Lucene search
K
PtsecurityRecent

184508 matches found

Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.33 views

PT-2026-51430

Name of the Vulnerable Software and Affected Versions motionEye version 0.43.1 Description An absolute path traversal issue exists in the picture and movie API endpoints, such as '/picture/id/preview/filename'. The vulnerability occurs because the API handlers and functions get media preview and...

6.5CVSS6AI score0.00418EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51401

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Typeless deserialization in MessagePack-CSharp uses MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType to prevent the...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-56619

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.6 Wireshark versions 4.4.0 through 4.4.16 Description The BLF file parser contains errors during variable initialization, which may lead to information disclosure of protected data. Recommendations Update...

3.3CVSS6.1AI score0.00102EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.8 views

PT-2026-52075

Name of the Vulnerable Software and Affected Versions hamlib versions prior to 4.7.2 Description Multiple security issues exist in the rigctld component. A stack out-of-bounds write and uninitialized memory access occur within the send raw function. Additionally, a stack/heap overflow primitive i...

5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51450

Summary scim-patch performs prototype pollution when applying a SCIM PATCH operation whose value object contains a key like " proto .someProp". After one such patch, Object.prototype.someProp is set process-wide, affecting every plain object in the Node process. Any service that calls scimPatch o...

9.1CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51318

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

9.2CVSS5.9AI score0.00384EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51299

Name of the Vulnerable Software and Affected Versions Tempo datasource plugin affected versions not specified Loki datasource plugin affected versions not specified Description These plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization,...

5.4CVSS5.8AI score0.00258EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51417

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.x prior to 3.21.7 Nuxt versions 4.0.0 through 4.4.6 Description Nuxt fails to validate script-capable URLs in the navigateTo open option, which allows for client-side script execution. When user-controlled input is passed to...

6.1CVSS6AI score0.00234EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51379

Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate function in models/attachment.go processes Office documents as ZI...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51373

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.3.9 Description Several components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. This occurs in a file-search agent middlewar...

5.5CVSS5.8AI score0.00157EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51434

Summary The Authorize.Net webhook handler at plugin/AuthorizeNet/webhook.php contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying a valid transaction ID from a small legitimate purchase, the...

6.5CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.8 views

PT-2026-51334

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Lack of authentication when using the snapshot diff functions allows a local attacker to access information that is otherwise read protected. Recommendations Update to version 1.3.3 or later...

6.9CVSS5.8AI score0.0015EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51313

AIL did not restrict repeated failed attempts to verify a two-factor authentication OTP code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This could enable...

5.1CVSS5.9AI score0.0033EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51362

Name of the Vulnerable Software and Affected Versions Canonical ADSys versions prior to v0.16.3 Description An issue exists during Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendor samba/gp/gp...

9.5CVSS5.9AI score0.00111EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-55397

Summary The default formatGroup and formatResult functions in devbridge-autocomplete concatenate values into HTML without escaping, allowing XSS when an attacker controls or can taint the suggestion data source. Details 1. formatGroup — category is interpolated raw. src/format.ts: ts function...

5.4CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51291

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains...

5.1CVSS5.8AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51345

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS6AI score0.00231EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51283

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.2.0 through 2.9.0 Description Improper escaping of database table names in the CaptureChangeMySQL Processor allows for the injection of SQL commands through crafted naming. This issue affects installations utilizing the...

7.2CVSS6AI score0.00385EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51346

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified IBM i versions 7.3 through 7.6 Description The WebSphere Web Server Plug-in component is susceptible to...

8.8CVSS6.4AI score0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.23 views

PT-2026-51393

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The parameterless MessagePackInputFormatter constructor uses default serializer options that resolve to MessagePackSerializerOptions.Standard wit...

9.1CVSS5.6AI score0.00236EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51314

Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost version 11.6.2 Mattermost version 11.5.5 Mattermost version 10.11.17 Description An issue exists where the system fails to validate channel ownership of an existing subscription before applying edits. This...

6.4CVSS5.8AI score0.00153EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51402

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description Multiple SQL injection issues exist in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization...

7.1CVSS6AI score0.00276EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-52473

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0662 Description The dump prefixes function in src/spell.c iteratively walks a spell-file prefix trie using a depth counter to dump prefixes applying to a word. Because the counter is not checked against the size of t...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51339

Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.10.1 Description An issue exists where unauthenticated attackers can restore and inherit authenticated user sessions. This occurs during WebSocket session restoration when a valid sessionId is presented without...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51442

Name of the Vulnerable Software and Affected Versions Inspektor Gadget versions 0.28.0 and later Description A malicious container can crash or destabilize the privileged Inspektor Gadget process when a gadget using USDT User-level Statically Defined Tracing probes is deployed. The issue exists i...

6.3CVSS5.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51436

Summary The excerpt-include macro does not properly escape the title of the included page and executes the content of the excerpt with the macro's rights. Therefore, it is vulnerable to XWiki syntax injection via the included page's title and content, allowing remote code execution for any user w...

9.9CVSS6.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51350

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified Description Remote code execution and denial of service are possible when...

