Lucene search
K
PtsecurityRecent

184569 matches found

Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.21 views

PT-2026-51172

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.12.x Description Multimodal embeddings processing lacks sparse tensor validation. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests containing...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51147

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Insufficient webhook URL validation allows for Server-Side Request Forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. Organization admins can configure...

5.4CVSS5.9AI score0.00156EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51128

Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions prior to 1.5.2 Description Insufficient file path validation in the view page function allows unauthenticated attackers to delete arbitrary files on the server...

8.1CVSS6.3AI score0.00662EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51150

Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objects including PII to unauthenticated attackers. An attacker can enumerate valid email addresses and harvest sensitive user data including user IDs,...

6.9CVSS5.9AI score0.00328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.16 views

PT-2026-51148

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.13 views

PT-2026-51141

Name of the Vulnerable Software and Affected Versions WooCommerce version 7.1.0 Description A remote code execution flaw exists in the 'class-wc-meta-box-product-images.php' endpoint. The product-type parameter is processed without proper sanitization, allowing attackers to inject shell commands...

9.8CVSS6.7AI score0.00629EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.8 views

PT-2026-53939

Affected versionf of memmap2 did not perform enough validation on the offset and len parameters of Mmap::unchecked advise range, MmapMut::unchecked advise ranage and MmapMut::flush async range. This can cause undefined behavior due to invalid values being passed to pointer::offset and pointer::ad...

5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.15 views

PT-2026-51146

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The software fails to strip EXIF metadata, which includes GPS geolocation data, from uploaded images. This leads to information disclosure, as attackers can download these images and extract precise...

6.9CVSS5.8AI score0.00205EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.15 views

PT-2026-51153

Name of the Vulnerable Software and Affected Versions capacitor-native-biometric versions prior to 12.128.2 Description An authentication bypass exists because the onAuthenticationSucceeded function fails to validate CryptoObject parameters. This allows attackers to use dynamic instrumentation to...

4.8CVSS5.9AI score0.00165EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51043

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the public.upsert version meta SECURITY DEFINER function exposed via PostgREST RPC. This allows unauthenticated attackers to insert arbitrary rows into version meta...

6.9CVSS6AI score0.00235EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.17 views

PT-2026-51143

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 4.4.7 Nuxt versions prior to 3.21.7 Description A cross-site scripting issue exists in the NoScript component, which writes slot content to innerHTML without proper escaping. This allows attackers to inject malicious...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.17 views

PT-2026-51156

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.read devices access can exploit...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.21 views

PT-2026-51193

Name of the Vulnerable Software and Affected Versions IM-Magic Partition Resizer versions prior to 7.9.0 Description Improper access controls in the Kernel Driver component, specifically within the MDA NTDRV.sys library, allow for local privilege escalation. This issue occurs when a local attacke...

8.5CVSS7.1AI score0.00113EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.15 views

PT-2026-51151

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the 'PUT /api/v1/user' endpoint. This allows authenticated users to modify the credential field without proper validation. By providing a crafted password hash, an...

6CVSS5.9AI score0.00251EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.21 views

PT-2026-51190

Name of the Vulnerable Software and Affected Versions AOMEI Backupper versions prior to 8.3.0 Description An issue exists in the Kernel Driver component within the amwrtdrv.sys library. A local attacker can perform a manipulation of an unknown function to cause improper access controls...

8.5CVSS7AI score0.00111EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.14 views

PT-2026-51189

A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploi...

8.5CVSS6.4AI score0.00113EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51157

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the 'GET /statistics/app/:app id' endpoint. This allows users with app-limited API keys to identify existing sibling app IDs by analyzing differential error...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.16 views

PT-2026-51044

Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints is trial org and is paying org that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sb publishable key. Attackers can invoke these...

8.7CVSS5.8AI score0.00302EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.22 views

PT-2026-51131

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains a flaw allowing unauthenticated attackers to delete arbitrary files on the server. This occurs due to insufficient file path validation...

7.5CVSS6.8AI score0.0078EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.24 views

PT-2026-51132

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains insufficient authorization checks that allow unauthenticated attackers to delete and modify files on the server. This issue occurs within t...

7.5CVSS5.9AI score0.00433EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51152

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the unauthenticated '/replication' endpoint. This allows attackers to retrieve internal PostgreSQL replication telemetry without authentication, exposing...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.24 views

PT-2026-51133

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains a flaw where a missing authorization check on the frontmanage shortcode attribute allows authenticated attackers with contributor-level...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.25 views

PT-2026-51188

Name of the Vulnerable Software and Affected Versions AOMEI Partition Assistant versions prior to 10.10.2 Description Improper access controls exist within the Kernel Driver component, specifically affecting unknown code in the ampa10.sys library. This issue allows a local attacker to manipulate...

8.5CVSS7.2AI score0.00113EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.32 views

PT-2026-51194

Name of the Vulnerable Software and Affected Versions Ezbsystems UltraISO Premium Edition versions prior to 9.77 Description Improper access controls exist within the Kernel Driver component, specifically affecting the bootpt64.sys library. This issue allows for unauthorized access when manipulat...

8.5CVSS7.1AI score0.00113EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51154

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the require apikey expiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers wit...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.4 views

PT-2026-55717

bcrypt::verifypassword, hash and HashParts::from strhash panic in str::slice error fail when given a 60-byte &str containing a multi-byte UTF-8 character at certain byte positions. Impact Any Rust code that calls bcrypt::verify or HashParts::from str with an attacker-controlled hash string will...

