Lucene search
K
PtsecurityMost viewed

184427 matches found

Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49217

WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gatewa...

6.9CVSS5.4AI score0.00778EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49586

Name of the Vulnerable Software and Affected Versions protobufjs-cli versions prior to 1.3.2 protobufjs-cli versions prior to 2.5.0 Description An incomplete fix for unsafe name handling in pbjs static and static-module code generation allows the emission of unsafe JavaScript references when...

8.2CVSS5.9AI score0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49235

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS5.2AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49546

Name of the Vulnerable Software and Affected Versions Canon EOS Network Setting Tool versions prior to 1.5.1 Description The software contains hard-coded cryptographic keys, which are fixed keys embedded directly into the source code, potentially allowing unauthorized decryption or authentication...

9.8CVSS6.6AI score0.00232EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49415

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49245

Name of the Vulnerable Software and Affected Versions Fortra Core Privileged Access Manager affected versions not specified Description An OS command injection issue exists in the boks autoregisterd service. A remote attacker with network access to this service can execute commands with the...

9.8CVSS5.8AI score0.00865EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49467

Unauthenticated Other Vulnerability Type in WpEvently = 5.3.3 versions...

7.5CVSS5.2AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49212

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs...

5.3CVSS5.1AI score0.00106EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49283

Name of the Vulnerable Software and Affected Versions dhcpcd version 10.3.0 Description A NULL pointer dereference occurs during the parsing of configuration options. In the parse option function, the software performs a member access on a NULL pointer of type struct dhcp opt when an invalid opti...

6.3CVSS5.9AI score0.00169EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49572

Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.31 Description The parse form function fails to validate the Content-Length header before using it to limit the chunked read of the request body. Because the header value is parsed as an integer without a...

3.7CVSS5.8AI score0.00217EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49595

Name of the Vulnerable Software and Affected Versions @nestjs/platform-fastify versions prior to 11.1.24 Description An authentication bypass exists in the Fastify adapter when middleware is registered through the MiddlewareConsumer.forRoutes API. An unauthenticated client can bypass registered...

8.7CVSS5.4AI score0.00285EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49301

Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...

8.4CVSS5.2AI score0.00118EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•19 views

PT-2026-49583

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description A Denial of Service DoS issue exists in the @angular/common package. The formatDate function, also used by the standard DatePipe,...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•19 views

PT-2026-49092

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The KVM/QEMU monitoring engine in the glances/plugins/vms/engines/virsh.py file fails to sanitize VM domain names retrieved from the virsh list --all output. These names are passed into f-string...

7.8CVSS6.3AI score0.00213EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•19 views

PT-2026-49076

Name of the Vulnerable Software and Affected Versions libreport affected versions not specified Description A content injection issue exists in the ABRT post-create event handler scripts within libreport. The event script retrieves log entries from the systemd journal for crashed processes and...

5.5CVSS5.3AI score0.00116EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•19 views

PT-2026-49096

Name of the Vulnerable Software and Affected Versions glances affected versions not specified Description The secure popen function in glances/secure.py improperly interprets shell-like operators, specifically file redirection, | pipe, and && command chaining, within command strings. When...

7.8CVSS6.2AI score0.00184EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•19 views

PT-2026-49085

Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress versions prior to 2.1.0 Description Insufficient input sanitization and output escaping in the Anchor block allow authenticated attackers with contributor-level acces...

6.4CVSS5.6AI score0.00155EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•19 views

PT-2026-49089

Name of the Vulnerable Software and Affected Versions Model Context Protocol versions prior to 0.25.0 Description Servers fail to validate the "Origin" header on incoming connections, which may allow DNS rebinding attacks. DNS rebinding is a method of bypassing the Same-Origin Policy to interact...

9.4CVSS5.3AI score0.00153EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•19 views

PT-2026-49080

Name of the Vulnerable Software and Affected Versions Store Locator WordPress plugin versions prior to 1.6.9 Description Insufficient validation of a parameter used in a file path allows high-privileged users, such as administrators, to read arbitrary .php files from the server. This can lead to...

3.4CVSS5.5AI score0.00248EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•19 views

PT-2026-49168

Name of the Vulnerable Software and Affected Versions runc versions prior to 1.3.6 runc versions prior to 1.4.3 runc versions prior to 1.5.0-rc.3 Description A flaw involving a /dev symlink allows a malicious container image to obtain limited write access to the host filesystem. This issue occurs...

3.3CVSS5.2AI score0.00222EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-49067

Name of the Vulnerable Software and Affected Versions File Browser affected versions not specified Description File Browser fails to properly validate symbolic links, allowing scoped users or unauthenticated public-share recipients to access files outside their intended directory boundaries. Whil...

7.5CVSS5.3AI score0.0046EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48819

Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values...

6.3CVSS5.5AI score0.00278EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-49050

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.27.12 Description A heap buffer out-of-bounds write occurs in the Avira Antivirus engine when scanning a malformed POSIX tar archive. This flaw may allow local execution of code or a denial-of-service of t...

7.8CVSS5.7AI score0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48926

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11.6.2 Mattermost versions prior to 11.5.5 Mattermost versions prior to 10.11.17 Description An issue exists where role updated websocket event broadcasts are not restricted to members of the affected team or...

4.3CVSS5.2AI score0.0018EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48955

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.8.0 through 9.9.1-alpha.3 Description The routeAllowList server option is intended to restrict external client access to a specific list of REST API routes. However, the check is only enforced as Express middleware...

