Lucene search
K
PtsecurityMost viewed

184382 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.19 views

PT-2026-36971

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Live Action::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.19 views

PT-2026-37252

Name of the Vulnerable Software and Affected Versions Geyser versions prior to 2.9.3 Description A server-side request forgery SSRF exists in the handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the '/give' command, an attacker can cause the...

2.4CVSS5.9AI score0.00158EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.19 views

PT-2026-37362

These are all security issues fixed in the cf-cli-8.18.3+git.0.83ce51d9c-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.19 views

PT-2026-37281

Name of the Vulnerable Software and Affected Versions Grav CMS Form plugin versions prior to 9.1.0 Description A Stored Cross-Site Scripting XSS issue exists in the select field template of the Grav CMS Form plugin. Taxonomy tag and category values are rendered using the Twig |raw filter in the...

5.4CVSS6AI score0.0015EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.19 views

PT-2026-37306

Name of the Vulnerable Software and Affected Versions ssrfcheck versions 1.3.0 and earlier Description ssrfcheck fails to block Server-Side Request Forgery SSRF attacks when a target private IP address is encoded as an IPv4-mapped IPv6 address e.g., 'http://::ffff:127.0.0.1/'. This occurs because...

8.2CVSS5.8AI score0.00226EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.19 views

PT-2026-38372

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description Netty's DNS codec fails to enforce RFC 1035 domain name constraints during encoding and decoding, creating a bidirectional attack surface. In the encoder, t...

9.8CVSS5.8AI score0.00969EPSS
Exploits1References479
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.19 views

PT-2026-37106

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.31.0 Description Gotenberg fails to properly validate metadata tags passed to ExifTool, a tool used for reading and writing image, audio, and video metadata. While the software blocks specific tags like FileName a...

8.2CVSS6AI score0.00347EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.19 views

PT-2026-36929

Name of the Vulnerable Software and Affected Versions Amazon WorkSpaces for Windows versions prior to 2.6.2034.0 Description Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service allows a local non-admin authenticated user to place arbitrary files in...

8.5CVSS5.9AI score0.00122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.19 views

PT-2026-36763

Name of the Vulnerable Software and Affected Versions osrg GoBGP versions prior to 4.4.0 Description A remote denial of service can occur in the SRv6 L3 Service component. The issue exists within the SRv6L3ServiceAttribute.DecodeFromBytes function located in the pkg/packet/bgp/prefix sid.go file,...

7.5CVSS6.3AI score0.00464EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.19 views

PT-2026-36907

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An open source workflow automation platform contains an issue where the Snowflake node and the legacy MySQL v1 node construct SQL queries by...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.19 views

PT-2026-37196

Name of the Vulnerable Software and Affected Versions pyp2spec versions prior to 0.14.1 Description pyp2spec writes PyPI package metadata, such as the summary field, into generated spec files without escaping RPM macro directives. When a packager uses tools like rpmbuild -bs, rpmbuild --nobuild, ...

7.8CVSS6.2AI score0.00197EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.19 views

PT-2026-36786

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.19 views

PT-2026-36672

Name of the Vulnerable Software and Affected Versions crmeb java versions prior to 1.3.5 Description An unrestricted file upload issue exists within the Admin Upload component, specifically affecting the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java...

5.8CVSS5.8AI score0.00223EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.19 views

PT-2026-36638

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1 STRING data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiat...

7.5CVSS6.9AI score0.003EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.19 views

PT-2026-36606

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The esc sql...

7.5CVSS6AI score0.00304EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.19 views

PT-2026-36356

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the USB gadget HID function where list and spinlock initializations were performed during the bind process. Specifically, queues registered via poll wait were...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.19 views

PT-2026-38392

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description A sandbox escape allows sandboxed code to crash the host Node.js process. This occurs when a Promise constructor triggers an unhandled rejection that propagates to the host. Specifically, when sandboxed...

