Lucene search
K
PtsecurityRecent

184508 matches found

Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51296

Name of the Vulnerable Software and Affected Versions IBM Engineering Workflow Management versions 7.0.3 through 7.0.3 Interim Fix 020 IBM Engineering Workflow Management versions 7.1 through 7.1 Interim Fix 007 Description An issue exists where an authenticated user can embed arbitrary JavaScrip...

5.4CVSS5.8AI score0.00139EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51391

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.11.4 Filament versions prior to 5.6.5 Description A flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This...

7.4CVSS5.9AI score0.00193EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.28 views

PT-2026-51308

Name of the Vulnerable Software and Affected Versions MISP core affected versions not specified Description Broken access-control flaws exist where authorization checks are performed against incorrect entities or ownership and editability checks are missing on write paths. This allows a...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51389

Name of the Vulnerable Software and Affected Versions Filament versions prior to 3.3.52 Filament versions prior to 4.11.5 Filament versions prior to 5.6.5 Description Filament applies Livewire's WithFileUploads trait to components where schemas may contain file upload fields. Certain schemas, suc...

6.5CVSS6AI score0.00207EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51461

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description An issue exists where a workspace-level builder can read any file the server process has access to by uploading a specially crafted PWA zip file. The POST /api/pwa/process-zip endpoint extracts the...

9.6CVSS5.8AI score0.00494EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.19 views

PT-2026-51455

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.6.0 Description Actual is a local-first personal finance tool that fails to neutralize formula-trigger characters when exporting data to CSV. The functions exportToCSV and exportQueryToCSV in...

4.2CVSS6.7AI score0.00286EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51347

A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...

6.9CVSS5.9AI score0.00364EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51326

IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.5AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51306

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Container Platform 4 affected versions not specified Description A flaw exists in the Windows Machine Config Operator WMCO where SSH connections to Windows worker nodes are established without verifying the remote server host...

8.3CVSS6AI score0.00181EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.44 views

PT-2026-51426

A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, bt sdp parse attribute accepts an input buffer once it contains the 1-byte attribute type and 2-byte attribute id, but then unconditionally pulls an...

7.1CVSS6AI score0.00173EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51411

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the '/functions/v1/channel self' endpoint. Unauthenticated remote attackers can send GET requests using arbitrary app id parameters to enumerate non-public...

8.7CVSS6AI score0.00379EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51290

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file...

5.1CVSS5.8AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51294

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51303

Name of the Vulnerable Software and Affected Versions Loki datasource plugin affected versions not specified Description The callResource handler in the Loki datasource plugin contains a path traversal flaw. This allows an authenticated user with a Viewer role to escape the resource sandbox and...

7.7CVSS5.9AI score0.00394EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51321

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A sanitize-then-interpolate ordering bug exists in the geomap panel's XYZ tile layer. The sanitizeTextPanelContent function processes the raw template string...

7.3CVSS5.7AI score0.0025EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51305

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Container Platform 4 affected versions not specified Description A flaw exists in the Windows Machine Config Operator WMCO where the WICD CSR auto-approver validates that a Certificate Signing Request contains the organizatio...

8.8CVSS5.9AI score0.00075EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.27 views

PT-2026-51374

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified Description A denial of service issue exists in the WebSphere WebServer...

7.5CVSS5.8AI score0.00271EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51824

CVE ID :CVE-2026-11825 Published : June 22, 2026, 4:47 p.m. | 1 hour, 43 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51273

Name of the Vulnerable Software and Affected Versions ASUS Armoury Crate affected versions not specified Description A permissive list of allowed inputs allows a local administrator to bypass the validation mechanism. This can lead to arbitrary memory read/write operations or cause a system crash...

7.1CVSS5.9AI score0.00224EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51278

The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator...

5.8AI score0.00164EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51398

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The UnsafeBlitFormatterBase.Deserialize function reads an attacker-controlled byteLength from an extension payload and allocates an array based o...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.23 views

PT-2026-51271

A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...

9.4CVSS6.1AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51460

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description Budibase contains a mass assignment issue in the externalTrigger function. The webhook trigger endpoint /api/webhooks/trigger/:instance/:id is publicly accessible and passes the full HTTP request...