6.9CVSS5.2AI score0.00342EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48995

A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal, bypassing the normal setSetting validation logic, including validate homepage, which requires homepage...

5.1CVSS5.2AI score0.00377EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48860

Name of the Vulnerable Software and Affected Versions Quest Bot versions prior to 1.1.6 Description A moderator possessing the necessary Discord permission bit can utilize the bot to perform moderation actions on users who are higher in the Discord role hierarchy, provided the bot itself has a...

7.2CVSS5.3AI score0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-49023

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Software installed and run as a non-privileged user may perform GPU system calls to write to arbitrary freed physical pages. This occurs because physical memory...

5.2AI score0.00118EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48972

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

8.4CVSS5.3AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-49005

Name of the Vulnerable Software and Affected Versions @apostrophecms/seo versions prior to 1.4.3 Description Stored Cross-Site Scripting XSS occurs when the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager direct...

8.7CVSS5.5AI score0.0021EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48873

Name of the Vulnerable Software and Affected Versions Ghost versions prior to 6.37.0 Description Ghost is a Node.js content management system. When deployed behind a shared caching layer that shares content between different visitors, an unauthenticated user can send an x-ghost-preview header to...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48832

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed for...

5.2AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48939

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.6.0 through 11.6.1 Mattermost versions 11.5.0 through 11.5.4 Mattermost versions 10.11.0 through 10.11.16 Description Insufficient sanitization of the FileInfo.Name variable received from federated peers during shared...

7.6CVSS6AI score0.00294EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-49070

đź”´ ShinyHunters exploits Oracle PeopleSoft 0-day CVSS 9.8 targeting 100+ organizations Ransomware group ShinyHunters exploited CVE-2025-35273, a critical server-side request forgery vulnerability in Oracle PeopleSoft, for more than two weeks before Oracle disclosed it. The group targeted roughly 3...

5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48978

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The ReviewableQueuedPostSerializer unconditionally includes the raw email payload for posts received via incoming email. This allo...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48853

A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can bypass the application's assumption that accepted Content-Type or protected HTTP-header metadata came from a verified...

5.2AI score0.00278EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48931

Name of the Vulnerable Software and Affected Versions chisel affected versions not specified Description Authenticated clients can bypass Access Control List ACL restrictions defined via the --authfile parameter to tunnel traffic to arbitrary destinations reachable from the server. While the serv...

8.5CVSS5.5AI score0.00038EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48885

Name of the Vulnerable Software and Affected Versions Pause+ Mobile App versions 1.0.6 through 1.4.x Description Improper restriction of excessive authentication attempts allows for authentication bypass. Recommendations Update to version 1.5...

9.8CVSS5.2AI score0.00346EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48899

Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48872

VeraCrypt 1.26.29 is now available!🎉 - Argon2id KDF for non-system volumes - Security fixes: CVE-2026-54073 & CVE-2026-53762 - Microsoft UEFI CA 2023 support for system encryption - Driver, EFI, Linux/macOS fixes 🔗More details at https://t.co/xdLi5dqTrX...

5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48937

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.6.0 through 11.6.1 Mattermost versions 11.5.0 through 11.5.4 Mattermost versions 10.11.0 through 10.11.16 Description An issue exists where the system fails to enforce the PermissionInviteUser check when setting...

4.3CVSS5.9AI score0.00152EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48913

The Aqara IAM/SSO Gateway gw-builder.aqara.com provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 6.1 Medium, which can be used to set up a phishing attack...

6.1CVSS5.2AI score0.00182EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48890

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS5.2AI score0.00321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•19 views

PT-2026-48629

Name of the Vulnerable Software and Affected Versions GitLab EE versions 15.5 through 18.10.7 GitLab EE versions 18.11 through 18.11.4 GitLab EE versions 19.0 through 19.0.1 Description Improper authorization in the Group SAML identity management functionality allows an authenticated user with th...

8.7CVSS5.2AI score0.00278EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•19 views

PT-2026-48615

Name of the Vulnerable Software and Affected Versions Spring Integration versions 7.0.0 through 7.0.4 Spring Integration versions 6.5.0 through 6.5.8 Spring Integration versions 6.4.0 through 6.4.11 Spring Integration versions 6.3.0 through 6.3.14 Spring Integration versions 5.5.0 through 5.5.20...

7.1CVSS5.9AI score0.0021EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•19 views

PT-2026-48719

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim...

8.3CVSS5.4AI score0.00307EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•19 views

PT-2026-48681

Name of the Vulnerable Software and Affected Versions PDM versions prior to 2.28.0 Description PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. This process uses site.addsitedir, which on CPython processes .pth files in the added directory. If a .pt...

8.4CVSS6.5AI score0.00028EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•19 views

PT-2026-48708

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new members. If the select...

7.5CVSS5.5AI score0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•19 views

PT-2026-48792

Name of the Vulnerable Software and Affected Versions ClipBucket v5 versions prior to 5.5.3 Description An authenticated user with video upload privileges can exploit a boolean-based blind SQL injection, a technique where data is exfiltrated by observing true or false responses from the server. T...

8.8CVSS5.4AI score0.00307EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•19 views

PT-2026-48785

Name of the Vulnerable Software and Affected Versions Hippoo Mobile App for WooCommerce versions prior to 1.9.5 Description Incorrect Privilege Assignment in the software allows for Privilege Escalation, a condition where a user can gain higher levels of access or permissions than intended...

9.8CVSS5.2AI score0.00514EPSS
Exploits1References3
Total number of security vulnerabilities5000