5.3CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.16 views

PT-2026-51171

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.9 views

PT-2026-51187

Name of the Vulnerable Software and Affected Versions Apache Atlas versions 2.4.0 and earlier Description An authenticated user can perform stored Cross-Site Scripting XSS, which is a technique where malicious scripts are permanently stored on the target server, on the Create Entity page...

5.9AI score0.00315EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51042

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authentication logic flaw exists where a user authorized to manage team or organization security settings can enforce mandatory two-factor authentication 2FA for all team members without having 2...

5.1CVSS5.9AI score0.00206EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51195

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 0.0.1 through 2.9.0 Description Apache NiFi allows the construction of qualified URLs using several HTTP request headers that serve as alternatives to the standard Host header without validating the provided values. While ...

6.3CVSS5.9AI score0.00268EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.17 views

PT-2026-51174

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 27.1 Description Authenticated administrators can perform server-side request forgery SSRF—a flaw where a server is tricked into making requests to an unintended location—via the 'plugin/Live/test.php' endpoint. The...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.17 views

PT-2026-51046

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A scope escalation issue exists in the 'POST /functions/v1/apikey' endpoint. This allows users with app-limited API keys to generate unrestricted keys by providing empty limits. An attacker possessi...

8.8CVSS5.9AI score0.00251EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51045

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description Authenticated users can modify the mutable public.users.email variable to arbitrary addresses. The SSO provisioning endpoint trusts this value as an account-merge key. This allows an attacker to...

8.7CVSS5.9AI score0.00228EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.15 views

PT-2026-51139

Name of the Vulnerable Software and Affected Versions WordPress Ultimate Addons for Beaver Builder version 1.2.4.1 Description An authentication bypass exists in the social media login form functionality. Attackers can gain unauthorized access by submitting a POST request to the 'admin-ajax.php'...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51140

Name of the Vulnerable Software and Affected Versions WordPress Time Capsule Plugin version 1.21.16 Description An authentication bypass allows unauthenticated attackers to gain administrative access by sending a crafted POST request containing the IWP JSON PREFIX header. This flaw enables the...

8.7CVSS5.9AI score0.00398EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.33 views

PT-2026-51144

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The preview subdomain resolver uses ILIKE pattern matching instead of exact matching for app id lookup. This allows underscore characters within the app id to function as SQL wildcards. An attacker...

3.1CVSS5.9AI score0.00215EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51159

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'confirm-signup' endpoint. The confirmation url parameter is not validated, which allows attackers to redirect users to arbitrary external websites. This can be...

5.1CVSS6AI score0.0018EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.28 views

PT-2026-51142

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.1.4 Description Configuration can be injected into the Chainflow during execution through the overrideConfig option, which is available in the frontend web integration and the backend Prediction API. This feature is...

9.8CVSS6.6AI score0.00648EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.17 views

PT-2026-51130

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A stored cross-site scripting issue exists due to the use of an outdated notebookjs library. While .ipynb previews are sanitized on the server side via the '/-/api/sanitize ipynb' endpoint,...

8.9CVSS5.8AI score0.00429EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51161

Name of the Vulnerable Software and Affected Versions Prefect version 3.6.23 Description Remote code execution is possible due to improper handling of user-controlled input within the GitRepository storage class. The commit sha parameter is passed to git commands without validation or the use of ...

9.9CVSS6.6AI score0.00874EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51191

Name of the Vulnerable Software and Affected Versions EaseUS Partition Master versions prior to 14.5 Description An issue exists in the Kernel Driver component within the epmntdrv.sys library. A local attacker can manipulate an unknown function to cause improper access controls, which occurs when...

8.5CVSS7.1AI score0.00112EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.22 views

PT-2026-51192

Name of the Vulnerable Software and Affected Versions EaseUS Partition Master versions prior to 14.6 Description A security flaw exists in the Kernel Driver component within the EUEDKEPM.sys library. An unknown function in this library allows for improper access controls, which can be exploited b...

8.5CVSS7.1AI score0.00109EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.14 views

PT-2026-51179

GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization...

3.7CVSS5.8AI score0.00349EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.43 views

PT-2026-51138

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

5.9CVSS5.8AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.12 views

PT-2026-51178

Name of the Vulnerable Software and Affected Versions GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN version 1.0 Description An issue exists where a crafted SQL statement can be used to access sensitive database information. This occurs via the scost parameter in the...

7.7CVSS5.9AI score0.00215EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.21 views

PT-2026-51136

Name of the Vulnerable Software and Affected Versions SP LMS versions prior to 4.1.4 Description SP LMS com splms by JoomShaper contains a PHP Object injection flaw where user-controlled cookie data is deserialized without validation. Specifically, the application passes the lmsOrders cookie to a...

9.5CVSS6.3AI score0.02726EPSS
Exploits4References14
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51158

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'stripe portal' and 'stripe checkout' endpoints. These endpoints accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers ca...

4.8CVSS5.9AI score0.00152EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.7 views

PT-2026-54954

Unknown description...

5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.21 views

PT-2026-51145

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.8 Description Insufficient input filtering in chat messages and custom agent functions allows for cross-site scripting XSS, a flaw where malicious scripts are injected into trusted websites. An attacker can execut...

6.1CVSS5.8AI score0.00222EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.34 views

PT-2026-51127

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print attribute UTF8STRING path. print attribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen ...

6.1AI score0.00354EPSS
Exploits0References4
Total number of security vulnerabilities184569