9.6CVSS6AI score0.00461EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51328

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51302

The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host...

9.6CVSS5.9AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.27 views

PT-2026-51372

WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG PATH directory by sending requests with percent-encoded backslashes %5C that bypass the path.Clean sanitization in handler/router.go...

8.7CVSS6AI score0.00408EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51287

Name of the Vulnerable Software and Affected Versions SafeLine SL6 affected versions not specified SafeLine SL6+ affected versions not specified Description SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems contain an authentication bypass. This issue allows...

8.7CVSS6.1AI score0.00207EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51427

A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In bt iso recv subsys/bluetooth/host/iso.c, when processing PB=START/SINGLE fragments, the code pulls a TS SDU header 8 bytes, ts=1 or a non-TS SDU header 4 bytes, ts=0 without...

7.1CVSS5.9AI score0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51304

Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost version 11.6.2 Mattermost version 11.5.5 Mattermost version 10.11.17 Description Improper authorization in the GitLab connect command handler allows any authenticated user to overwrite the global default...

5.4CVSS5.8AI score0.0017EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51323

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques...

5.3CVSS5.9AI score0.00188EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51352

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls...

2.3CVSS5.8AI score0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51288

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

5.4CVSS6AI score0.00168EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51320

Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost versions prior to 10.11.17 Description Insufficient enforcement of bot-specific permission checks on the user active status endpoint allows a User Manager with user management write access, but lacking...

3.8CVSS5.8AI score0.00192EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51272

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

6.9CVSS5.8AI score0.00386EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51412

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A rate limit bypass exists in the 'channel self' endpoint. Attackers can circumvent rate limiting by rotating the user-controlled device id parameter, enabling them to send multiple requests per...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51270

A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories...

8.8CVSS5.8AI score0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51392

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The MessagePackReader.TrySkip function recursively descends into nested arrays and maps without incrementing the reader depth or triggering...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51409

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description The software fails to filter deleted app versions when joining channels during the resolution of the '/updates' endpoint. This occurs due to a missing app versions.deleted filter in channel version...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51410

Name of the Vulnerable Software and Affected Versions Capgo backend Supabase edge functions versions prior to 12.128.2 Description Inconsistent authentication enforcement exists across HTTP methods. The global authentication middleware is not applied to the 'GET /private/role bindings/:org id'...

6.9CVSS5.8AI score0.00322EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51282

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.15.0 through 2.9.0 Description Authorization handling for component configuration verification requests allows clients with read access to submit proposed configuration properties. These proposed properties override the...

6.3CVSS5.8AI score0.00327EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51329

A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths...

6.1CVSS6.5AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51309

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier session id as the OAuth state...

9.3CVSS5.9AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51275

The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox...

5.9AI score0.00129EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51281

Name of the Vulnerable Software and Affected Versions Apache Doris MCP Server versions prior to 0.6.1 Description A SQL injection exists in a metadata query path where a user-controlled database name is directly interpolated into a SQL query. The query is executed without the caller's authorizati...

8.1CVSS5.9AI score0.00375EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.20 views

PT-2026-51310

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A site administrator can configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Since log entries can contain attacker-controlled content, an authenticated attacker...

8.7CVSS6.4AI score0.00383EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51342

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

6.1CVSS5.5AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51327

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51335

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Incorrect caching of authentication between different polkit PolicyKit, a component for controlling privileges in Unix-like operating systems methods allows a local attacker to perform unauthorized...

8.4CVSS5.8AI score0.00133EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51325

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 8.5 IBM WebSphere Application Server version 9.0 Description A remote attacker could bypass authentication to gain unauthorized access to JAX-WS applications. JAX-WS Java API for XML Web Services is a...

7.3CVSS5.8AI score0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51307

Name of the Vulnerable Software and Affected Versions MISP Core affected versions not specified Description Broken access-control checks exist in the bulk deletion flows for Event Reports and Sharing Groups. The deleteSelection handlers authorized deletions using broad role-level permissions...

9.4CVSS5.8AI score0.00261EPSS
Exploits1References9
Total number of security vulnerabilities184508