Lucene search
K
PtsecurityRecent

184382 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51701

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

5.8AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51683

Name of the Vulnerable Software and Affected Versions EntreDroppers versions prior to 1.1.3 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Reflected Cross-Site Scripting. This occurs when the PHP SELF parameter reflects attacker-controll...

6.1CVSS6AI score0.00205EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51822

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51845

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the drm/xe/dma-buf subsystem involving race conditions when handling the invalidate mappings hook during buffer object initialization and attachment. These races occur...

7.8CVSS5.9AI score0.00132EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52114

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description An authenticated user can craft outbound requests that reach loopback-bound services inside the container. This occurs because the outbound HTTP host filter applied by WebClientUtils used by the REST...

9.1CVSS5.8AI score0.0022EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52094

🚨 CVE-2026-45689 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an unauthenticated network attacker obtains a valid Rocket.Chat OAuth access token for an arbitrary user by sending a single...

9.1CVSS6AI score0.00308EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51961

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the pci epf alloc doorbell function where the allocated doorbell message array is stored in epf-db msg and epf-num db before MSI vectors are requested. If the MSI...

6AI score0.00154EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51925

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF Berkeley Packet Filter subsystem where the arena alloc pages function accepts an integer node id and forwards it through the allocation chain without performin...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51922

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An error pointer dereference exists in the USB Type-C subsystem. The cd321x update work function checks if the tps-partner variable is an error pointer; however, if an error is detected,...

6.1AI score0.00166EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-51924

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Renesas I3C master driver. The xfer structure allocated by the renesas i3c alloc xfer function is not properly freed within the renesas i3c i3c xfers function...

6AI score0.00166EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51843

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/ttm component where a backup failure can lead to an infinite LRU Least Recently Used walk within the ttm bo shrink function. This occurs because the del bulk...

5.9AI score0.00162EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52008

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where the perf allow kernel function is called from the IBS NMI handler. Calling this function within the NMI Non-Maskable Interrupt context is unsafe...

6.8CVSS6AI score0.00154EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51771

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52096

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Rocket.Chat versions prior to 8.4.1 Rocket.Chat versions prior to 8.3.3 Rocket.Chat versions prior to 8.2.3 Rocket.Chat versions prior to 8.1.4 Rocket.Chat versions prior to 8.0.5 Rocket.Chat versions prior ...

9.3CVSS5.7AI score0.00149EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52117

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

7.4CVSS5.8AI score0.00243EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51973

In the Linux kernel, the following vulnerability has been resolved: net sched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdisc run end, it operates on the root qdisc. If the root qdisc do not implement the TCQ F DEQUEUE DROPS flag the packe...

5.7AI score0.00145EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51911

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A data loss issue exists in the f2fs file system when fsync is performed on a newly created file concurrently with a checkpoint operation. The problem occurs because the f2fs need inode...

6AI score0.00162EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51913

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An inverted condition exists in the ccu mix trigger fc function. This flaw causes the system to skip the frequency change trigger, which can lead to kernel panics during cpufreq scaling,...

6AI score0.00166EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52036

Name of the Vulnerable Software and Affected Versions AnythingLLM versions 1.11.1 through 1.14.0 Description An issue exists where the application fails to perform ownership checks when deleting parsed files. Specifically, the 'POST /api/workspace/:slug/embed-parsed-file/:fileId' endpoint deletes...

5.8AI score0.00236EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52074

Name of the Vulnerable Software and Affected Versions @tryghost/activitypub versions prior to 3.1.0 Description The ActivityPub client in Ghost is susceptible to JavaScript injection. This occurs when the client processes posts shared by a maliciously customized ActivityPub server, allowing the...

7.5CVSS6.1AI score0.00204EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51768

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...

9.3CVSS6AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51780

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51765

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51769

Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52089

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.52 Description The Fill Text Template block is susceptible to a Denial of Service DoS attack. Although the backend utilizes a SandboxedEnvironment to block unauthorized attribute access, such as class , it does no...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52126

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue exists where the software fails to properly verify cryptographic signatures, allowing authenticated remote attackers to execute arbitrary code in the context of SYSTEM. The flaw ...

7.2CVSS7.4AI score0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51736

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52121

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description A directory traversal flaw exists in the updateLicense method, where a lack of proper validation of user-supplied paths allows authenticated remote attackers to delete arbitrary files. Th...

6.5CVSS6.2AI score0.01195EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52122

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description A directory traversal flaw exists in the uploadSSL method, where the system fails to properly validate user-supplied paths before performing file operations. This allows authenticated...

6.5CVSS6.3AI score0.01195EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52179

Summary Description An Improper Authorization CWE-285 issue in OpenAM's Liberty Web Services SOAP receiver allows an unauthenticated remote attacker to write persistent entries into the Liberty Discovery store on any user's LDAP entry, and into a shared root-realm Discovery branch. This impacts...