8.6CVSS5.9AI score0.00448EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.19 views

PT-2026-36816

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17.1 Description An authenticated user with project.add permission can import a specially crafted project backup ZIP file. If the components/.json file within the ZIP contains a repo URL pointing to a private addres...

8.1CVSS5.8AI score0.00371EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.19 views

PT-2026-37178

Name of the Vulnerable Software and Affected Versions Roadiz versions prior to 2.3.43 Roadiz versions prior to 2.5.45 Roadiz versions prior to 2.6.31 Roadiz versions prior to 2.7.18 Description The roadiz/openid package fails to properly implement the OIDC nonce validation process. While the...

7.1CVSS5.8AI score0.00152EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.19 views

PT-2026-35906

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.19.22...

4.3CVSS5.1AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.19 views

PT-2026-35351

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

5CVSS5.1AI score0.00248EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.19 views

PT-2026-34864

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions read permission callback unconditionally returns true via return true instead of checking for...

5.3CVSS5.2AI score0.00372EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.19 views

PT-2026-34850

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the get ads access token and reset experience AJAX handlers. While the mi-admin-nonce is...

5.3CVSS5.7AI score0.00258EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.19 views

PT-2026-34851

The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate openai content callback function, which relies solely on a nonce rather than verifying user permissions. This makes it...

4.3CVSS5.7AI score0.0027EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.19 views

PT-2026-34947

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the PCI endpoint pci-epf-vntb where the cmd handler work is not stopped during the epf ntb epc cleanup function. This can lead to the handler running after BAR mapping...

9.8CVSS5.9AI score0.00525EPSS
Exploits0References423
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.19 views

PT-2026-34931

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the WireGuard component occurs because the wg netns pre exit function manually acquires rtnl lock within the .pre exit callback. This can lead to a hung task if another thread...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References317
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.19 views

PT-2026-34776

OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by crafting malicious cross-origin redirect chains to intercept sensitive authorization credentials...

6CVSS5.8AI score0.00296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.19 views

PT-2026-34643

Name of the Vulnerable Software and Affected Versions reCaptcha by WebDesignBy WordPress plugin versions prior to 2.0 Description The plugin fails to sanitize or escape the Site Key setting before it is output within a JavaScript string context through the grecaptcha js function. This allows...

3.5CVSS6AI score0.002EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.19 views

PT-2026-43136

Name of the Vulnerable Software and Affected Versions GNU LibreDWG versions prior to 0.15 Description A weakness in the Dwggrep Utility component allows an out-of-bounds read, which occurs when the system accesses memory outside the intended boundary of a buffer. This issue is located in the bit...

4.8CVSS6.1AI score0.00176EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.19 views

PT-2026-34057

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw $ SERVER'REQUEST URI' to Twig as a global template variable and renders it inside a JavaScript string literal in the setLang helper of base.twig,...

2.1CVSS5.8AI score0.00805EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.19 views

PT-2026-34001

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 0.43.0 through 1.11.0 Description Trusted resources verification policies match a resource source string refSource.URI against spec.resources.pattern using the regexp.MatchString function. Because this function report...

6.5CVSS5.8AI score0.00264EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.19 views

PT-2026-34008

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.0 Description The git resolver in API mode sends the system-configured Git API token to a user-controlled 'serverURL' when the token parameter is omitted. A tenant with TaskRun or PipelineRun create...

7.7CVSS5.8AI score0.0026EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.19 views

PT-2026-33997

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

9.3CVSS6.2AI score0.00653EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.19 views

PT-2026-34180

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.x Description The git resolver fails to validate the revision parameter, which is passed directly as a positional argument to the git fetch command. This allows an attacker to inject arbitrary flags...

8.5CVSS6.1AI score0.00788EPSS
Exploits1References23
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.19 views

PT-2026-34214

Name of the Vulnerable Software and Affected Versions free5GC UDR versions prior to 1.4.3 Description A fail-open request handling flaw exists in the UDR service. The POST handler for the endpoint '/nudr-dr/v2/policy-data/subs-to-notify' continues to process requests even after encountering error...

