Lucene search
K
PtsecurityMost viewed

184419 matches found

Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.19 views

PT-2026-43000

A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00304EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.19 views

PT-2026-42998

A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

7.5CVSS6.3AI score0.00242EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.19 views

PT-2026-43006

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.1.0 through 1.1.x Description Support for Anthropic's Skills API uses filenames influenced by the Large Language Model LLM without proper sanitization in the Path.resolve function before writing files to disk. This flaw...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.19 views

PT-2026-43078

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 Description Improper Isolation or Compartmentalization allows an administrator with sufficient entitlements for Implementations t...

7.2CVSS6.2AI score0.00652EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.19 views

PT-2026-42993

A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network...

4.8CVSS5.6AI score0.00179EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.19 views

PT-2026-42923

Name of the Vulnerable Software and Affected Versions Slim versions 4.4.0 through 4.15 Description Reflected Cross-Site Scripting XSS occurs in the HtmlErrorRenderer when an application uses the setTitle and/or setDescription functions of HttpException to include untrusted or request-derived data...

6.1CVSS5.4AI score0.00167EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.19 views

PT-2026-42940

A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The...

9CVSS7.8AI score0.00445EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.19 views

PT-2026-42929

Name of the Vulnerable Software and Affected Versions hermes-agent version 2026.4.23 Description A security flaw exists in the CLI web-dashboard Interface within the discover dashboard plugins function of the hermes cli/web server.py file. A manipulation of the HERMES ENABLE PROJECT PLUGINS...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.19 views

PT-2026-42900

A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a manipulation of the argument ssid/manualssid/ip/mask/gateway results in buffer overflow. The attack is possible to be carried...

9CVSS7.7AI score0.00542EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.19 views

PT-2026-42935

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...

6.5CVSS6.3AI score0.00195EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.19 views

PT-2026-42880

Name of the Vulnerable Software and Affected Versions omec-project amf versions prior to 2.1.2 Description A memory corruption issue exists in the NGReset Message Handler component. A remote attacker can trigger this condition through specific manipulation of the system. Recommendations Apply the...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.19 views

PT-2026-42885

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.19 views

PT-2026-42871

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.4.0 through 2.0.7 Description An authorization bypass allows users with the RoleMember role to execute arbitrary commands on all servers monitored by the dashboard, including those belonging to other tenants or...

9.9CVSS5.8AI score0.00339EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.19 views

PT-2026-42735

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

5.4CVSS5.8AI score0.00645EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.19 views

PT-2026-42822

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Description The application contains a stored Cross-Site Scripting XSS issue in the profile picture upload form at the 'app.typebot.io' endpoint. The system fails to sanitize or restrict SVG/XML-based uploads a...

8.5CVSS6.2AI score0.00276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.19 views

PT-2026-42830

Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The vllm-metal inference backend unconditionally sets trust remote code=True when loading model tokenizers and operates without sandboxing. This allows the...

8.8CVSS6.4AI score0.00224EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.19 views

PT-2026-42730

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.4CVSS6AI score0.0022EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.19 views

PT-2026-42755

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.1 Apache CXF versions prior to 4.1.6 Apache CXF versions prior to 3.6.11 Description An LDAP injection issue exists in the LDAP Certificate repository of the XKMS server. This allows an attacker to retrieve...

9.8CVSS5.9AI score0.00722EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.19 views

PT-2026-42770

Directory traversal in Follett Software's Destiny Library Manager 22 0 2 rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

6AI score0.00715EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.19 views

PT-2026-42831

Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The MLX inference backend uses the MLX-LM library, which imports and executes arbitrary Python files from model directories via the model file configuration field in the...

8.8CVSS6.3AI score0.00224EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.19 views

PT-2026-42711

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Constraint extensions, such as [email protected], were not serialized in requests when adding a key to a remote agent. This caused destination...

9.1CVSS5.8AI score0.00525EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.19 views

PT-2026-42658

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A Path Traversal issue exists in UniFi OS devices due to improper restriction of directory path names. A remote actor with network access can exploit this to access files on the underlying...

10CVSS5.8AI score0.02269EPSS
Exploits2References42
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.19 views

PT-2026-42461

Name of the Vulnerable Software and Affected Versions Request Tracker versions 5.0.4 through 5.0.9 Request Tracker versions 6.0.0 through 6.0.2 Description Reflected cross-site scripting XSS occurs via the Page parameter in GET requests. This allows an attacker to craft a URL that executes...

