Lucene search
K
PtsecurityRecent

184867 matches found

Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•20 views

PT-2026-51152

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the unauthenticated '/replication' endpoint. This allows attackers to retrieve internal PostgreSQL replication telemetry without authentication, exposing...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•25 views

PT-2026-51188

Name of the Vulnerable Software and Affected Versions AOMEI Partition Assistant versions prior to 10.10.2 Description Improper access controls exist within the Kernel Driver component, specifically affecting unknown code in the ampa10.sys library. This issue allows a local attacker to manipulate...

8.5CVSS7.2AI score0.00113EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•32 views

PT-2026-51194

Name of the Vulnerable Software and Affected Versions Ezbsystems UltraISO Premium Edition versions prior to 9.77 Description Improper access controls exist within the Kernel Driver component, specifically affecting the bootpt64.sys library. This issue allows for unauthorized access when manipulat...

8.5CVSS7.1AI score0.00113EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•19 views

PT-2026-51154

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the require apikey expiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers wit...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•18 views

PT-2026-51042

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authentication logic flaw exists where a user authorized to manage team or organization security settings can enforce mandatory two-factor authentication 2FA for all team members without having 2...

5.1CVSS5.9AI score0.00206EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•17 views

PT-2026-51174

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 27.1 Description Authenticated administrators can perform server-side request forgery SSRF—a flaw where a server is tricked into making requests to an unintended location—via the 'plugin/Live/test.php' endpoint. The...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•17 views

PT-2026-51046

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A scope escalation issue exists in the 'POST /functions/v1/apikey' endpoint. This allows users with app-limited API keys to generate unrestricted keys by providing empty limits. An attacker possessi...

8.8CVSS5.9AI score0.00251EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•20 views

PT-2026-51045

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description Authenticated users can modify the mutable public.users.email variable to arbitrary addresses. The SSO provisioning endpoint trusts this value as an account-merge key. This allows an attacker to...

8.7CVSS5.9AI score0.00228EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•33 views

PT-2026-51144

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The preview subdomain resolver uses ILIKE pattern matching instead of exact matching for app id lookup. This allows underscore characters within the app id to function as SQL wildcards. An attacker...

3.1CVSS5.9AI score0.00215EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•19 views

PT-2026-51156

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.read devices access can exploit...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•19 views

PT-2026-51159

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'confirm-signup' endpoint. The confirmation url parameter is not validated, which allows attackers to redirect users to arbitrary external websites. This can be...

5.1CVSS6AI score0.0018EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•28 views

PT-2026-51142

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.1.4 Description Configuration can be injected into the Chainflow during execution through the overrideConfig option, which is available in the frontend web integration and the backend Prediction API. This feature is...

9.8CVSS6.6AI score0.00648EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•20 views

PT-2026-51161

Name of the Vulnerable Software and Affected Versions Prefect version 3.6.23 Description Remote code execution is possible due to improper handling of user-controlled input within the GitRepository storage class. The commit sha parameter is passed to git commands without validation or the use of ...

9.9CVSS6.6AI score0.00874EPSS
Exploits3References4
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•20 views

PT-2026-51191

Name of the Vulnerable Software and Affected Versions EaseUS Partition Master versions prior to 14.5 Description An issue exists in the Kernel Driver component within the epmntdrv.sys library. A local attacker can manipulate an unknown function to cause improper access controls, which occurs when...

8.5CVSS7.1AI score0.00112EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•22 views

PT-2026-51192

Name of the Vulnerable Software and Affected Versions EaseUS Partition Master versions prior to 14.6 Description A security flaw exists in the Kernel Driver component within the EUEDKEPM.sys library. An unknown function in this library allows for improper access controls, which can be exploited b...

8.5CVSS7.1AI score0.00109EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•43 views

PT-2026-51138

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

5.9CVSS5.8AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•19 views

PT-2026-51158

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'stripe portal' and 'stripe checkout' endpoints. These endpoints accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers ca...

4.8CVSS5.9AI score0.00152EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•9 views

PT-2026-53939

Affected versionf of memmap2 did not perform enough validation on the offset and len parameters of Mmap::unchecked advise range, MmapMut::unchecked advise ranage and MmapMut::flush async range. This can cause undefined behavior due to invalid values being passed to pointer::offset and pointer::ad...

5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•5 views

PT-2026-55717

bcrypt::verifypassword, hash and HashParts::from strhash panic in str::slice error fail when given a 60-byte &str containing a multi-byte UTF-8 character at certain byte positions. Impact Any Rust code that calls bcrypt::verify or HashParts::from str with an attacker-controlled hash string will...

