Lucene search
K
PtsecurityMost viewed

184379 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49347

Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...

7.5CVSS5.2AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49525

Unauthenticated Path Traversal in FastDup = 2.7.2 versions...

9.6CVSS5.2AI score0.00436EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49575

Name of the Vulnerable Software and Affected Versions launch-editor versions prior to 2.14.1 Description The launch-editor NPM package allows the access of arbitrary paths, including Windows UNC Universal Naming Convention paths. On Windows systems, accessing a UNC path triggers an automatic NTLM...

5.5CVSS6AI score0.00322EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49546

Name of the Vulnerable Software and Affected Versions Canon EOS Network Setting Tool versions prior to 1.5.1 Description The software contains hard-coded cryptographic keys, which are fixed keys embedded directly into the source code, potentially allowing unauthorized decryption or authentication...

9.8CVSS6.6AI score0.00232EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49390

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49550

Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...

5.2AI score0.00112EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49615

CVE ID :CVE-2026-54294 Published : June 15, 2026, 6:33 p.m. | 1 hour, 17 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.2AI score0.00045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49230

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS5.2AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49237

Name of the Vulnerable Software and Affected Versions WooCommerce PDF Invoice Builder versions prior to 2.0.9 Description Improper Control of Generation of Code allows Remote Code Inclusion, enabling an unauthenticated attacker to perform full code injection via remote file inclusion...

10CVSS5.5AI score0.00314EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49529

Name of the Vulnerable Software and Affected Versions i18next-http-middleware versions prior to 3.9.7 i18next-fs-backend versions 2.6.5 and earlier Description The missingKeyHandler in i18next-http-middleware fails to reject dotted variants of restricted keys, such as proto .polluted, while only...

9.1CVSS5.3AI score0.00419EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49556

Name of the Vulnerable Software and Affected Versions @babel/core versions prior to 7.29.6 @babel/core versions prior to 8.0.0-rc.6 Description Compiling maliciously crafted code using @babel/core can allow an attacker to read any source map from the system. This occurs when the attacker controls...

3.6CVSS5.9AI score0.00116EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49559

If the HTML you give it contains a element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly skips over the shadow contents. Whatever the attacker put in there - an image with an onerror handler, a link with a javascript: URL, even a full script -...

5.1CVSS5.1AI score0.00038EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49214

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete backup file and download backup file parameters in tools.php. Attackers can exploit insufficient input validation...

8.7CVSS5.5AI score0.00601EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49197

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation,...

7.1CVSS5.4AI score0.00394EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49095

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The XML-RPC server implemented in glances/server.py and started with glances -s fails to validate the HTTP Host header. This allows a DNS rebinding attack, where an attacker can bypass the same-origi...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49084

Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer versions prior to 2.1.0 Description Incorrect Authorization exists in the Page Builder: Pagelayer plugin. The pagelayer save content AJAX handler allows users with basic post-edit capabilities to persist pagelayer conta...

4.3CVSS5.4AI score0.00204EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49168

Name of the Vulnerable Software and Affected Versions runc versions prior to 1.3.6 runc versions prior to 1.4.3 runc versions prior to 1.5.0-rc.3 Description A flaw involving a /dev symlink allows a malicious container image to obtain limited write access to the host filesystem. This issue occurs...

3.3CVSS5.2AI score0.00222EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49079

Name of the Vulnerable Software and Affected Versions Store Locator WordPress plugin versions prior to 1.6.9 Description Insufficient sanitization and escaping of store logo metadata before it is stored and displayed on the admin page allows high-privileged users, such as administrators, to execu...

3.5CVSS5.4AI score0.00145EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49094

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The XML-RPC server glances -s contains a misconfiguration in its Cross-Origin Resource Sharing CORS implementation. When the cors origins variable is configured with more than one entry, the system...

7.4CVSS5.9AI score0.00401EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49097

SQL Injection in reports/catalogue out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary...

7.6CVSS9AI score0.00244EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49100

Name of the Vulnerable Software and Affected Versions CodeAstro Student Attendance Management System version 1.0 Description An issue exists in the file '/attendance-php/Admin/createStudents.php' where manipulating the admissionNumber argument allows for SQL injection, which is a technique used t...

5.8CVSS5.3AI score0.00214EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49118

Name of the Vulnerable Software and Affected Versions Tornado versions prior to 6.5.6 Description When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest and removes only the Host header. It fails to clear the Authorization header, auth username, auth passwor...

7.7CVSS5.2AI score0.00034EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48889

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4...

6.9CVSS5.2AI score0.00312EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48895

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS5.2AI score0.00345EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48983

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description Chat events for public category channels are published to the MessageBus without permission scoping. This allows any MessageBus...

