Lucene search
K
PtsecurityRecent

184379 matches found

Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52089

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.52 Description The Fill Text Template block is susceptible to a Denial of Service DoS attack. Although the backend utilizes a SandboxedEnvironment to block unauthorized attribute access, such as class , it does no...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-52126

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue exists where the software fails to properly verify cryptographic signatures, allowing authenticated remote attackers to execute arbitrary code in the context of SYSTEM. The flaw ...

7.2CVSS7.4AI score0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51736

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•5 views

PT-2026-52121

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description A directory traversal flaw exists in the updateLicense method, where a lack of proper validation of user-supplied paths allows authenticated remote attackers to delete arbitrary files. Th...

6.5CVSS6.2AI score0.01195EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-52122

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description A directory traversal flaw exists in the uploadSSL method, where the system fails to properly validate user-supplied paths before performing file operations. This allows authenticated...

6.5CVSS6.3AI score0.01195EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-52179

Summary Description An Improper Authorization CWE-285 issue in OpenAM's Liberty Web Services SOAP receiver allows an unauthenticated remote attacker to write persistent entries into the Liberty Discovery store on any user's LDAP entry, and into a shared root-realm Discovery branch. This impacts...

9.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•17 views

PT-2026-51668

Name of the Vulnerable Software and Affected Versions Post Duplicator versions prior to 3.0.15 Description Users with Contributor-level access and above can perform a PHP Object Injection. This occurs because the plugin fails to safely handle custom meta-data during post duplication, storing...

7.2CVSS5.8AI score0.003EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-52090

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description FOSSBilling exposes a guest API endpoint '/api/guest/staff/create' designed for initial administrator bootstrap. A flawed guard check using the is countable function on a value that returns a Mod...

9.3CVSS5.8AI score0.00289EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-52051

Out of bounds read and write in BlinkInterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.3AI score0.0026EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51666

Name of the Vulnerable Software and Affected Versions AI Share & Summarize versions prior to 2.0.4 Description Users with the Contributor role and above can perform Stored Cross-Site Scripting XSS attacks. This occurs because the plugin fails to sanitize and escape certain shortcode attributes,...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51827

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Reflected Cross-Site Scripting XSS issue occurs in the dashboard-view component due to improper neutralization of user-controlled input during breadcrumb rendering. Reflected XSS is a type of...

5.1CVSS5.8AI score0.00268EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51664

Name of the Vulnerable Software and Affected Versions Email JavaScript Cloak versions prior to 1.04 Description The Email JavaScript Cloak plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user-supplied...

7.2CVSS6AI score0.00264EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51688

Name of the Vulnerable Software and Affected Versions MIR blocks and shortcodes versions prior to 1.0.1 Description The MIR blocks and shortcodes plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with contributor-level access or higher can inject arbitrary...

6.4CVSS5.9AI score0.00187EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51681

Name of the Vulnerable Software and Affected Versions SearchPlus versions prior to 1.7.2 Description The SearchPlus plugin for WordPress allows unauthenticated users to modify or delete stored data. This occurs because the searchplus save token action callback and searchplus reset token action...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51670

Name of the Vulnerable Software and Affected Versions Bulk SEO Image versions prior to 1.2 Description The Bulk SEO Image plugin for WordPress is subject to Cross-Site Request Forgery. This occurs because the settings page handler BulkSeoImage lacks proper nonce validation—a security token used t...

4.3CVSS5.6AI score0.00128EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51665

Name of the Vulnerable Software and Affected Versions Cincopa video and media plug-in versions prior to 1.164 Description The Cincopa video and media plug-in for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the plugin processes the cincopa shortcode via a comment te...

7.2CVSS6AI score0.00297EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51700

Name of the Vulnerable Software and Affected Versions WP Meta SEO versions prior to 4.5.19 Description Unauthenticated Stored Cross-Site Scripting occurs when the wpmsTemplateRedirect hook detects a 404 error. The plugin concatenates $ SERVER'HTTP HOST' with the raw $ SERVER'REQUEST URI' and...

7.2CVSS6AI score0.00241EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51675

Name of the Vulnerable Software and Affected Versions SignUp & SignIn plugin for WordPress versions prior to 1.0.1 Description The SignUp & SignIn plugin for WordPress contains an authentication bypass that allows unauthenticated attackers to take over any account, including administrator account...

9.8CVSS5.9AI score0.00454EPSS
Exploits1References15
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51684

Name of the Vulnerable Software and Affected Versions Advance Nav Menu Manager versions prior to 1.4 Description The Advance Nav Menu Manager plugin for WordPress contains an authorization bypass. The issue occurs because the plugin fails to properly verify if a user is authorized to perform...

4.3CVSS5.6AI score0.00227EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51673

Name of the Vulnerable Software and Affected Versions URL Preview plugin for WordPress versions prior to 1.1 Description The plugin is susceptible to Server-Side Request Forgery SSRF, a flaw where an attacker can force the server to make requests to an unintended location. Unauthenticated attacke...

7.2CVSS5.9AI score0.00281EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51698

Name of the Vulnerable Software and Affected Versions Reviews and Rating – Docplanner plugin for WordPress versions prior to 1.1.5 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers wi...