6.9CVSS5.4AI score0.09955EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.19 views

PT-2026-33847

Name of the Vulnerable Software and Affected Versions LMDeploy versions prior to 0.12.3 Description A Server-Side Request Forgery SSRF issue exists in the vision-language module of LMDeploy, a toolkit for compressing, deploying, and serving large language models. The load image and encode image...

7.5CVSS6.3AI score0.4525EPSS
Exploits2References74
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.19 views

PT-2026-46938

Name of the Vulnerable Software and Affected Versions X.Org X server affected versions not specified Xwayland affected versions not specified Description A stack-based buffer overflow exists in the X.Org X server and Xwayland. The issue occurs because the CheckKeyTypes function fails to verify or...

7.8CVSS6.3AI score0.00165EPSS
Exploits0References103
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.19 views

PT-2026-33654

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation id causes authorization...

5.5CVSS5.6AI score0.003EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.19 views

PT-2026-33528

Name of the Vulnerable Software and Affected Versions Easy Appointments plugin for WordPress versions prior to 3.12.22 Description Sensitive information exposure occurs via the '/wp-json/wp/v2/eablocks/ea appointments/' REST API endpoint. The issue arises because the endpoint is registered with t...

7.5CVSS5.8AI score0.0239EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.19 views

PT-2026-33491

CVE-2026-33569 Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise th… https://t.co/VidnnJfRzA...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.19 views

PT-2026-32612

Summary A soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject. - Affected versions: = 6.0.0, = 6.0.2 - Not affected: SP1 V5 all versions - Severity: High Details Background...

8.9CVSS6AI score0.00195EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.19 views

PT-2026-32279

Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

5.1CVSS5.8AI score0.00077EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.19 views

PT-2026-32535

Name of the Vulnerable Software and Affected Versions UniFi Play PowerAmp versions prior to 1.0.38 UniFi Play Audio Port versions prior to 1.1.9 Description Improper Access Control in the UniFi Play network allows a malicious actor with network access to enable SSH, which can lead to unauthorized...

9.8CVSS5.8AI score0.0042EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.19 views

PT-2026-32249

Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

5.7CVSS5.8AI score0.0011EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.19 views

PT-2026-31871

Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.1.26 Description A weakness exists in OpenClaw up to version 2026.1.26, specifically within the assertPublicHostname Handler functionality of the file src/agents/tools/web-fetch.ts. A manipulation can lead to...

8.1CVSS5.5AI score0.0042EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.19 views

PT-2026-31869

Name of the Vulnerable Software and Affected Versions CodeAstro Online Classroom versions 1.0/2.php Description A security flaw exists in CodeAstro Online Classroom 1.0/2.php, specifically within the file /OnlineClassroom/takeassessment2.php?exid=14. Manipulation of the Q1 argument leads to a SQL...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.19 views

PT-2026-31572

Name of the Vulnerable Software and Affected Versions awwaiid mcp-server-taskwarrior versions up to 1.0.1 Description A security issue exists in awwaiid mcp-server-taskwarrior up to version 1.0.1. The server.setRequestHandler function within the index.ts file is susceptible to command injection...

5.3CVSS6AI score0.00647EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.19 views

PT-2026-31405

Name of the Vulnerable Software and Affected Versions D-Link DI-8003 version 16.07.26A1 Description A buffer overflow exists due to improper handling of the http lanport parameter in the '/webgl.asp' API endpoint. Recommendations Update to a newer version that contains a fix for this vulnerabilit...

7.5CVSS6AI score0.00408EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.19 views

PT-2026-30438

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A vulnerability exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. The issue involves improper access controls within an unknown function of the /Technostrobe/ file ...

9.8CVSS6.9AI score0.00448EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.19 views

PT-2026-29756

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands through the DATE parameter in the '/cgi-bin/logs openvpn.cgi' endpoint. The DATE...

8.8CVSS6.1AI score0.01466EPSS
Exploits0References7
Total number of security vulnerabilities5000