Lucene search
K
PtsecurityMost viewed

184419 matches found

Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.19 views

PT-2026-36684

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

5.8AI score0.00212EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.19 views

PT-2026-36638

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1 STRING data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiat...

7.5CVSS6.9AI score0.003EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.19 views

PT-2026-36606

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The esc sql...

7.5CVSS6AI score0.00304EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.19 views

PT-2026-36356

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the USB gadget HID function where list and spinlock initializations were performed during the bind process. Specifically, queues registered via poll wait were...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.19 views

PT-2026-38392

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description A sandbox escape allows sandboxed code to crash the host Node.js process. This occurs when a Promise constructor triggers an unhandled rejection that propagates to the host. Specifically, when sandboxed...

8.6CVSS5.9AI score0.00448EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.19 views

PT-2026-36816

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17.1 Description An authenticated user with project.add permission can import a specially crafted project backup ZIP file. If the components/.json file within the ZIP contains a repo URL pointing to a private addres...

8.1CVSS5.8AI score0.00371EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.19 views

PT-2026-37178

Name of the Vulnerable Software and Affected Versions Roadiz versions prior to 2.3.43 Roadiz versions prior to 2.5.45 Roadiz versions prior to 2.6.31 Roadiz versions prior to 2.7.18 Description The roadiz/openid package fails to properly implement the OIDC nonce validation process. While the...

7.1CVSS5.8AI score0.00152EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.19 views

PT-2026-35906

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.19.22...

4.3CVSS5.1AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.19 views

PT-2026-35351

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

5CVSS5.1AI score0.00248EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.19 views

PT-2026-34864

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions read permission callback unconditionally returns true via return true instead of checking for...

5.3CVSS5.2AI score0.00372EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.19 views

PT-2026-34850

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the get ads access token and reset experience AJAX handlers. While the mi-admin-nonce is...

5.3CVSS5.7AI score0.00258EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.19 views

PT-2026-34851

The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate openai content callback function, which relies solely on a nonce rather than verifying user permissions. This makes it...

4.3CVSS5.7AI score0.0027EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.19 views

PT-2026-34931

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the WireGuard component occurs because the wg netns pre exit function manually acquires rtnl lock within the .pre exit callback. This can lead to a hung task if another thread...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References317
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.19 views

PT-2026-34947

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the PCI endpoint pci-epf-vntb where the cmd handler work is not stopped during the epf ntb epc cleanup function. This can lead to the handler running after BAR mapping...

9.8CVSS5.9AI score0.00525EPSS
Exploits0References423
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.19 views

PT-2026-34776

OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by crafting malicious cross-origin redirect chains to intercept sensitive authorization credentials...

6CVSS5.8AI score0.00296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.19 views

PT-2026-34643

Name of the Vulnerable Software and Affected Versions reCaptcha by WebDesignBy WordPress plugin versions prior to 2.0 Description The plugin fails to sanitize or escape the Site Key setting before it is output within a JavaScript string context through the grecaptcha js function. This allows...

3.5CVSS6AI score0.002EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.19 views

PT-2026-43136

Name of the Vulnerable Software and Affected Versions GNU LibreDWG versions prior to 0.15 Description A weakness in the Dwggrep Utility component allows an out-of-bounds read, which occurs when the system accesses memory outside the intended boundary of a buffer. This issue is located in the bit...

4.8CVSS6.1AI score0.00176EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.19 views

PT-2026-34057

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw $ SERVER'REQUEST URI' to Twig as a global template variable and renders it inside a JavaScript string literal in the setLang helper of base.twig,...

2.1CVSS5.8AI score0.00805EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.19 views

PT-2026-34001

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 0.43.0 through 1.11.0 Description Trusted resources verification policies match a resource source string refSource.URI against spec.resources.pattern using the regexp.MatchString function. Because this function report...

6.5CVSS5.8AI score0.00264EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.19 views

PT-2026-34008

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.0 Description The git resolver in API mode sends the system-configured Git API token to a user-controlled 'serverURL' when the token parameter is omitted. A tenant with TaskRun or PipelineRun create...