4.3CVSS5.6AI score0.00307EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51766

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled app id supplied in the request body and never verify that the job...

7.6CVSS6.1AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51785

Name of the Vulnerable Software and Affected Versions hono versions prior to 4.12.14 Description An HTML injection issue exists in the JSX server-side rendering SSR process. Attackers can inject unintended HTML by using malformed attribute names. By crafting attribute keys that include characters...

5.3CVSS5.9AI score0.00174EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51717

Name of the Vulnerable Software and Affected Versions Linux kernel version 7.1.0-rc1-00305-gbd3a4795d574 Description A use-after-free issue exists in the SCTP implementation of the Linux kernel. When a Stale Cookie ERROR is received, the association is rolled back from COOKIE ECHOED to COOKIE WAI...

9.8CVSS5.8AI score0.00269EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51702

Name of the Vulnerable Software and Affected Versions Cornerstone WordPress plugin versions prior to 7.8.8 Description The premium Cornerstone page builder, bundled with the X theme, fails to enforce capability checks on a CSS-preview request handler. Additionally, the nonce required to call this...

7.7CVSS5.9AI score0.00219EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51689

Name of the Vulnerable Software and Affected Versions Osiris Signature Banner versions prior to 0.6 Description The Osiris Signature Banner plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because of missing or incorrect nonce validation—a security token used to...

6.1CVSS5.6AI score0.00135EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51958

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.19.0-rc7 Description In passthrough mode, a null pointer dereference occurs when dm-cache attempts to invalidate a cache entry while a concurrent write to the same cached block causes the bio prison cell lock to fail. In...

5.6CVSS6AI score0.00176EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51737

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in get directory by hash that allows any post to be used as a member directo...

8.8CVSS5.9AI score0.00499EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51786

The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before...

8.8CVSS6.2AI score0.00467EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51812

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

5.9AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51816

A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b 450b 1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS5.8AI score0.0011EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•6 views

PT-2026-51800

A cross-site request forgery CSRF vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b 84449 and earlier allows attackers to overwrite the global job priority configuration...

5.8AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51803

An incorrect permission check in Jenkins Gitee Plugin 1288.v18b deb c9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

5.9AI score0.0017EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-51808

A cross-site request forgery CSRF vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key...

5.8AI score0.00101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51811

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller...

6.3AI score0.0042EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52143

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description An authentication bypass issue exists within the 'viewclient' webpage due to improper validation of user-supplied data. This allows remote attackers to inject arbitrary scripts,...

8.8CVSS7.5AI score0.0067EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•8 views

PT-2026-51802

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18b deb c9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.8AI score0.00101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-52124

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue in the restoreDB function allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM. This occurs due to insufficient validation of a user-supplied...

7.2CVSS7.5AI score0.01477EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-51778

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limited to orgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, image url, role, and is tmp...

5.3CVSS5.9AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51981

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the bcmgenet network driver where free bds buffer descriptors are leaked. During the reclamation of the tx queue, the write pointer is fast-forwarded to drop data in...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•11 views

PT-2026-52087

Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw exists in the safepath package used by virt-handler. The OpenAtNoFollow function utilizes O PATH|O NOFOLLOW to obtain a file descriptor for a path leaf; however, subsequent operations...

7.3CVSS6AI score0.00122EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•15 views

PT-2026-52088

Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw exists in the KubeVirt virt-handler domain notify server. The gRPC handlers HandleDomainEvent and HandleK8SEvent determine the VMI identity namespace/name based only on the request...

6.5CVSS5.8AI score0.0009EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51654

Name of the Vulnerable Software and Affected Versions GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default on UDP port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes a UDP message and performs an unsafe...

10CVSS6.8AI score0.00436EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-51656

Name of the Vulnerable Software and Affected Versions GeoVision GV-VMS V20 version 20.0.2 Description Memory corruption occurs within the GV-Cloud functionality. A remote attacker can trigger a denial of service by sending a specially crafted network request while impersonating the legitimate...

6.2CVSS5.8AI score0.00197EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•9 views

PT-2026-55714

Root has patched GHSA-cj63-jhhr-wcxv in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•15 views

PT-2026-51905

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the advance sched function within the taprio component. When should change schedules returns true, the switch schedules function is called to promote the...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•13 views

PT-2026-51661

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description OS command injection flaws exist in the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending a specially...

9.1CVSS6.1AI score0.0172EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•10 views

PT-2026-51889

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where the functions rds for each conn info and rds walk conn path info pass a caller-allocated on-stack u64 buffer to a per-connection visitor. The...

6.2AI score0.00176EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•12 views

PT-2026-51826

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the frappe.get avatar function during image rendering. Stored XSS is a type of...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•7 views

PT-2026-52034

Name of the Vulnerable Software and Affected Versions Warp versions 0.2021.04.25.23.05.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp accepts state-mutating terminal lifecycle hooks from the PTY Pseudo-Terminal stream without verifying if the hooks were emitted by the shell...

4.3CVSS5.8AI score0.00278EPSS
Exploits1References6
Total number of security vulnerabilities184379