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.20 views

PT-2026-42923

Name of the Vulnerable Software and Affected Versions Slim versions 4.4.0 through 4.15 Description Reflected Cross-Site Scripting XSS occurs in the HtmlErrorRenderer when an application uses the setTitle and/or setDescription functions of HttpException to include untrusted or request-derived data...

6.1CVSS5.4AI score0.00167EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.20 views

PT-2026-42940

A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The...

9CVSS7.8AI score0.00445EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.20 views

PT-2026-42886

A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The attack can be...

6.3CVSS5.2AI score0.00291EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.20 views

PT-2026-42879

Name of the Vulnerable Software and Affected Versions omec-project amf versions prior to 2.1.2 Description A flaw in the NGSetupRequest Handler component allows for remote memory corruption, which occurs when memory is unintentionally modified, potentially leading to system instability or crashes...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.20 views

PT-2026-43096

Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM version 7.0.3 Description Unauthenticated attackers can achieve remote code execution by injecting PHP code through the db name parameter. This is performed by sending a POST request to the 'install/step1.php' endpoint...

9.8CVSS6.4AI score0.01701EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.20 views

PT-2026-42714

Name of the Vulnerable Software and Affected Versions SSH servers affected versions not specified Description SSH servers using CertChecker as a public key callback may experience a panic when a client presents a certificate if IsUserAuthority or IsHostAuthority are not set. A panic is a critical...

7.5CVSS5.8AI score0.00394EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42683

Name of the Vulnerable Software and Affected Versions Umbraco CMS versions prior to 17.4.0 Description Authenticated users can inject HTML into an input field. This content is then rendered in the confirmation dialog without proper output encoding, leading to Cross-Site Scripting XSS or HTML...

4.6CVSS5.8AI score0.00136EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42685

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description The Fission router registers internal routes '/fission-function/' and '/fission-function//' for every function object, regardless of whether an HTTPTrigger exists. Because these routes are mounted o...

9.8CVSS5.8AI score0.00353EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42459

Name of the Vulnerable Software and Affected Versions Apache Camel K versions 2.0.0 through 2.8.0 Apache Camel K versions 2.9.0 through 2.9.1 Apache Camel K versions 2.10.0 Description Authorized users in a Kubernetes namespace can create a Build resource to control Pod generation in a namespace ...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-44727

Name of the Vulnerable Software and Affected Versions symfony/html-sanitizer versions prior to 6.4 Description The UrlAttributeSanitizer visitor fails to validate the schemes of several URL-valued attributes because they are missing from the getSupportedAttributes list. Specifically, the action...

5.1CVSS5.2AI score0.00082EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42416

Name of the Vulnerable Software and Affected Versions Netatalk versions 1.5.0 through 4.4.2 Description An integer underflow in the dsi writeinit function allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request. Recommendations Update to version 4.4.3...

9.9CVSS5.8AI score0.00418EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42703

Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret | Field | Value | | ---------------- | ----- | | Repository | Jovancoding/Network-AI | | Affected version | v5.4.4 commit c12686e181f231cf8d7bcf836a96d78f0f0877ac | Summary The MCP SSE server defaults to an empty secret...

7.6CVSS6AI score0.00023EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42467

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One/SEP agent affected versions not specified Description An origin validation error in the agent's named pipe communication mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must...

7.8CVSS7.1AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.20 views

PT-2026-42381

Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.20 views

PT-2026-42103

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wp localize script in post editor contexts without effective masking fo...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.20 views

PT-2026-42068

Name of the Vulnerable Software and Affected Versions Account Switcher versions prior to 1.0.3 Description The Account Switcher plugin for WordPress allows authenticated attackers with Subscriber-level access or higher to escalate privileges to any user account, including Administrator. This occu...

8.8CVSS5.8AI score0.00385EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41851

Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00416EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41930

Name of the Vulnerable Software and Affected Versions ModelScope version 1.25.0 Description An issue allows attackers to execute arbitrary code through a crafted module specified in the configuration file 'dey mini.yaml' under the key 'nnet''module'. Recommendations At the moment, there is no...

8.1CVSS6.1AI score0.00529EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41988

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

8.8CVSS5.9AI score0.00448EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41871

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A broken access control issue exists in the Account Resources user lookup endpoint. A remote authenticated user who owns at least one User-Managed Access UMA resource can enumerate and harve...

4.3CVSS6AI score0.0037EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41865

Name of the Vulnerable Software and Affected Versions Content Element Selector ceselector affected versions not specified Description The extension passes an attacker-controlled cookie directly to the unserialize function without safe processing. A remote, unauthenticated attacker can provide a...

9.2CVSS6.1AI score0.02306EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41998

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...

7.5CVSS5.9AI score0.00564EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41762

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

7.6CVSS6AI score0.0023EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41830

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

7.8CVSS6AI score0.00286EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-42236

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description Insufficient policy enforcement in ServiceWorker allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. A ServiceWorker is a script that the browser...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41731

Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12 Description A path traversal issue allows attackers to read arbitrary files by providing an unvalidated transcript path value via stdin JSON. This enables access to any file readable by the process...

4.8CVSS5.9AI score0.00126EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41667

Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41766

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of docker cp, allowing a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem with root...

6.1CVSS5.4AI score0.00108EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41692

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.0 Description Arcane improperly exposes Git repository management endpoints to any authenticated user, allowing low-privileged accounts to modify repository configurations, exfiltrate stored Git credentials, acces...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41732

Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12 Description Local attackers can execute arbitrary commands on Windows systems by manipulating the COMSPEC environment variable. By setting COMSPEC to an arbitrary binary path before the software perform...

7.8CVSS6.2AI score0.0051EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41691

Name of the Vulnerable Software and Affected Versions mcp-security versions prior to 0.1.9 Description The mcp-security framework fails to implement mandatory Server-Side Request Forgery SSRF mitigations—a flaw where an attacker can induce the server to make requests to an unintended location—as...

7.2CVSS5.8AI score0.00198EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.20 views

PT-2026-41586

Name of the Vulnerable Software and Affected Versions Kilo-Org kilocode versions prior to 7.0.48 Description A flaw in the Environment Variable Handler component allows remote information disclosure. The issue exists within the Load function located in the packages/opencode/src/config/config.ts...

5.3CVSS5.8AI score0.00316EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.20 views

PT-2026-41558

Name of the Vulnerable Software and Affected Versions GitBucket version 4.23.1 Description An issue allows unauthenticated remote code execution through weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious J...

9.8CVSS6.5AI score0.00589EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.20 views

PT-2026-41555

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access...

8.7CVSS6AI score0.00403EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.20 views

PT-2026-41462

Name of the Vulnerable Software and Affected Versions TextPattern CMS version 4.9.0-dev Description Authenticated attackers can achieve remote code execution by exploiting the plugin upload functionality. The process involves authenticating, retrieving a CSRF token from the plugin event page, and...

8.8CVSS6.5AI score0.00315EPSS
Exploits0References6
Total number of security vulnerabilities5000