Lucene search
K
PtsecurityRecent

184840 matches found

Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51238

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package...

9.6CVSS6.7AI score0.00391EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51257

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description A security flaw in the POST Request Handler component allows for remote command injection. This occurs through the manipulation of the command argument within the mp function of the '/goform/mp'...

6.5CVSS6.7AI score0.01158EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51221

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An unauthenticated security definer RPC function get identity apikey only returns the owning user id for supplied API keys. This creates an API key validity oracle—a mechanism that allows an attacke...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51205

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument jdbcUrl results in deserialization. The attack may be performed from remote. The exploit has...

6.5CVSS5.3AI score0.00242EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51220

Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.apply usage overage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or check min rights...

7.6CVSS6AI score0.00199EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51226

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An information disclosure issue exists in the 'OPTIONS /build/upload/:jobId/' endpoint. Unauthenticated attackers can enumerate valid builder job IDs by observing response discrepancies. This allow...

6.9CVSS5.8AI score0.00241EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51200

A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. This affects an unknown part of the file /index.php?page=houses. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS5.6AI score0.00192EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51268

Both Bouncy Castle and GnuPG have acknowledged and fixed the reported issues. CVE-2026-12802 will be published with Bouncy Castle 1.85. GnuPG fix: https://t.co/zdpOVNGXEQ...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.25 views

PT-2026-51258

Name of the Vulnerable Software and Affected Versions kortix-ai suna versions prior to 0.8.39 Description A weakness in the Auth Endpoint component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted websites. The issue exists within...

5.3CVSS5.7AI score0.00288EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51207

Name of the Vulnerable Software and Affected Versions ILIAS Learning Management System version 11.0 Description An issue exists in the Learning Progress Tracking component within the ilTrQuery::executeQueries function of the components/ILIAS/Tracking/classes/class.ilTrQuery.php file. Remote...

5.8CVSS5.8AI score0.00206EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.14 views

PT-2026-51245

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The xmlwf tool contains an integer overflow related to the output filename when the -d outputDir option is utilized. An integer overflow occurs when a mathematical operation results in a value that...

6.5CVSS5.9AI score0.00098EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51240

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow exists in the addBinding function. An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51241

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow exists in the getAttributeId function. An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.13 views

PT-2026-51246

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The xmlwf component contains an integer overflow in the resolveSystemId function. An integer overflow occurs when an arithmetic operation results in a value that exceeds the maximum size of the...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51250

XDG-Desktop-Portal bilmeyenler için Flatpak'in ve Snap'in de kullandığı sandboxlanmış uygulamalar için bir iletişim aracıdır. Sandboxlanmış bir uygulama örnek olarak Kamera'ya erişmek istediğinde direkt erişemez, onun yerine xdg-desktop-portal'a kameraya erişmek için izin ister ve...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.19 views

PT-2026-51254

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description Command injection can be triggered remotely via the POST Request Handler component. The issue exists within the setWAN function located in the '/goform/setWAN' endpoint. Manipulation of the...

6.5CVSS6.9AI score0.01182EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51215

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.25 Description The software fails to detect malicious pickle files that utilize the timeit.timeit function within the reduce method. This allows for remote code execution, as attackers can craft pickle files th...

7.6CVSS6.4AI score0.00418EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.21 views

PT-2026-51223

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Improper access control in the public.get org members RPC function allows unauthenticated attackers to enumerate organization members. By using a public sb publishable key and an organization UUID,...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51206

A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...

6.5CVSS5.5AI score0.00237EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51255

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description Command injection is possible via the POST Request Handler component. A remote attacker can exploit this by manipulating the interface argument within the stainfo function of the '/goform/stainfo'...

6.5CVSS6.7AI score0.01182EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.20 views

PT-2026-51232

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.7 Craft CMS versions 5.0.0-RC1 through 5.9.13 Description A missing authorization issue exists in the 'assets/preview-thumb' endpoint. A Control Panel user lacking permissions to view a specific privat...

5.3CVSS6AI score0.00193EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51265

Name of the Vulnerable Software and Affected Versions Browserbase versions prior to 20260526 Description An issue exists in the Autobrowse Trace Artifact Handler component where a flaw in an unknown function allows for the manipulation of default permissions, resulting in incorrect permission...

4.8CVSS5.8AI score0.00115EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51201

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, a flaw exists where the conn-binding flag remains set after a SESSION SETUP call. Because this flag is connection-wide, the global session lookup function ksmbd...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51242

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow occurs in the XML ParseBuffer function because it lacks a specific check that is implemented in the XML Parse function. Recommendations Update to version 2.8.2 or later...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51248

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where XML TOK DATA CHARS is not considered in the doCdataSection function. This leads to a lack of handler call depth tracking for various calls from within handlers during policy...

5.9CVSS5.9AI score0.00105EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51247

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The xmlwf component contains an integer overflow in the endDoctypeDecl function. This issue is triggered via NOTATION declarations, which are used in XML to define the format of non-XML data...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.11 views

PT-2026-51269

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description Information regarding the nature of the issue is not provided in the available sources. Recommendations At the moment, there is no information about a newer version that contains a fix for thi...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51222

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A broken row level security RLS policy in the org users table allows authenticated users to elevate their privileges from admin to super admin. This insufficient RLS enforcement enables attackers to...