5.3CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•21 views

PT-2026-51136

Name of the Vulnerable Software and Affected Versions SP LMS versions prior to 4.1.4 Description SP LMS com splms by JoomShaper contains a PHP Object injection flaw where user-controlled cookie data is deserialized without validation. Specifically, the application passes the lmsOrders cookie to a...

9.5CVSS6.3AI score0.02726EPSS
Exploits4References14
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•20 views

PT-2026-51137

Name of the Vulnerable Software and Affected Versions iCagenda versions prior to 3.9.15 iCagenda versions prior to 4.0.8 Description The iCagenda extension for Joomla contains a flaw in the file attachment feature of its public event submission form. Due to improper restriction of file types, an...

10CVSS6.5AI score0.01505EPSS
Exploits4References31
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•14 views

PT-2026-51178

Name of the Vulnerable Software and Affected Versions GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN version 1.0 Description An issue exists where a crafted SQL statement can be used to access sensitive database information. This occurs via the scost parameter in the...

7.7CVSS5.9AI score0.00215EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•15 views

PT-2026-51129

@socradar BUT... CVE-2026-42495 IS STILL UNPATCHED https://t.co/fSZ3GvAylZ...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•18 views

PT-2026-51130

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A stored cross-site scripting issue exists due to the use of an outdated notebookjs library. While .ipynb previews are sanitized on the server side via the '/-/api/sanitize ipynb' endpoint,...

8.9CVSS5.8AI score0.00429EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•18 views

PT-2026-51147

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Insufficient webhook URL validation allows for Server-Side Request Forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. Organization admins can configure...

5.4CVSS5.9AI score0.00156EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•21 views

PT-2026-51140

Name of the Vulnerable Software and Affected Versions WordPress Time Capsule Plugin version 1.21.16 Description An authentication bypass allows unauthenticated attackers to gain administrative access by sending a crafted POST request containing the IWP JSON PREFIX header. This flaw enables the...

8.7CVSS5.9AI score0.00398EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•12 views

PT-2026-51092

Name of the Vulnerable Software and Affected Versions concurrent-ruby versions prior to 1.3.7 Description A synchronization correctness issue exists in the public Concurrent::ReadWriteLock API. The function release write lock does not verify if the calling thread actually acquired the write lock,...

9.8CVSS5.9AI score0.0016EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•13 views

PT-2026-51090

Name of the Vulnerable Software and Affected Versions concurrent-ruby versions prior to 1.3.7 Description The Concurrent::AtomicReferenceupdate function can enter a permanent busy retry loop when the current value is Float::NAN. This occurs due to the interaction between AtomicReferenceupdate,...

8.2CVSS5.8AI score0.00278EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•19 views

PT-2026-50969

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack buffer overflow exists in the '/goform/AdvSetMacMtuWan' endpoint. This issue occurs when processing the wanSpeed parameter, which can lead to remote arbitrary code execution. Recommendations At...

9.8CVSS6.4AI score0.00584EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•15 views

PT-2026-50909

Name of the Vulnerable Software and Affected Versions Windows Firewall Control version 4.8.6.0 Description An unquoted service path issue exists where the wfcs.exe service is configured with a path containing spaces that is not enclosed in quotes. This allows a local attacker to escalate privileg...

8.5CVSS5.9AI score0.00113EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•22 views

PT-2026-51001

Name of the Vulnerable Software and Affected Versions Slopsmith versions prior to 0.2.9-alpha.5 Description Slopsmith is a web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC. A path-traversal issue in the archive extractors allows an attacker to write arbitrary files...

9.4CVSS6.7AI score0.00568EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•18 views

PT-2026-51113

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.9 Craft CMS versions 5.0.0-RC1 through 5.9.9 Description Craft CMS is subject to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection via the '/actions/app/resource-js' endpoint. The iss...

9.2CVSS6AI score0.0033EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•22 views

PT-2026-51016

Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.18 through 3.0.8 Description ProxySQL contains a pre-authentication heap memory corruption issue within the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can trigger this by declaring an...

9.8CVSS5.9AI score0.00358EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•27 views

PT-2026-50889

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An out-of-bounds read occurs in the NI grpc-device streaming API because of a missing bounds check. This issue can lead to a denial of service if an attacker provides a specially crafted writ...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•17 views

PT-2026-50914

Name of the Vulnerable Software and Affected Versions Network Inventory Advisor version 5.0.26.0 Description The niaservice service is installed with an unquoted binary path. This configuration allows local attackers to escalate privileges by placing malicious executables in intermediate...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•30 views

PT-2026-50985

Name of the Vulnerable Software and Affected Versions Joomla J-CruisePortal version 6.0.4 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the "cruises" endpoint using crafted SQL...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•24 views

PT-2026-50835

Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...

