Lucene search
K
PtsecurityMost viewed

184382 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50910

Name of the Vulnerable Software and Affected Versions NetDrive version 2.6.12 Description An unquoted service path issue exists in the Netdrive2 Service Netdrive2 service. This allows local users to execute arbitrary code with SYSTEM privileges by placing malicious executables in the system root...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50923

Name of the Vulnerable Software and Affected Versions AVAST Antivirus version 25.11 Description The SecureLine service contains an unquoted service path, which occurs when a service executable path contains spaces and is not enclosed in quotation marks. This allows local non-privileged users to...

8.5CVSS5.9AI score0.00127EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-51034

Name of the Vulnerable Software and Affected Versions Azure Synapse affected versions not specified Description Execution with unnecessary privileges allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version th...

9.9CVSS5.9AI score0.005EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50948

Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description The GridTime 3000 GNSS Time Server contains an open redirect issue within the password change form submission. An open redirect occurs when an application takes a user-provided URL an...

5.3CVSS5.9AI score0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50988

Name of the Vulnerable Software and Affected Versions Joomla! Component J-BusinessDirectory version 4.9.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the type parameter via GET requests to the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50928

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel BPF reuseport program handling. When a UDP reuseport group uses a cBPF program and that program is replaced or detached via the setsocko...

7.8CVSS5.8AI score0.00104EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50831

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where the software lacks handler call depth tracking for calls to the XML ResumeParser function when called from within handlers during a policy violation. This can lead to a...

4.9CVSS5.7AI score0.00135EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50919

Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot...

8.5CVSS6AI score0.0012EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50953

Name of the Vulnerable Software and Affected Versions Joomla Ultimate Property Listing version 1.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the sf selectuser id parameter. Attackers can...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50908

Name of the Vulnerable Software and Affected Versions Comodo Dragon Browser versions prior to 52.15.25.664 Description The DragonUpdater service contains a privilege escalation flaw caused by an unquoted service path that runs with SYSTEM privileges. A local attacker can exploit this by placing a...

8.5CVSS6.2AI score0.00122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50673

UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...

7.1CVSS5.3AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50790

Name of the Vulnerable Software and Affected Versions deepstream versions prior to 10.0.5 Description A Prototype Pollution issue exists in the server, which allows clients and backend services to synchronize data, send messages, and make remote procedure calls RPCs at scale. Prototype Pollution...

9.9CVSS5.9AI score0.0027EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50708

Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 3.4.0 Description A null pointer dereference occurs in the hpack dht insert function within src/hpack-tbl.c because the return value of hpack dht defrag is not validated when the memory pool is exhausted. An attacker...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References30
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50627

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'groupids' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS5.8AI score0.00355EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50711

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.641 Description The Webmin HTTP server miniserv.pl improperly trusts a client-supplied HTTP header for SSL client certificate identity. This allows unauthenticated remote attackers to spoof certificate distinguished...

9.2CVSS6AI score0.00285EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50807

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.128 Description A cross-origin agent execution issue exists in the 'POST /agui' endpoint, allowing remote attackers to trigger arbitrary agent execution. The endpoint lacks authentication and utilizes hardcoded...

8.6CVSS6.2AI score0.00504EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50772

Name of the Vulnerable Software and Affected Versions JTL Shop versions 5.2.0 through 5.7.1 Description Unauthenticated attackers can inject malicious template syntax because unsanitized user-supplied input is passed to the Smarty template engine, a tool used to generate dynamic web content. This...

9.8CVSS6.1AI score0.00333EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50623

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editor assets variables. This makes it possible for authenticated attackers, with contributor-level access and...

4.3CVSS5.2AI score0.00243EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50642

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/admin/admin.config.php, the configuration update action 'a=update' processes POST data via cot config update options without calling cot check xg to...

8.8CVSS5.5AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50649

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...

6.4CVSS5.5AI score0.00205EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50645

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cot check x...

5.4CVSS5.3AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50692

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file and process the video, such as looping it 5 times or extending the time, and finally writing it t...

8.7CVSS5.3AI score0.00343EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50636

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'embed' Episode Meta Field in all versions up to, and including, 11.16.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS5.4AI score0.00202EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50726

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Missing authorization in the content management system allows authenticated users to retrieve information for arbitrary published pages. By knowing or guessing page IDs or...