7.7CVSS5.8AI score0.0026EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.19 views

PT-2026-33997

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

9.3CVSS6.2AI score0.00653EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.19 views

PT-2026-34180

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.x Description The git resolver fails to validate the revision parameter, which is passed directly as a positional argument to the git fetch command. This allows an attacker to inject arbitrary flags...

8.5CVSS6.1AI score0.00788EPSS
Exploits1References23
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.19 views

PT-2026-34214

Name of the Vulnerable Software and Affected Versions free5GC UDR versions prior to 1.4.3 Description A fail-open request handling flaw exists in the UDR service. The POST handler for the endpoint '/nudr-dr/v2/policy-data/subs-to-notify' continues to process requests even after encountering error...

6.9CVSS5.4AI score0.09955EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.19 views

PT-2026-33847

Name of the Vulnerable Software and Affected Versions LMDeploy versions prior to 0.12.3 Description A Server-Side Request Forgery SSRF issue exists in the vision-language module of LMDeploy, a toolkit for compressing, deploying, and serving large language models. The load image and encode image...

7.5CVSS6.3AI score0.4525EPSS
Exploits2References74
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.19 views

PT-2026-46938

Name of the Vulnerable Software and Affected Versions X.Org X server affected versions not specified Xwayland affected versions not specified Description A stack-based buffer overflow exists in the X.Org X server and Xwayland. The issue occurs because the CheckKeyTypes function fails to verify or...

7.8CVSS6.3AI score0.00165EPSS
Exploits0References103
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.19 views

PT-2026-33654

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation id causes authorization...

5.5CVSS5.6AI score0.003EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.19 views

PT-2026-33491

CVE-2026-33569 Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise th… https://t.co/VidnnJfRzA...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.19 views

PT-2026-33528

Name of the Vulnerable Software and Affected Versions Easy Appointments plugin for WordPress versions prior to 3.12.22 Description Sensitive information exposure occurs via the '/wp-json/wp/v2/eablocks/ea appointments/' REST API endpoint. The issue arises because the endpoint is registered with t...

7.5CVSS5.8AI score0.0239EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.19 views

PT-2026-32612

Summary A soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject. - Affected versions: = 6.0.0, = 6.0.2 - Not affected: SP1 V5 all versions - Severity: High Details Background...

8.9CVSS6AI score0.00195EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.19 views

PT-2026-32279

Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

5.1CVSS5.8AI score0.00077EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.19 views

PT-2026-32535

Name of the Vulnerable Software and Affected Versions UniFi Play PowerAmp versions prior to 1.0.38 UniFi Play Audio Port versions prior to 1.1.9 Description Improper Access Control in the UniFi Play network allows a malicious actor with network access to enable SSH, which can lead to unauthorized...

9.8CVSS5.8AI score0.0042EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.19 views

PT-2026-32249

Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

5.7CVSS5.8AI score0.0011EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.19 views

PT-2026-31871

Name of the Vulnerable Software and Affected Versions OpenClaw versions through 2026.1.26 Description A weakness exists in OpenClaw up to version 2026.1.26, specifically within the assertPublicHostname Handler functionality of the file src/agents/tools/web-fetch.ts. A manipulation can lead to...

8.1CVSS5.5AI score0.0042EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.19 views

PT-2026-31869

Name of the Vulnerable Software and Affected Versions CodeAstro Online Classroom versions 1.0/2.php Description A security flaw exists in CodeAstro Online Classroom 1.0/2.php, specifically within the file /OnlineClassroom/takeassessment2.php?exid=14. Manipulation of the Q1 argument leads to a SQL...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.19 views

PT-2026-31572

Name of the Vulnerable Software and Affected Versions awwaiid mcp-server-taskwarrior versions up to 1.0.1 Description A security issue exists in awwaiid mcp-server-taskwarrior up to version 1.0.1. The server.setRequestHandler function within the index.ts file is susceptible to command injection...