5CVSS5.9AI score0.00208EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•18 views

PT-2026-51017

Name of the Vulnerable Software and Affected Versions ProxySQL versions 3.0.0 through 3.0.8 Description The GenAI/MCP run sql readonly tool violates its read-only contract for MySQL targets. The tool validates input using a substring blacklist and a first-keyword allowlist, but executes the SQL...

7.5CVSS5.9AI score0.00226EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•6 views

PT-2026-56538

Name of the Vulnerable Software and Affected Versions Zeep versions 4.0.0 through 4.3.2 Description In this Python SOAP client, the Settings.forbid external setting is not enforced during the parsing of WSDL or XSD documents. This allows transitive xsd:import, xsd:include, wsdl:import, and lxml...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•9 views

PT-2026-56266

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.4 Description Webview-based pages communicate with the Rust backend via an internal localhost API. User scripts included through iframes in the editor can bypass protections to access this API. A malicious imported...

6.5CVSS6.2AI score0.00169EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•7 views

PT-2026-56267

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.3 Description Anki launches a local HTTP server to serve media files and web pages for its interface. The server does not sufficiently block requests from other origins, allowing a malicious website to trigger...

8.7CVSS6.1AI score0.00181EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•9 views

PT-2026-55981

Name of the Vulnerable Software and Affected Versions Hugo versions 0.162.0 through 0.163.0 Description The default security.http.urls policy fails to properly block requests to loopback, internal, and cloud-metadata IPv4 literals because the deny rule only matches dotted-decimal notation...

7.7CVSS6.1AI score0.00208EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•5 views

PT-2026-55980

Name of the Vulnerable Software and Affected Versions Hugo versions 0.123.0 through 0.163.0 Description A regression in the virtual filesystem allows a symlink placed within a theme or local mount to read arbitrary files accessible to the user running the application. This occurs because the...

6.5CVSS6.2AI score0.00318EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•11 views

PT-2026-55979

Name of the Vulnerable Software and Affected Versions Hugo versions 0.60.0 through 0.163.2 Description The default code-block renderer fails to perform HTML escaping when writing the Markdown code-fence language or info-string into the code element's class and data-lang attributes. An attacker ca...

5.4CVSS6.1AI score0.00172EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•6 views

PT-2026-55944

Name of the Vulnerable Software and Affected Versions pydantic-settings versions 2.12.0 through 2.14.1 Description The NestedSecretsSettingsSource reads secret values from files within a configured secrets dir. When the secrets nested subdir variable is set to true, the system follows symbolic...

5.3CVSS6AI score0.00138EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•8 views

PT-2026-54004

Name of the Vulnerable Software and Affected Versions MessagePack versions prior to 1.2.1 Description An out-of-bounds read occurs when an Unpacker is reused after an error has been caught, which can lead to a denial of service DoS attack. If the Unpacker is used repeatedly following such an erro...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•8 views

PT-2026-52057

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x Node.js versions 24.x Node.js versions 26.0.0 through 26.3.0 Description An issue in proxy tunnel error handling may lead to the exposure of proxy credentials within ERR PROXY TUNNEL error messages. This occurs when...

7.5CVSS6.6AI score0.00437EPSS
Exploits0References141
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•9 views

PT-2026-52060

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x and earlier Node.js versions 24.x and earlier Node.js versions 26.0.0 through 26.3.0 Description An inconsistency in hostname matching can lead to a trust-policy bypass within multi-context mTLS mutual Transport Layer...

7.5CVSS6.6AI score0.02806EPSS
Exploits0References143
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•10 views

PT-2026-52058

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x, 24.x, and 26.x prior to 26.3.1-1.1 Description A flaw in the Node.js HTTP/2 client enables a server to send an unlimited number of ORIGIN frames, potentially causing an Out of Memory error on the client side...

7.5CVSS7.1AI score0.00656EPSS
Exploits0References143
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•11 views

PT-2026-52062

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x through 26.3.0 Description A flaw in the TLS host verification process allows an attacker to bypass certification validation. Recommendations Update Node.js to version 26.3.1 or later...

7.5CVSS7.1AI score0.02806EPSS
Exploits0References144
Total number of security vulnerabilities184867