Lucene search
K
PtsecurityMost viewed

184377 matches found

Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•18 views

PT-2026-49758

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description Exported session HTML preserves unsafe javascript: and data: links in generated content. This allows for the execution of browser-side scripts if a trusted operator opens the exported file and...

6.1CVSS5.5AI score0.00188EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•18 views

PT-2026-49807

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.5AI score0.00285EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•18 views

PT-2026-50041

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Cost Management versions 12.2.3 through 12.2.15 Description An issue exists in the Cost Planning component of the Oracle Cost Management product. A high privileged attacker with network access via HTTP can exploi...

7.2CVSS5.8AI score0.00453EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•18 views

PT-2026-50101

Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•18 views

PT-2026-50051

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Quality versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Quality product. A low privileged attacker with network access via HTTP can exploit this flaw...

8.8CVSS5.9AI score0.00402EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•18 views

PT-2026-49963

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Metadata Plugin component of the Oracle Enterprise Manager Base Platform. A low privileged attacker wi...

9.9CVSS5.8AI score0.00441EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•18 views

PT-2026-49945

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.8CVSS5.3AI score0.00473EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•18 views

PT-2026-49647

Unauthenticated Cross Site Scripting XSS in Pods = 3.3.8 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•18 views

PT-2026-50071

Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

8.8CVSS5.3AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•18 views

PT-2026-50007

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions V15 through V16 Description An issue in the Core component of the Oracle Enterprise Command Center Framework allows a low privileged attacker with network access via HTTPS to compromise the...

9.9CVSS5.8AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49402

Subscriber Broken Access Control in RepairBuddy = 4.1132 versions...

6.5CVSS5.1AI score0.00326EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49301

Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...

8.4CVSS5.2AI score0.00118EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49342

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.10.0 Description The Shareable Playground feature, also known as Public Flows, allows unauthenticated users to execute workflows via a public link. A flaw in this feature enables arbitrary file reading depending on...

6.1CVSS6.1AI score0.00249EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49467

Unauthenticated Other Vulnerability Type in WpEvently = 5.3.3 versions...

7.5CVSS5.2AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49276

A heap use-after-free in the gf node get tag function scenegraph/base scenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.3AI score0.00188EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49527

Name of the Vulnerable Software and Affected Versions Socket versions prior to 2.041 Description An out-of-bounds heap read exists in the pack ip mreq source function. The issue occurs because the function validates the length of the source argument using the byte length of the preceding multiadd...

9.1CVSS5.1AI score0.00389EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49231

Name of the Vulnerable Software and Affected Versions Cornerstone versions prior to 7.8.8 Description A flaw allows a user with subscriber privileges to achieve arbitrary code execution, which is the ability to run unauthorized commands or code on the host system. Recommendations Update to versio...

8.5CVSS5.6AI score0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49492

Name of the Vulnerable Software and Affected Versions Amelia versions prior to 2.4 Description A privilege escalation issue exists where users with Subscriber roles can gain higher privileges. Recommendations Update to a version later than 2.3...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49472

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.13.0 Description The 'ValidateArgumentType' RPC endpoint in service/internal/api/api.go lacks authentication and authorization checks, failing to call auth.UserFromApiCall or checkDashboardAccess. Even when...

3.7CVSS5.8AI score0.00328EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49187

Name of the Vulnerable Software and Affected Versions OttoKit versions prior to 1.1.28 Description Unauthenticated PHP Object Injection occurs in the software. PHP Object Injection is a vulnerability that allows an attacker to pass malicious serialized objects into the application, which can lead...

9.8CVSS6AI score0.00383EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49568

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description An issue in the @angular/core package allows bypassing script-execution restrictions during...

5.3CVSS6AI score0.00238EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49347

Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...

7.5CVSS5.2AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49415

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49525

Unauthenticated Path Traversal in FastDup = 2.7.2 versions...

9.6CVSS5.2AI score0.00436EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49575

Name of the Vulnerable Software and Affected Versions launch-editor versions prior to 2.14.1 Description The launch-editor NPM package allows the access of arbitrary paths, including Windows UNC Universal Naming Convention paths. On Windows systems, accessing a UNC path triggers an automatic NTLM...

5.5CVSS6AI score0.00322EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49546

Name of the Vulnerable Software and Affected Versions Canon EOS Network Setting Tool versions prior to 1.5.1 Description The software contains hard-coded cryptographic keys, which are fixed keys embedded directly into the source code, potentially allowing unauthorized decryption or authentication...

9.8CVSS6.6AI score0.00232EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49230

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS5.2AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49237

Name of the Vulnerable Software and Affected Versions WooCommerce PDF Invoice Builder versions prior to 2.0.9 Description Improper Control of Generation of Code allows Remote Code Inclusion, enabling an unauthenticated attacker to perform full code injection via remote file inclusion...

10CVSS5.5AI score0.00314EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49529

Name of the Vulnerable Software and Affected Versions i18next-http-middleware versions prior to 3.9.7 i18next-fs-backend versions 2.6.5 and earlier Description The missingKeyHandler in i18next-http-middleware fails to reject dotted variants of restricted keys, such as proto .polluted, while only...

