Lucene search
K
PtsecurityMost viewed

184484 matches found

Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.20 views

PT-2026-43080

A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotel...

6.9CVSS5.7AI score0.00352EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.20 views

PT-2026-43142

Name of the Vulnerable Software and Affected Versions Totolink CA750-PoE version 6.2c.510 Description An OS command injection issue exists in the Setting Handler component. A remote attacker can manipulate the webWlanIdx argument within the setWebWlanIdx function of the '/cgi-bin/cstecgi.cgi'...

6.5CVSS6.9AI score0.01057EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.20 views

PT-2026-43041

A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. This affects the function which of the file /src/application/skills-loader.ts of the component SkillsLoader. Performing a manipulation of the argument requires.bins results in command injection. T...

7.5CVSS6.8AI score0.01385EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.20 views

PT-2026-43078

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 Description Improper Isolation or Compartmentalization allows an administrator with sufficient entitlements for Implementations t...

7.2CVSS6.2AI score0.00652EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.20 views

PT-2026-43020

A severe vulnerability was disclosed for Edimax EW-7438RPn CVE-2026-9482 https://t.co/41d9U3ZOrq...

5.8AI score0.00589EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.20 views

PT-2026-42964

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is...

3.1CVSS5.2AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.20 views

PT-2026-42970

A vulnerability was detected in Edimax BR-6675nD 1.12. This vulnerability affects the function formsetPPPoE of the file /goform/formsetPPPoE of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. It is possible to initiate the atta...

9CVSS6.2AI score0.00445EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.20 views

PT-2026-42923

Name of the Vulnerable Software and Affected Versions Slim versions 4.4.0 through 4.15 Description Reflected Cross-Site Scripting XSS occurs in the HtmlErrorRenderer when an application uses the setTitle and/or setDescription functions of HttpException to include untrusted or request-derived data...

6.1CVSS5.4AI score0.00167EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.20 views

PT-2026-42940

A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The...

9CVSS7.8AI score0.00445EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.20 views

PT-2026-42886

A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The attack can be...

6.3CVSS5.2AI score0.00291EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.20 views

PT-2026-42879

Name of the Vulnerable Software and Affected Versions omec-project amf versions prior to 2.1.2 Description A flaw in the NGSetupRequest Handler component allows for remote memory corruption, which occurs when memory is unintentionally modified, potentially leading to system instability or crashes...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.20 views

PT-2026-43096

Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM version 7.0.3 Description Unauthenticated attackers can achieve remote code execution by injecting PHP code through the db name parameter. This is performed by sending a POST request to the 'install/step1.php' endpoint...

9.8CVSS6.4AI score0.01701EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.20 views

PT-2026-42714

Name of the Vulnerable Software and Affected Versions SSH servers affected versions not specified Description SSH servers using CertChecker as a public key callback may experience a panic when a client presents a certificate if IsUserAuthority or IsHostAuthority are not set. A panic is a critical...

7.5CVSS5.8AI score0.00394EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42683

Name of the Vulnerable Software and Affected Versions Umbraco CMS versions prior to 17.4.0 Description Authenticated users can inject HTML into an input field. This content is then rendered in the confirmation dialog without proper output encoding, leading to Cross-Site Scripting XSS or HTML...

4.6CVSS5.8AI score0.00136EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42685

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description The Fission router registers internal routes '/fission-function/' and '/fission-function//' for every function object, regardless of whether an HTTPTrigger exists. Because these routes are mounted o...

9.8CVSS5.8AI score0.00353EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42459

Name of the Vulnerable Software and Affected Versions Apache Camel K versions 2.0.0 through 2.8.0 Apache Camel K versions 2.9.0 through 2.9.1 Apache Camel K versions 2.10.0 Description Authorized users in a Kubernetes namespace can create a Build resource to control Pod generation in a namespace ...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-44727

Name of the Vulnerable Software and Affected Versions symfony/html-sanitizer versions prior to 6.4 Description The UrlAttributeSanitizer visitor fails to validate the schemes of several URL-valued attributes because they are missing from the getSupportedAttributes list. Specifically, the action...

5.1CVSS5.2AI score0.00082EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42416

Name of the Vulnerable Software and Affected Versions Netatalk versions 1.5.0 through 4.4.2 Description An integer underflow in the dsi writeinit function allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request. Recommendations Update to version 4.4.3...

9.9CVSS5.8AI score0.00418EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42703

Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret | Field | Value | | ---------------- | ----- | | Repository | Jovancoding/Network-AI | | Affected version | v5.4.4 commit c12686e181f231cf8d7bcf836a96d78f0f0877ac | Summary The MCP SSE server defaults to an empty secret...

7.6CVSS6AI score0.00023EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.20 views

PT-2026-42467

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One/SEP agent affected versions not specified Description An origin validation error in the agent's named pipe communication mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must...

