Lucene search
K
PtsecurityMost viewed

184379 matches found

Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51150

Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objects including PII to unauthenticated attackers. An attacker can enumerate valid email addresses and harvest sensitive user data including user IDs,...

6.9CVSS5.9AI score0.00328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51191

Name of the Vulnerable Software and Affected Versions EaseUS Partition Master versions prior to 14.5 Description An issue exists in the Kernel Driver component within the epmntdrv.sys library. A local attacker can manipulate an unknown function to cause improper access controls, which occurs when...

8.5CVSS7.1AI score0.00112EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51147

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Insufficient webhook URL validation allows for Server-Side Request Forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. Organization admins can configure...

5.4CVSS5.9AI score0.00156EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51159

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'confirm-signup' endpoint. The confirmation url parameter is not validated, which allows attackers to redirect users to arbitrary external websites. This can be...

5.1CVSS6AI score0.0018EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51137

Name of the Vulnerable Software and Affected Versions iCagenda versions prior to 3.9.15 iCagenda versions prior to 4.0.8 Description The iCagenda extension for Joomla contains a flaw in the file attachment feature of its public event submission form. Due to improper restriction of file types, an...

10CVSS6.5AI score0.00564EPSS
Exploits4References24
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51195

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 0.0.1 through 2.9.0 Description Apache NiFi allows the construction of qualified URLs using several HTTP request headers that serve as alternatives to the standard Host header without validating the provided values. While ...

6.3CVSS5.9AI score0.00268EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51154

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the require apikey expiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers wit...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-51123

Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.32.0 through 2.36.0 Symfony UX versions 3.0.0 through 3.1.9 Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. Due to improper validation in...

7.8CVSS6.1AI score0.00146EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50978

Name of the Vulnerable Software and Affected Versions Tilt versions 0.19.5 through 0.37.3 Description The Tilt HUD server mounts Go's net/http/pprof handlers under the '/debug' endpoint without access control. When the HUD is network-exposed, an unauthenticated caller can read process memory via...

8.3CVSS6AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50942

Name of the Vulnerable Software and Affected Versions Joomla! Component Flip Wall version 8.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the wallid parameter via GET requests to the 'index.ph...

7.1CVSS6.1AI score0.00241EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50937

Name of the Vulnerable Software and Affected Versions Joomla! Component Price Alert version 3.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending requests to the 'subscribeajax' view with crafted payloads in the product id parameter,...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50931

Name of the Vulnerable Software and Affected Versions Joomla! Component User Bench version 1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. This is achieved by sending GET requests to the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50976

Summary CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certain circumstances, improper input handling could allow policy injection. Impact Cedar-expression injection via unescaped toCedarExpr The toCedarExpr metho...

8.8CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50996

Name of the Vulnerable Software and Affected Versions Joomla! Component Easy Shop version 1.2.3 Description A local file inclusion issue allows unauthenticated attackers to read arbitrary files by providing base64-encoded file paths. This is achieved by sending GET requests to the 'index.php'...

6.9CVSS7.4AI score0.00426EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50940

Name of the Vulnerable Software and Affected Versions Joomla! Component FocalPoint Pro/Free version 1.2.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the id parameter. Attackers can send GET...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50841

Name of the Vulnerable Software and Affected Versions Advanced Import versions prior to 1.4.7 Description Server-Side Request Forgery SSRF occurs when the plugin uses the wp remote get function to fetch a user-supplied URL without validating that the destination does not point to internal or...

6.4CVSS5.9AI score0.00208EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50934

Name of the Vulnerable Software and Affected Versions Quiz Deluxe version 3.7.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL commands through the 'ajaxaction.flag question' task. Attackers can inject malicious SQL code via the stu quiz id or flag quest...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50960

Name of the Vulnerable Software and Affected Versions Joomla Payage version 2.05 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to the 'index.php' endpoint with malicious...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50932

Name of the Vulnerable Software and Affected Versions Joomla! Component JB Visa version 1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the visatype parameter via GET requests to the 'index.php'...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50879

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.12.0 through 3.16.0 Description Improper Input Validation in the forward-auth plugin allows an attacker to spoof identity headers by leveraging specific configurations. Recommendations Upgrade to version 3.17.0...

8.8CVSS5.9AI score0.00403EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50939

Name of the Vulnerable Software and Affected Versions Joomla! Component Ajax Quiz version 1.8 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the cid parameter. Attackers can send GET requests to...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50910

Name of the Vulnerable Software and Affected Versions NetDrive version 2.6.12 Description An unquoted service path issue exists in the Netdrive2 Service Netdrive2 service. This allows local users to execute arbitrary code with SYSTEM privileges by placing malicious executables in the system root...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50923

Name of the Vulnerable Software and Affected Versions AVAST Antivirus version 25.11 Description The SecureLine service contains an unquoted service path, which occurs when a service executable path contains spaces and is not enclosed in quotation marks. This allows local non-privileged users to...