7CVSS5.9AI score0.00246EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.25 views

PT-2026-51196

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description A security flaw exists in the PROXY ADMIN database API Key Generator component within the authenticate user function of the litellm/proxy/auth/login utils.py file. A remote attacker can...

6.5CVSS6.6AI score0.00262EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.23 views

PT-2026-51212

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description A server-side request forgery SSRF exists in the MCP OpenAPI Spec Loader component. The issue occurs within the load openapi spec async function located in the litellm/proxy/ experimental/mc...

6.5CVSS6.7AI score0.00262EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.23 views

PT-2026-51208

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An authentication bypass exists in the SSO Debug Flow component. A remote attacker can manipulate the json.dumps function within the file litellm/proxy/management endpoints/ui sso.py, which...

7.5CVSS7.1AI score0.00508EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51235

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 and later Description An authenticated path traversal flaw exists in the 'assets/icon' endpoint. The issue occurs because the extension parameter is not validated before the system performs file existence checks. A...

7.1CVSS5.8AI score0.00336EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51213

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description Improper authorization occurs in the ui view users function located in the litellm/proxy/management endpoints/internal user endpoints.py file. This flaw allows a remote attacker to bypass...

5.3CVSS6.2AI score0.00288EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51244

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow exists in the copyString function. An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.31 views

PT-2026-51261

Name of the Vulnerable Software and Affected Versions Comfast CF-WR631AX V3 versions prior to 2.7.0.8 Description A remote OS command injection flaw exists in the API Endpoint component. The issue occurs within the system function of the '/cgi-bin/mbox-config?section=ping config' endpoint when th...

6.5CVSS6.9AI score0.01182EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.31 views

PT-2026-51210

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue exists in the SSO Authentication Flow component within the get redirect response from openid function of the litellm/proxy/management endpoints/ui sso.py file. Remote manipulation o...

6.5CVSS6.6AI score0.00358EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.21 views

PT-2026-51198

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue in the MCP Server Connection Testing component allows for server-side request forgery SSRF, which is a flaw that enables an attacker to induce the server-side application to make...

6.5CVSS6.6AI score0.00262EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.21 views

PT-2026-51230

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.5.0 through 5.9.13 Description An issue exists in the FieldsController::actionRenderCardPreview method where the fieldLayoutConfig POST parameter is passed directly to Fields::createLayout without being processed by...

8.6CVSS6.2AI score0.00493EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.10 views

PT-2026-51243

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow occurs in the doProlog function, specifically related to storeEntityValue and the entity textLen variable. An integer overflow is a condition where an arithmetic operation attemp...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51197

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.59.9 Description An improper authentication flaw exists in the MCP Proxy component. Specifically, the UserAPIKeyAuth function within the file litellm/proxy/ experimental/mcp server/auth/user api key auth...

9.8CVSS7.2AI score0.00612EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51186

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue in the M2M JWT Handler component, specifically within the file litellm/proxy/auth/user api key auth.py, leads to improper authorization. This flaw allows a remote attacker to bypass...

7.5CVSS5.9AI score0.00288EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.45 views

PT-2026-51259

Name of the Vulnerable Software and Affected Versions Radware Cyber Controller versions prior to 10.11.0 Description An issue exists within the HTML Report Generation component that allows for HTML injection. This flaw can be exploited remotely to inject malicious HTML code into reports...

5.1CVSS5.9AI score0.00195EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51260

Name of the Vulnerable Software and Affected Versions activepieces versions prior to 0.83.1 Description An issue exists in the File URL Handler component within the handleUrlFile function located in the packages/server/engine/src/lib/variables/processors/file.ts library. This flaw allows for remo...

6.5CVSS6.8AI score0.00201EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51173

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS5.8AI score0.00302EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51149

Name of the Vulnerable Software and Affected Versions capgo versions prior to 12.128.2 Description An authorization bypass exists in several Supabase PostgREST RPC functions: get app metrics, get global metrics, and get total metrics. These functions are granted to the anon role without enforcing...

6.9CVSS5.8AI score0.00274EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.21 views

PT-2026-51172

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.12.x Description Multimodal embeddings processing lacks sparse tensor validation. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests containing...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51128

Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions prior to 1.5.2 Description Insufficient file path validation in the view page function allows unauthenticated attackers to delete arbitrary files on the server...

8.1CVSS6.3AI score0.00662EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51150

Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objects including PII to unauthenticated attackers. An attacker can enumerate valid email addresses and harvest sensitive user data including user IDs,...

6.9CVSS5.9AI score0.00328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.13 views

PT-2026-51141

Name of the Vulnerable Software and Affected Versions WooCommerce version 7.1.0 Description A remote code execution flaw exists in the 'class-wc-meta-box-product-images.php' endpoint. The product-type parameter is processed without proper sanitization, allowing attackers to inject shell commands...

9.8CVSS6.7AI score0.00629EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.16 views

PT-2026-51139

Name of the Vulnerable Software and Affected Versions WordPress Ultimate Addons for Beaver Builder version 1.2.4.1 Description An authentication bypass exists in the social media login form functionality. Attackers can gain unauthorized access by submitting a POST request to the 'admin-ajax.php'...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References8
Total number of security vulnerabilities184840