9.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-51668

Name of the Vulnerable Software and Affected Versions Post Duplicator versions prior to 3.0.15 Description Users with Contributor-level access and above can perform a PHP Object Injection. This occurs because the plugin fails to safely handle custom meta-data during post duplication, storing...

7.2CVSS5.8AI score0.003EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52090

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description FOSSBilling exposes a guest API endpoint '/api/guest/staff/create' designed for initial administrator bootstrap. A flawed guard check using the is countable function on a value that returns a Mod...

9.3CVSS5.8AI score0.00289EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52051

Out of bounds read and write in BlinkInterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.3AI score0.0026EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51666

Name of the Vulnerable Software and Affected Versions AI Share & Summarize versions prior to 2.0.4 Description Users with the Contributor role and above can perform Stored Cross-Site Scripting XSS attacks. This occurs because the plugin fails to sanitize and escape certain shortcode attributes,...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51827

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Reflected Cross-Site Scripting XSS issue occurs in the dashboard-view component due to improper neutralization of user-controlled input during breadcrumb rendering. Reflected XSS is a type of...

5.1CVSS5.8AI score0.00268EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51664

Name of the Vulnerable Software and Affected Versions Email JavaScript Cloak versions prior to 1.04 Description The Email JavaScript Cloak plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user-supplied...

7.2CVSS6AI score0.00264EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51688

Name of the Vulnerable Software and Affected Versions MIR blocks and shortcodes versions prior to 1.0.1 Description The MIR blocks and shortcodes plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with contributor-level access or higher can inject arbitrary...

6.4CVSS5.9AI score0.00187EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51681

Name of the Vulnerable Software and Affected Versions SearchPlus versions prior to 1.7.2 Description The SearchPlus plugin for WordPress allows unauthenticated users to modify or delete stored data. This occurs because the searchplus save token action callback and searchplus reset token action...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51670

Name of the Vulnerable Software and Affected Versions Bulk SEO Image versions prior to 1.2 Description The Bulk SEO Image plugin for WordPress is subject to Cross-Site Request Forgery. This occurs because the settings page handler BulkSeoImage lacks proper nonce validation—a security token used t...

4.3CVSS5.6AI score0.00128EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51700

Name of the Vulnerable Software and Affected Versions WP Meta SEO versions prior to 4.5.19 Description Unauthenticated Stored Cross-Site Scripting occurs when the wpmsTemplateRedirect hook detects a 404 error. The plugin concatenates $ SERVER'HTTP HOST' with the raw $ SERVER'REQUEST URI' and...

7.2CVSS6AI score0.00241EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51675

Name of the Vulnerable Software and Affected Versions SignUp & SignIn plugin for WordPress versions prior to 1.0.1 Description The SignUp & SignIn plugin for WordPress contains an authentication bypass that allows unauthenticated attackers to take over any account, including administrator account...

9.8CVSS5.9AI score0.00454EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51684

Name of the Vulnerable Software and Affected Versions Advance Nav Menu Manager versions prior to 1.4 Description The Advance Nav Menu Manager plugin for WordPress contains an authorization bypass. The issue occurs because the plugin fails to properly verify if a user is authorized to perform...

4.3CVSS5.6AI score0.00227EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51673

Name of the Vulnerable Software and Affected Versions URL Preview plugin for WordPress versions prior to 1.1 Description The plugin is susceptible to Server-Side Request Forgery SSRF, a flaw where an attacker can force the server to make requests to an unintended location. Unauthenticated attacke...

7.2CVSS5.9AI score0.00281EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51698

Name of the Vulnerable Software and Affected Versions Reviews and Rating – Docplanner plugin for WordPress versions prior to 1.1.5 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers wi...

4.3CVSS5.6AI score0.00307EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51766

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled app id supplied in the request body and never verify that the job...

7.6CVSS6.1AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51785

Name of the Vulnerable Software and Affected Versions hono versions prior to 4.12.14 Description An HTML injection issue exists in the JSX server-side rendering SSR process. Attackers can inject unintended HTML by using malformed attribute names. By crafting attribute keys that include characters...

5.3CVSS5.9AI score0.00174EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51702

Name of the Vulnerable Software and Affected Versions Cornerstone WordPress plugin versions prior to 7.8.8 Description The premium Cornerstone page builder, bundled with the X theme, fails to enforce capability checks on a CSS-preview request handler. Additionally, the nonce required to call this...

7.7CVSS5.9AI score0.00219EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51689

Name of the Vulnerable Software and Affected Versions Osiris Signature Banner versions prior to 0.6 Description The Osiris Signature Banner plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because of missing or incorrect nonce validation—a security token used to...

6.1CVSS5.6AI score0.00135EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51958

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.19.0-rc7 Description In passthrough mode, a null pointer dereference occurs when dm-cache attempts to invalidate a cache entry while a concurrent write to the same cached block causes the bio prison cell lock to fail. In...

5.6CVSS6AI score0.00176EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51662

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description OS command injection flaws exist in the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending a specially...

9.1CVSS6.1AI score0.01684EPSS
Exploits0References6
Total number of security vulnerabilities184382