Lucene search
K
PtsecurityRecent

185026 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50240

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.9AI score0.00148EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50411

Unauthenticated Local File Inclusion in Kastell = 2.0 versions...

8.1CVSS5.2AI score0.00428EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50513

Name of the Vulnerable Software and Affected Versions undici versions 7.23.0 through 8.1.0 Description When using Socks5ProxyAgent, the software reuses a single connection pool across different origins without verifying if the pool's origin matches the requested origin. This leads to cross-origin...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References68
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50525

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.93.0 Description An authorization bypass exists in the proxy repository configuration. This issue allows a delegated repository administrator to disclose stored upstream proxy credentials...

5.9CVSS5.2AI score0.0026EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50197

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A heap buffer overflow occurs in WebRTC, which is a framework that enables real-time communication such as voice and video calls within web browsers. This issue allows a remote attacke...

9.6CVSS6.5AI score0.00601EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50489

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.23.1rc0 Description The '/v1/audio/transcriptions' endpoint limits the size of compressed uploads but fails to limit the size of the decoded PCM Pulse Code Modulation output. PCM is an uncompressed digital audio format...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50566

Name of the Vulnerable Software and Affected Versions Steeltoe.Security.Authentication.CloudFoundryBase versions prior to 3.4.0 Steeltoe.Security.Authentication.JwtBearer versions prior to 4.2.0 Steeltoe.Security.Authentication.OpenIdConnect versions prior to 4.2.0 Description The JWT signing key...

5.9CVSS5.8AI score0.0029EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50493

Name of the Vulnerable Software and Affected Versions @mariozechner/pi-coding-agent versions 0.28.0 through 0.73.1 @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 Description A race condition in the file write path of the credential storage implementation allows the auth.json file,...

2.2CVSS5.7AI score0.00074EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50546

Impact In versions up to and including 3.0.0, two parts of the GraphQL API returned data without checking whether the data belonged to the logged-in user: - Document content. A logged-in user could download the raw content of any document by its ID, regardless of who owned it. The resolver has...

6.5CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50598

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.1 Description Unauthenticated users with network access can upload unlimited amounts of data to the server, which can lead to disk space exhaustion and a resulting denial-of-service. Additionally, the server...

9.3CVSS5.8AI score0.00332EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50341

Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...

7.1CVSS5.1AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50205

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Tab Strip component. This occurs when a program continues to use a pointer after it has been freed, which can lead to heap corruption a memory...

8.8CVSS5.8AI score0.00601EPSS
Exploits0References42
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50373

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7...

4.3CVSS5.2AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50276

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

7.7CVSS5.2AI score0.0045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50263

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

5.3AI score0.00312EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50309

Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...

9.3CVSS5.8AI score0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50321

Unauthenticated PHP Object Injection in EasyMeals = 1.5.1 versions...

8.1CVSS5.4AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50224

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.5AI score0.00084EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50357

Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...

7.6CVSS5.2AI score0.00282EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50284

Unauthenticated Local File Inclusion in Right Way = 4.0 versions...

8.1CVSS5.2AI score0.00363EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50206

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in Extensions allows an attacker to bypass the Same Origin Policy SOP—a security mechanism that restricts how a document or script loaded from one origi...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References40
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50226

In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5AI score0.00065EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50292

Unauthenticated Cross Site Request Forgery CSRF in WordPress Dating Theme = 11.2.0 versions...

8.8CVSS5.2AI score0.00184EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50265

Cross-Site request forgery CSRF vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10...

4.3CVSS5.2AI score0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50266

Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...

7.1CVSS5.1AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50297

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

9.9CVSS5.2AI score0.00319EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50298

Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...

8.6CVSS5.2AI score0.0054EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50393

Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3...

7.3CVSS5.2AI score0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50247

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...

5.2AI score0.00146EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50320

Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50282

Unauthenticated Cross Site Scripting XSS in Auto Repair = 22.6 versions...

7.1CVSS5.1AI score0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50385

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...

9.8CVSS5.2AI score0.00426EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50420

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

9.3CVSS5.5AI score0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50275

Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...

9.9CVSS5.2AI score0.00447EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50477

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'spreadsheet-import' endpoint axiosRequestMake could be used as a generic HTTP proxy. The endpoint was reachable without authentication, and its URL-extension allowlist used a regular expressi...

6.9CVSS6AI score0.00295EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50443

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description Improper Authentication allows an unauthenticated attacker with adjacent network access to potentially gain unauthorized access, leading to information disclosure and informati...

8.1CVSS5.8AI score0.0021EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50507

Name of the Vulnerable Software and Affected Versions RTI Connext Micro versions 4.0.0 through 4.2.x Description An out-of-bounds read issue in the Core Libraries allows for overread buffers, which occurs when the software reads data past the end of the intended buffer. Recommendations Update to...

8.8CVSS6.1AI score0.00249EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50446

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

9.3CVSS5.5AI score0.00291EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50333

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

6.5CVSS5.2AI score0.00305EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50516

Name of the Vulnerable Software and Affected Versions undici versions 6.x prior to 6.26.0 undici versions 7.0.0 through 7.27.x undici versions 8.x prior to 8.5.0 Description The cookie parser in the parseSetCookie function percent-decodes cookie values using qsUnescape, which converts encoded...

5.9CVSS5.5AI score0.00257EPSS
Exploits0References86
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50511

Name of the Vulnerable Software and Affected Versions NVIDIA Spatial Intelligence Lab's SIL GEN3C affected versions not specified Description The inference API server contains an unauthenticated remote code execution flaw. The endpoints '/request-inference' and '/seed-model' deserialize raw HTTP...

9.8CVSS6.8AI score0.00685EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.10 views

PT-2026-50365

: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6...

4.3CVSS5.1AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.11 views

PT-2026-50548

REDMOND, WA -- In a bold move to streamline its communications and bypass the traditional tech press altogether, Microsoft announced Tuesday that all future Windows updates and software features will be unveiled exclusively via their corresponding Common Vulnerabilities and Exposures CVE numbers...

6.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.39 views

PT-2026-52216

Name of the Vulnerable Software and Affected Versions Gitea Docker image versions prior to 1.26.3 Description A critical authentication bypass exists in the official Gitea Docker image due to an insecure default configuration in the app.ini file. The variable REVERSE PROXY TRUSTED PROXIES is set ...

9.8CVSS7.2AI score0.00783EPSS
Exploits4References96
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50584

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.2 Description Authenticated self routes under the /api/v1/user/... group do not properly enforce the public-only token restriction. This allows a token or OAuth grant marked as public-only to access or modify priva...

8.1CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50586

Name of the Vulnerable Software and Affected Versions Gitea versions 1.25.0 and later Description Gitea is subject to stored cross-site scripting XSS through the built-in 3D file viewer, which utilizes the Online3DViewer library. The issue occurs when a .gltf file contains an unsupported extensio...

8.7CVSS6AI score0.00336EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50215

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An object lifecycle issue in Metrics allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use of a...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50406

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.26 views

PT-2026-50323

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

7.3CVSS5.3AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50403

Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Total number of security vulnerabilities185026