8.5CVSS5.9AI score0.00127EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-51034

Name of the Vulnerable Software and Affected Versions Azure Synapse affected versions not specified Description Execution with unnecessary privileges allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version th...

9.9CVSS5.9AI score0.005EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50948

Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description The GridTime 3000 GNSS Time Server contains an open redirect issue within the password change form submission. An open redirect occurs when an application takes a user-provided URL an...

5.3CVSS5.9AI score0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50988

Name of the Vulnerable Software and Affected Versions Joomla! Component J-BusinessDirectory version 4.9.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the type parameter via GET requests to the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50928

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel BPF reuseport program handling. When a UDP reuseport group uses a cBPF program and that program is replaced or detached via the setsocko...

7.8CVSS5.8AI score0.00104EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50831

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where the software lacks handler call depth tracking for calls to the XML ResumeParser function when called from within handlers during a policy violation. This can lead to a...

4.9CVSS5.7AI score0.00135EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50919

Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot...

8.5CVSS6AI score0.0012EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50953

Name of the Vulnerable Software and Affected Versions Joomla Ultimate Property Listing version 1.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the sf selectuser id parameter. Attackers can...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50908

Name of the Vulnerable Software and Affected Versions Comodo Dragon Browser versions prior to 52.15.25.664 Description The DragonUpdater service contains a privilege escalation flaw caused by an unquoted service path that runs with SYSTEM privileges. A local attacker can exploit this by placing a...

8.5CVSS6.2AI score0.00122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50673

UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...

7.1CVSS5.3AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50790

Name of the Vulnerable Software and Affected Versions deepstream versions prior to 10.0.5 Description A Prototype Pollution issue exists in the server, which allows clients and backend services to synchronize data, send messages, and make remote procedure calls RPCs at scale. Prototype Pollution...

9.9CVSS5.9AI score0.0027EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50708

Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 3.4.0 Description A null pointer dereference occurs in the hpack dht insert function within src/hpack-tbl.c because the return value of hpack dht defrag is not validated when the memory pool is exhausted. An attacker...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References30
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50627

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'groupids' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS5.8AI score0.00355EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50711

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.641 Description The Webmin HTTP server miniserv.pl improperly trusts a client-supplied HTTP header for SSL client certificate identity. This allows unauthenticated remote attackers to spoof certificate distinguished...

9.2CVSS6AI score0.00285EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50807

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.128 Description A cross-origin agent execution issue exists in the 'POST /agui' endpoint, allowing remote attackers to trigger arbitrary agent execution. The endpoint lacks authentication and utilizes hardcoded...

8.6CVSS6.2AI score0.00504EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50772

Name of the Vulnerable Software and Affected Versions JTL Shop versions 5.2.0 through 5.7.1 Description Unauthenticated attackers can inject malicious template syntax because unsanitized user-supplied input is passed to the Smarty template engine, a tool used to generate dynamic web content. This...

9.8CVSS6.1AI score0.00333EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50623

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editor assets variables. This makes it possible for authenticated attackers, with contributor-level access and...

4.3CVSS5.2AI score0.00243EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50642

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/admin/admin.config.php, the configuration update action 'a=update' processes POST data via cot config update options without calling cot check xg to...

8.8CVSS5.5AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50649

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...

6.4CVSS5.5AI score0.00205EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50645

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cot check x...

5.4CVSS5.3AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50636

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'embed' Episode Meta Field in all versions up to, and including, 11.16.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS5.4AI score0.00202EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50726

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Missing authorization in the content management system allows authenticated users to retrieve information for arbitrary published pages. By knowing or guessing page IDs or...

7.1CVSS6AI score0.00269EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50665

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

8.6CVSS5.3AI score0.00318EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50656

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

9.8CVSS5.8AI score0.00587EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50732

Impact A denial-of-service DoS vulnerability exists in the factorial operator implementation of NCalc. Specially crafted expressions containing extremely large factorial operands can trigger excessive CPU consumption or cause evaluation to enter a non-terminating loop due to integer overflow in t...

4.8CVSS5.6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50652

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations...

7.1CVSS5.3AI score0.00319EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50713

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.641 Description Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header. This behavior allows the bypass of additional multi-factor authentication MFA...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50787

Name of the Vulnerable Software and Affected Versions Coturn versions prior to 4.10.0 Description A stack buffer overflow exists in the decode oauth token gcm function. A nonce len field, read from an attacker-supplied OAuth access token, is passed to memcpy as the copy length into a 256-byte sta...

9.8CVSS6.7AI score0.0045EPSS
Exploits1References13
Total number of security vulnerabilities5000