7.1CVSS6AI score0.00269EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50665

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

8.6CVSS5.3AI score0.00318EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50656

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

9.8CVSS5.8AI score0.00587EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50732

Impact A denial-of-service DoS vulnerability exists in the factorial operator implementation of NCalc. Specially crafted expressions containing extremely large factorial operands can trigger excessive CPU consumption or cause evaluation to enter a non-terminating loop due to integer overflow in t...

4.8CVSS5.6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50652

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations...

7.1CVSS5.3AI score0.00319EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50713

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.641 Description Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header. This behavior allows the bypass of additional multi-factor authentication MFA...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50787

Name of the Vulnerable Software and Affected Versions Coturn versions prior to 4.10.0 Description A stack buffer overflow exists in the decode oauth token gcm function. A nonce len field, read from an attacker-supplied OAuth access token, is passed to memcpy as the copy length into a 256-byte sta...

9.8CVSS6.7AI score0.0045EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50699

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

5.9AI score0.01316EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50709

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.468 Description An issue exists in the unauthenticated 'POST /api/onboarding/oauth/start' endpoint that allows for unbounded accumulation of in-memory flow state and daemon threads. This can lead to resource...

6.9CVSS5.9AI score0.00301EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50791

Name of the Vulnerable Software and Affected Versions Guzzle versions prior to 7.12.1 Description In certain configurations, traffic intended to be protected by TLS on the hop to the proxy is transmitted in cleartext. This occurs when an application uses the built-in cURL handlers...

5.9CVSS5.9AI score0.00106EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50740

Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0 through 4.15.1 Zitadel versions 3.0.0 through 3.4.11 Description A Server-Side Request Forgery SSRF issue exists in components that handle outgoing HTTP requests, specifically HTTP Notification Channels, OIDC BackChannel...

2.3CVSS6AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50723

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites and plugins that process untrusted input using the writer or list fields, or specific sanitization methods, are subject to stored cross-site scripting XSS. XSS...

8.5CVSS6AI score0.00409EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50688

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.71.0 Description The AI chat renders Markdown image tags from AI responses, which triggers unrestricted HTTP requests to arbitrary external URLs. When combined with prompt injection in a malicious workspace, a...

6.7CVSS6AI score0.00181EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50773

Истекает время жизни сертификата, которым заверен загрузчик для UEFI Secure Boot в дистрибутивах Linux Срок действия сертификата Microsoft, используемого для заверения загрузчика Shim в дистрибутивах Linux для UEFI Secure Boot, истекает в конце июня. Это событие не повлияет на загрузку существующ...

5.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50571

Name of the Vulnerable Software and Affected Versions ThingsBoard affected versions not specified Description Prototype pollution occurs when an attacker can manipulate the prototype of an object, potentially leading to arbitrary code execution within a sandboxed context. This issue can be...

8.6CVSS7.6AI score0.00603EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50355

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

7.5CVSS5.2AI score0.00381EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50309

Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...

9.3CVSS5.8AI score0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50373

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7...

4.3CVSS5.2AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50295

Subscriber Broken Access Control in MetForm Pro = 3.9.1 versions...

4.3CVSS5.2AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50283

Unauthenticated Cross Site Scripting XSS in Skillate = 1.2.10 versions...

7.1CVSS5.1AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50469

picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the reduce trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable,...

7.1CVSS6.1AI score0.00434EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50311

Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...

7.5CVSS5.2AI score0.004EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50456

Name of the Vulnerable Software and Affected Versions undici versions 6.17.0 through 6.25.x undici versions 7.0.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description The WebSocket client fails to limit the number of fragments in a message, only enforcing the maxPayloadSize on the...

7.5CVSS5.3AI score0.00759EPSS
Exploits0References136
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50274

Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...

9.8CVSS5.4AI score0.00525EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50294

Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...

4.3CVSS5.2AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50411

Unauthenticated Local File Inclusion in Kastell = 2.0 versions...

8.1CVSS5.2AI score0.00428EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50289

Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Total number of security vulnerabilities5000