9.8CVSS6.3AI score0.00409EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.20 views

PT-2026-51381

Name of the Vulnerable Software and Affected Versions phpseclib versions 0.1.1 through 1.0.29 phpseclib versions 2.0.0 through 2.0.54 phpseclib versions 3.0.0 through 3.0.53 Description An insecure default in the library allows an unauthenticated attacker to perform Server-Side Request Forgery...

5.8CVSS5.8AI score0.00133EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51406

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description A privilege inversion issue exists in the 'GET /build/logs/:jobId' endpoint. This endpoint utilizes Server-Sent Events SSE to stream output and registers an abort listener that invokes the...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51376

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite WMS versions prior to 2605 Description An Improper Neutralization of Special Elements used in an SQL Command SQL Injection exists. This allows a low privileged attacker with remote access to potentially gain...

8.8CVSS6AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51447

Name of the Vulnerable Software and Affected Versions @actual-app/cli versions prior to 26.6.0 Description The @actual-app/cli tool contains a CSV serialization issue in the escapeCsv function within packages/cli/src/output.ts. When the --format csv option is used, the serializer only handles...

4.6CVSS6.2AI score0.00188EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.7 views

PT-2026-51535

CVE ID :CVE-2026-12845 Published : June 21, 2026, 10:32 p.m. | 1 hour, 54 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51360

Name of the Vulnerable Software and Affected Versions Autodesk Fusion Desktop affected versions not specified Description A flaw in the MCP extension allows arbitrary code execution when a user visits a maliciously crafted webpage while the software is running and the extension is enabled. A...

9.6CVSS6.4AI score0.00381EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51377

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure...

6CVSS5.8AI score0.00104EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.19 views

PT-2026-51315

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.9.11 through 2.11.0 Description A Use After Free issue exists in the xmlParseInternalSubset function of libxml2. This occurs due to improper entity resolution handling, which allows a remote attacker to cause a...

8.3CVSS5.8AI score0.00289EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51416

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.x prior to 3.21.7 Nuxt versions 4.0.0 through 4.4.6 Description The reloadNuxtApp function accepts protocol-relative paths, such as //evil.com. These paths bypass the script-protocol check and resolve to a cross-origin URL base...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.5 views

PT-2026-55193

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

8.6CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51341

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.8.4 Description Improper authorization enforcement in the Streamable MCP transport endpoint allows unauthenticated attackers to access protected MCP project resources and execute MCP operations...

9.8CVSS5.9AI score0.00277EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.22 views

PT-2026-51452

Name of the Vulnerable Software and Affected Versions Budibase versions 3.37.2 through 3.38.x Description Budibase contains an issue where the GET /api/chat-links/:instance/:token/handoff endpoint is public and lacks authentication and Cross-Site Request Forgery CSRF protection. This allows an...

7.3CVSS5.8AI score0.00192EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51338

Name of the Vulnerable Software and Affected Versions Angular Language Service VS Code Extension versions prior to 21.2.4 Description The client-side extension configures the tooltip Markdown renderer with the isTrusted: true option, causing VS Code to trust all rendered content and enable active...

8.8CVSS5.9AI score0.00275EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51337

Name of the Vulnerable Software and Affected Versions Angular Language Service VS Code Extension versions prior to 21.2.4 Description The client-side extension reads custom TypeScript SDK paths from workspace configurations in .vscode/settings.json without verifying the VS Code Workspace Trust...

8.8CVSS5.9AI score0.00154EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51348

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description An issue exists when the Ajax Proxy is configured, which may allow an attacker to send unauthorized requests from the system. This server-sid...

9.1CVSS5.8AI score0.00221EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51378

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 2605 Description An improper link resolution before file access allows a low privileged attacker with local access to potentially gain unauthorized access. Recommendations Update to version 2605 or...

7.8CVSS5.9AI score0.00127EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-52474

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0663 Description A Vimscript code injection issue exists in the s:NetrwLocalRmFile function within the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. The probl...

8.4CVSS6.1AI score0.00154EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51444

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.3 Spinnaker versions prior to 2025.4.4 Spinnaker versions prior to 2025.3.3 Description Unsafe YAML processing bypasses safe deserialization during CloudFormation...

8.8CVSS6.6AI score0.01001EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51396

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. Specifically, the...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51428

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description A malicious user with permissions to create files in a repository or wiki page can trigger a denial of service. This occurs when pages containing file listings return an HTTP 500 error, rendering the w...

4.9CVSS5.8AI score0.0044EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51286

A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability...

8.1CVSS5.7AI score0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.19 views

PT-2026-51386

Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.3.10 Description mise processes .tool-versions files using the Tera template engine, which includes a registered exec function that allows for arbitrary command execution. In the default non-paranoid mode,...

9.6CVSS6AI score0.00685EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51300

Name of the Vulnerable Software and Affected Versions ArubaSign versions prior to 4.6.6 Description Incorrect default permissions are assigned during the installation of the software. The main executable and other program files located in "C:Program Files" have excessive permissions for the...

8.8CVSS6.2AI score0.00122EPSS
Exploits0References6
Total number of security vulnerabilities184508