6.1CVSS5.8AI score0.00235EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.19 views

PT-2026-42657

Name of the Vulnerable Software and Affected Versions UniFi OS Server versions prior to 5.0.8 Description An improper access control flaw exists in UniFi OS Server. The issue occurs because nginx evaluates the raw request URI for authentication purposes but performs routing using the normalized...

10CVSS8AI score0.02452EPSS
Exploits2References60
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.19 views

PT-2026-42479

Name of the Vulnerable Software and Affected Versions Apache Fory versions prior to 1.0.0 Description Deserialization of untrusted data in Apache Fory PyFory occurs because the ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and...

9.8CVSS5.8AI score0.00574EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.19 views

PT-2026-42508

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.19 views

PT-2026-42465

Name of the Vulnerable Software and Affected Versions Apex One on-premise versions prior to SP1 Build 18012 Apex One new installs versions prior to 17079 Apex One SaaS agent versions prior to 14.0.20731 Description A directory traversal issue in the on-premise management server allows an attacker...

6.7CVSS6.9AI score0.12682EPSS
Exploits0References48
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.19 views

PT-2026-42493

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm id POST parameter directly into an HTML form input value attribute. Attackers ca...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.19 views

PT-2026-42532

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv -prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that...

8.8CVSS6.2AI score0.00702EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.19 views

PT-2026-42390

It was discovered that GStreamer Good Plugins incorrectly handled certain MOV/MP4 media files. A remote attacker could use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.19 views

PT-2026-42223

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 16.10.17 XWiki Platform versions prior to 17.4.9 XWiki Platform versions prior to 17.10.3 XWiki Platform versions prior to 18.1.0-rc-1 Description The 'POST /wikis/wikiName' API executes a XAR import without...

9.3CVSS5.8AI score0.00594EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.19 views

PT-2026-42100

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST USER LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present...

9.8CVSS6.1AI score0.00573EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.19 views

PT-2026-42218

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

8.8CVSS5.8AI score0.00764EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.19 views

PT-2026-42058

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliver pos rest authentication...

6.5CVSS5.7AI score0.00475EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.19 views

PT-2026-41814

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

8.1CVSS6.3AI score0.00428EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.19 views

PT-2026-41839

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

5.5CVSS5.8AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.19 views

PT-2026-41899

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox Focus for Android affected versions not specified Description A sandbox escape exists in Firefox and Firefox Focus for Android. A sandbox is a security mechanism used to isolate running applications from t...

9.8CVSS5.9AI score0.00605EPSS
Exploits0References47
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.19 views

PT-2026-41847

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00574EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.19 views

PT-2026-41876

Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3...

4.3CVSS5.8AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.19 views

PT-2026-41639

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description An authenticated attacker can cause resource exhaustion or denial of service by sending a crafted...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.19 views

PT-2026-41732

Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12 Description Local attackers can execute arbitrary commands on Windows systems by manipulating the COMSPEC environment variable. By setting COMSPEC to an arbitrary binary path before the software perform...

7.8CVSS6.2AI score0.0051EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.19 views

PT-2026-41785

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description OpenTelemetry eBPF Instrumentation OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can...

7.5CVSS5.8AI score0.00319EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.19 views

PT-2026-41555

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access...

8.7CVSS6AI score0.00403EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.19 views

PT-2026-41538

A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...

5.3CVSS5.4AI score0.00367EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.19 views

PT-2026-41781

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing check in the MNG coder allows for reading more images than the list limit policy permits, which can lead to excessive resource consumption...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References131
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.19 views

PT-2026-41465

Name of the Vulnerable Software and Affected Versions Backup and Restore version 1.0.3 Description Authenticated attackers can delete arbitrary files from the WordPress installation directory. This is achieved by sending POST requests to the 'admin-ajax.php' endpoint with manipulated file name an...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.19 views

PT-2026-41303

An issue in Nodemailer smtp server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream. write, lib/smtp-stream.js components...

7.5CVSS5.8AI score0.00572EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.19 views

PT-2026-41253

Name of the Vulnerable Software and Affected Versions AGESA Bootloader Firmware affected versions not specified Description An insecure default configuration state of the DDR5 memory module within the AGESA Bootloader Firmware allows a local user to abuse the unprotected PMIC Power Management...

6.9CVSS5.8AI score0.00091EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.19 views

PT-2026-41296

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed...

10CVSS6AI score0.00648EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.19 views

PT-2026-41351

Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an exploration id without verifying that the requesting user was a collaborator on the...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References2
Total number of security vulnerabilities5000