5.3CVSS6AI score0.00647EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.19 views

PT-2026-31405

Name of the Vulnerable Software and Affected Versions D-Link DI-8003 version 16.07.26A1 Description A buffer overflow exists due to improper handling of the http lanport parameter in the '/webgl.asp' API endpoint. Recommendations Update to a newer version that contains a fix for this vulnerabilit...

7.5CVSS6AI score0.00408EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.19 views

PT-2026-30438

Name of the Vulnerable Software and Affected Versions Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 Description A vulnerability exists in Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30. The issue involves improper access controls within an unknown function of the /Technostrobe/ file ...

9.8CVSS6.9AI score0.00448EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.19 views

PT-2026-29756

Name of the Vulnerable Software and Affected Versions Endian Firewall versions 3.3.25 and prior Description Endian Firewall versions 3.3.25 and earlier allow authenticated users to execute arbitrary OS commands through the DATE parameter in the '/cgi-bin/logs openvpn.cgi' endpoint. The DATE...

8.8CVSS6.1AI score0.01466EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.19 views

PT-2026-29516

Name of the Vulnerable Software and Affected Versions Corosync affected versions not specified Description A flaw exists in Corosync where a remote, unauthenticated attacker can exploit a wrong return value vulnerability in the membership commit token sanity check. This is achieved by sending a...

8.2CVSS5.9AI score0.00994EPSS
Exploits2References69
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.19 views

PT-2026-29814

Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.0.30 Description NocoBase is an AI-powered no-code/low-code platform. The plugin-workflow-sql component, in versions up to 2.0.8, directly substitutes template variables into raw SQL strings using getParsedValue...

8.5CVSS6.1AI score0.00406EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.19 views

PT-2026-28299

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software is subject to a Cross-Origin Resource Sharing issue. Improper CORS configurations can lead to the exposure of sensitive user information to attackers, unauthorized...

4.3CVSS5.9AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.19 views

PT-2026-28374

Name of the Vulnerable Software and Affected Versions SolarWinds Observability Self-Hosted affected versions not specified Description The software is subject to a stored cross-site scripting issue. Successful exploitation may result in unintended script execution. The impact is limited by a...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.19 views

PT-2026-27961

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.4.0 and earlier Mattermost versions 11.3.1 and earlier Mattermost versions 11.2.3 and earlier Mattermost versions 10.11.11 and earlier Description The software does not adequately limit the rate of login requests. This...

6.5CVSS5.9AI score0.60368EPSS
Exploits18References43
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.19 views

PT-2026-27529

Name of the Vulnerable Software and Affected Versions macOS versions prior to 26.4 Description A flaw exists in how the operating system parses directory paths. This could allow an application to access sensitive user data due to insufficient path validation. Recommendations Update to macOS versi...

5.3CVSS5.8AI score0.00299EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.19 views

PT-2026-27137

Name of the Vulnerable Software and Affected Versions GoHarbor versions prior to 2.15.0 Description The use of hard-coded credentials in GoHarbor allows attackers to use the default password and gain access to the web user interface. Recommendations Update GoHarbor to version 2.15.0 or later...

9.4CVSS5.8AI score0.00498EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.19 views

PT-2026-27167

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...

7.5CVSS5.7AI score0.00234EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.19 views

PT-2026-25939

Name of the Vulnerable Software and Affected Versions Spring AI versions prior to 1.0.4 and 1.1.3 Description A JSONPath injection issue exists in Spring AI’s AbstractFilterExpressionConverter. Authenticated users can bypass metadata-based access controls by using crafted filter expressions...

8.6CVSS5.8AI score0.00521EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.19 views

PT-2026-25091

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...

6.9CVSS5.8AI score0.00235EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.19 views

PT-2026-25068

Name of the Vulnerable Software and Affected Versions Cap'n Proto versions prior to 1.4.0 Description Cap'n Proto is a data interchange format and capability-based RPC system. Prior to version 1.4.0, a negative Content-Length value was converted to unsigned, resulting in it being treated as an...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.19 views

PT-2026-24744

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered...

8.2CVSS5.8AI score0.00118EPSS
Exploits0References6
Total number of security vulnerabilities5000