7.8CVSS7.1AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.20 views

PT-2026-42381

Velocidex Velociraptor has an Incorrect Authorization issue in www.velocidex.com/golang/velociraptor...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.20 views

PT-2026-42103

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wp localize script in post editor contexts without effective masking fo...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.20 views

PT-2026-42068

Name of the Vulnerable Software and Affected Versions Account Switcher versions prior to 1.0.3 Description The Account Switcher plugin for WordPress allows authenticated attackers with Subscriber-level access or higher to escalate privileges to any user account, including Administrator. This occu...

8.8CVSS5.8AI score0.00385EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41851

Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00416EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41930

Name of the Vulnerable Software and Affected Versions ModelScope version 1.25.0 Description An issue allows attackers to execute arbitrary code through a crafted module specified in the configuration file 'dey mini.yaml' under the key 'nnet''module'. Recommendations At the moment, there is no...

8.1CVSS6.1AI score0.00529EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41988

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

8.8CVSS5.9AI score0.00448EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41871

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A broken access control issue exists in the Account Resources user lookup endpoint. A remote authenticated user who owns at least one User-Managed Access UMA resource can enumerate and harve...

4.3CVSS6AI score0.0037EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41865

Name of the Vulnerable Software and Affected Versions Content Element Selector ceselector affected versions not specified Description The extension passes an attacker-controlled cookie directly to the unserialize function without safe processing. A remote, unauthenticated attacker can provide a...

9.2CVSS6.1AI score0.02306EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41998

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...

7.5CVSS5.9AI score0.00564EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41762

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

7.6CVSS6AI score0.0023EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41830

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

7.8CVSS6AI score0.00286EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-42236

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description Insufficient policy enforcement in ServiceWorker allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. A ServiceWorker is a script that the browser...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41731

Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12 Description A path traversal issue allows attackers to read arbitrary files by providing an unvalidated transcript path value via stdin JSON. This enables access to any file readable by the process...

4.8CVSS5.9AI score0.00126EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41667

Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41766

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of docker cp, allowing a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem with root...

6.1CVSS5.4AI score0.00108EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41692

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.0 Description Arcane improperly exposes Git repository management endpoints to any authenticated user, allowing low-privileged accounts to modify repository configurations, exfiltrate stored Git credentials, acces...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41732

Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12 Description Local attackers can execute arbitrary commands on Windows systems by manipulating the COMSPEC environment variable. By setting COMSPEC to an arbitrary binary path before the software perform...

7.8CVSS6.2AI score0.0051EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41691

Name of the Vulnerable Software and Affected Versions mcp-security versions prior to 0.1.9 Description The mcp-security framework fails to implement mandatory Server-Side Request Forgery SSRF mitigations—a flaw where an attacker can induce the server to make requests to an unintended location—as...

7.2CVSS5.8AI score0.00198EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.20 views

PT-2026-41586

Name of the Vulnerable Software and Affected Versions Kilo-Org kilocode versions prior to 7.0.48 Description A flaw in the Environment Variable Handler component allows remote information disclosure. The issue exists within the Load function located in the packages/opencode/src/config/config.ts...

5.3CVSS5.8AI score0.00316EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.20 views

PT-2026-41558

Name of the Vulnerable Software and Affected Versions GitBucket version 4.23.1 Description An issue allows unauthenticated remote code execution through weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious J...

9.8CVSS6.5AI score0.00589EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.20 views

PT-2026-41555

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access...

8.7CVSS6AI score0.00403EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.20 views

PT-2026-41559

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.20 views

PT-2026-41462

Name of the Vulnerable Software and Affected Versions TextPattern CMS version 4.9.0-dev Description Authenticated attackers can achieve remote code execution by exploiting the plugin upload functionality. The process involves authenticating, retrieving a CSRF token from the plugin event page, and...

8.8CVSS6.5AI score0.00315EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.20 views

PT-2026-41468

Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2026.04 Description Das U-Boot allows a Flat Image Tree FIT signature verification bypass. This occurs because hashed-nodes are omitted from a hash, which can lead to the acceptance of unsigned or modified images...

8.2CVSS5.8AI score0.00126EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.20 views

PT-2026-41422

Name of the Vulnerable Software and Affected Versions jsondiffpatch versions prior to 0.7.6 Description Prototype Pollution occurs when attacker-controlled property names and path segments are used to traverse and modify objects without restricting access to special properties like proto or...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.20 views

PT-2026-41465

Name of the Vulnerable Software and Affected Versions Backup and Restore version 1.0.3 Description Authenticated attackers can delete arbitrary files from the WordPress installation directory. This is achieved by sending POST requests to the 'admin-ajax.php' endpoint with manipulated file name an...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.20 views

PT-2026-41443

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...

8.8CVSS6AI score0.00276EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.20 views

PT-2026-41390

Name of the Vulnerable Software and Affected Versions Pipecat versions 0.0.90 through 1.1.x Description A path traversal issue exists in the development runner within the src/pipecat/runner/run.py file. When the runner is started using the --folder flag, it enables a download endpoint 'GET...

7.5CVSS5.5AI score0.00423EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-41029

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode pixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = ...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-40886

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the request cancellation function. This makes it possible for unauthenticated attackers to cancel a logged-in customer's bookings...

4.3CVSS5.8AI score0.00105EPSS
Exploits0References3
Total number of security vulnerabilities5000