9.1CVSS5.3AI score0.00419EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49245

Name of the Vulnerable Software and Affected Versions Fortra Core Privileged Access Manager affected versions not specified Description An OS command injection issue exists in the boks autoregisterd service. A remote attacker with network access to this service can execute commands with the...

9.8CVSS5.8AI score0.00865EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49556

Name of the Vulnerable Software and Affected Versions @babel/core versions prior to 7.29.6 @babel/core versions prior to 8.0.0-rc.6 Description Compiling maliciously crafted code using @babel/core can allow an attacker to read any source map from the system. This occurs when the attacker controls...

3.6CVSS5.9AI score0.00116EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49615

CVE ID :CVE-2026-54294 Published : June 15, 2026, 6:33 p.m. | 1 hour, 17 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.2AI score0.00045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49559

If the HTML you give it contains a element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly skips over the shadow contents. Whatever the attacker put in there - an image with an onerror handler, a link with a javascript: URL, even a full script -...

5.1CVSS5.1AI score0.00038EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•18 views

PT-2026-49214

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete backup file and download backup file parameters in tools.php. Attackers can exploit insufficient input validation...

8.7CVSS5.5AI score0.00601EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•18 views

PT-2026-49096

Name of the Vulnerable Software and Affected Versions glances affected versions not specified Description The secure popen function in glances/secure.py improperly interprets shell-like operators, specifically file redirection, | pipe, and && command chaining, within command strings. When...

7.8CVSS6.2AI score0.00184EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•18 views

PT-2026-49095

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The XML-RPC server implemented in glances/server.py and started with glances -s fails to validate the HTTP Host header. This allows a DNS rebinding attack, where an attacker can bypass the same-origi...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•18 views

PT-2026-49084

Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer versions prior to 2.1.0 Description Incorrect Authorization exists in the Page Builder: Pagelayer plugin. The pagelayer save content AJAX handler allows users with basic post-edit capabilities to persist pagelayer conta...

4.3CVSS5.4AI score0.00204EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•18 views

PT-2026-49168

Name of the Vulnerable Software and Affected Versions runc versions prior to 1.3.6 runc versions prior to 1.4.3 runc versions prior to 1.5.0-rc.3 Description A flaw involving a /dev symlink allows a malicious container image to obtain limited write access to the host filesystem. This issue occurs...

3.3CVSS5.2AI score0.00222EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•18 views

PT-2026-49079

Name of the Vulnerable Software and Affected Versions Store Locator WordPress plugin versions prior to 1.6.9 Description Insufficient sanitization and escaping of store logo metadata before it is stored and displayed on the admin page allows high-privileged users, such as administrators, to execu...

3.5CVSS5.4AI score0.00145EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•18 views

PT-2026-49094

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The XML-RPC server glances -s contains a misconfiguration in its Cross-Origin Resource Sharing CORS implementation. When the cors origins variable is configured with more than one entry, the system...

7.4CVSS5.9AI score0.00401EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•18 views

PT-2026-49097

SQL Injection in reports/catalogue out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary...

7.6CVSS9AI score0.00244EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•18 views

PT-2026-49100

Name of the Vulnerable Software and Affected Versions CodeAstro Student Attendance Management System version 1.0 Description An issue exists in the file '/attendance-php/Admin/createStudents.php' where manipulating the admissionNumber argument allows for SQL injection, which is a technique used t...

5.8CVSS5.3AI score0.00214EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•18 views

PT-2026-49118

Name of the Vulnerable Software and Affected Versions Tornado versions prior to 6.5.6 Description When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest and removes only the Host header. It fails to clear the Authorization header, auth username, auth passwor...

7.7CVSS5.2AI score0.00034EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•18 views

PT-2026-48889

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4...

6.9CVSS5.2AI score0.00312EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•18 views

PT-2026-48895

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS5.2AI score0.00345EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•18 views

PT-2026-48983

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description Chat events for public category channels are published to the MessageBus without permission scoping. This allows any MessageBus...

7.5CVSS5.3AI score0.00259EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•18 views

PT-2026-49005

Name of the Vulnerable Software and Affected Versions @apostrophecms/seo versions prior to 1.4.3 Description Stored Cross-Site Scripting XSS occurs when the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager direct...

8.7CVSS5.5AI score0.0021EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•18 views

PT-2026-48967

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description Command injection is possible within the subshell through the terminal error mechanism. A specific escape code triggers an error that is not properly escaped and is echoed back to the terminal with...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•18 views

PT-2026-48966

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An improper authorization issue allows an authenticated organization administrator to access or modify user settings of site administrator accounts within the same organization. This occurs...

5.1CVSS5.1AI score0.00254EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•18 views

PT-2026-49058

Name of the Vulnerable Software and Affected Versions gorest affected versions not specified Description A race condition exists in the InMemorySecret2FA in-memory 2FA secret store due to the use of a bare Go map without proper synchronization. Multiple HTTP handlers concurrently read from, write...

5.9CVSS5.9AI score0.00051EPSS
Exploits0References5
Total number of security vulnerabilities5000