7.5CVSS5.3AI score0.00259EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48967

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description Command injection is possible within the subshell through the terminal error mechanism. A specific escape code triggers an error that is not properly escaped and is echoed back to the terminal with...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48966

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An improper authorization issue allows an authenticated organization administrator to access or modify user settings of site administrator accounts within the same organization. This occurs...

5.1CVSS5.1AI score0.00254EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-49058

Name of the Vulnerable Software and Affected Versions gorest affected versions not specified Description A race condition exists in the InMemorySecret2FA in-memory 2FA secret store due to the use of a bare Go map without proper synchronization. Multiple HTTP handlers concurrently read from, write...

5.9CVSS5.9AI score0.00051EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48896

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions...

8.8CVSS5AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48987

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 through 2026.3.0 Discourse versions 2026.4.0 through 2026.4.0 Description An issue exists in the Jobs::RedeliverWebHookEvents function where the MessageBus.publish call f...

4.3CVSS5.2AI score0.00211EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48999

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An issue in the non-REST event editing path allows an authenticated user with event edit permissions to manipulate submitted form data. By tampering with the event edit request, a user can set t...

6.1CVSS5.2AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48936

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11.6.2 Mattermost versions prior to 11.5.5 Mattermost versions prior to 10.11.17 Description A failure to validate that a username returned during bot registration belongs to a bot account allows an unprivileged...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48866

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

7.5CVSS7AI score0.00288EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-49036

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description An identity header validation issue allows local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply these forged headers...

7.7CVSS5.2AI score0.00102EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-49035

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description A policy enforcement issue exists in the system.run safe-bin allowlist validation on POSIX nodes. This flaw allows shell expansion to modify how commands are interpreted. Authenticated operators...

8.3CVSS5.2AI score0.00191EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-49041

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description Improper access control in Mattermost event handlers occurs due to a failure to validate channel type metadata. This allows attackers to bypass intended Direct Message DM policy decisions by...

6.3CVSS5.2AI score0.00189EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48959

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

6.9CVSS5.3AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48890

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS5.2AI score0.00321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-49019

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25020100 AVG Antivirus versions prior to VPS 25020100 Norton Antivirus versions prior to VPS 25020100 Avast One versions prior to VPS 25020100 Avast Business Antivirus versions prior to VPS 25020100...

5.5CVSS5.3AI score0.00113EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48915

Aqara Home Android com.lumiunited.aqarahome 6.0.0 and white-label clients embedding the same liblumidevsdk.so uses hard-coded cryptographic keys, which is an instance of "CWE-321: Use of Hard-coded Cryptographic Key" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1...

9.1CVSS5.2AI score0.00287EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-49051

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

6.5CVSS6.3AI score0.01254EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48986

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description A path traversal issue exists in the backup handling of this open-source...

6.8CVSS5.1AI score0.00323EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48834

openSUSE released security advisories for CVE-2026-0183 in RoundcubeMail and CVE-2025-3548 in Assimp, addressing XSS/SQL injection and denial-of-service flaws in SLE-15-SP6 and SP7 backports, Linuxsecurity reported. https://t.co/mZCkbHBQjS...

5.3CVSS5.7AI score0.00245EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48964

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.5.0 Description Several endpoints in this open-source personal finance application are affected by path traversal, a condition where an attacker can access files and directories that are stored outside the web root...

5.3CVSS5.3AI score0.00303EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48858

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective permissions in the channel where the command is run. A user denied channel-level moderation permissio...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-49046

Name of the Vulnerable Software and Affected Versions Avira Antivirus versions prior to 8.3.70.104 Description A heap buffer out-of-bounds write occurs due to an integer overflow in the antivirus engine when scanning a malformed MS-DOS executable file. This can lead to local execution of code or ...

7.8CVSS5.8AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48843

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw exists in the virtio-blk device where the system fails to properly validate the size of input descriptors before writing data. A malicious guest with high privileges can exploit this by...

6.7CVSS6AI score0.00121EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48788

Name of the Vulnerable Software and Affected Versions Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2 Idira Privileged Session Manager for SSH PSMP versions prior to 14.6.3 Idira Privileged Session Manager for SSH PSMP versions prior to 14.2.5 Idira Privileged Session Manag...

8.8CVSS5.7AI score0.0055EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48675

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

8.8CVSS5.5AI score0.00343EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48677

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process e.g. lodash .merge / CVE-2018-16487, axios silently picks up the...

8.2CVSS5.5AI score0.00287EPSS
Exploits1References4
Total number of security vulnerabilities5000