Lucene search
K
PtsecurityRecent

185744 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.6 views

PT-2026-53804

Summary On a multi-tenant stigmem node, a tenant administrator could list, read, and admit or reject quarantined facts belonging to other tenants. The list/count queries and get quarantined fact in routes/quarantine.py lacked an f.tenant id = identity.tenant id predicate, and the garden lookup wa...

8.6CVSS5.5AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51106

Summary The user supplied class value is fed directly into the sprintf call that creates HTML. You can add a quote to escape the class and then inject arbitrary html/javascript to the final output. Details The template here adds a figure with a class that is substituted in. This value is provided...

8.6CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51107

Summary With $wgEmbedVideoRequireConsent enabled the default, the urls for videos are stored in a json-ified data attributedata-mw-iframeconfig. When given a malformed url or id, the data-mw-iframeconfig attribute can be escaped via single quotes, allowing for html/javascript injection. Details T...

7.5CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51051

Name of the Vulnerable Software and Affected Versions Symfony UX LiveComponent versions prior to 2.x Symfony UX LiveComponent versions prior to 3.x Description The createHtml function in SymfonyUXLiveComponentUtilChildComponentPartialRenderer interpolates the $childTag variable directly into the...

5.1CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-51011

Name of the Vulnerable Software and Affected Versions Grafana Tempo affected versions not specified Description A TraceQL query containing a large exemplars hint value can lead to excessive memory allocation within the Tempo instance. This condition may result in an out-of-memory crash, allowing ...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.7 views

PT-2026-53651

This update for xwayland fixes the following issues: - CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 - Font Alias Stack-based Buffer Overflow. bsc1266294 - GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write. bsc1266300 - XKB Key Types Stack-based Buffer Overflow. bsc12662...

5.8AI score
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-50973

Summary The public GraphQL resolvers getFormDefinitionByObjectenApiUrlurl and the deprecated getFormDefinitionByIdid fetch a caller-supplied URL using the privileged Objecten-API token. Because the /graphql endpoint is permitAll and these resolvers do not declare a CommonGroundAuthentication...

5.3CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51049

Description When a LiveProp is typed as a DateTimeInterface and no explicit format is configured, SymfonyUXLiveComponentLiveComponentHydrator::hydrateObjectValue falls back to new $className$value. The DateTime / DateTimeImmutable constructors accept relative strings such as "now", "tomorrow", or...

6.9CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50929

Name of the Vulnerable Software and Affected Versions Joomla NextGen Editor version 2.1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL commands. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com nge and...

8.8CVSS6.2AI score0.00323EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50867

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

5.3CVSS5.8AI score0.00341EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50912

Name of the Vulnerable Software and Affected Versions AnyDesk version 2.5.0 Description An unquoted service path issue exists in the service installation, allowing local users to execute arbitrary code with SYSTEM privileges. This occurs when a service path contains spaces and is not enclosed in...

8.5CVSS6.2AI score0.00181EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-51003

Name of the Vulnerable Software and Affected Versions Joomla com booking component version 2.4.9 Description An information disclosure issue allows unauthenticated attackers to enumerate user accounts. By exploiting the getUserData function in the customer controller, attackers can send GET...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50829

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP affected versions not specified Description An Expected Behavior Violation allows a remote attacker to cause a denial-of-service DoS condition. By continuously...

8.7CVSS5.9AI score0.00367EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-50881

Name of the Vulnerable Software and Affected Versions FlexNet Manager Suite 2025 R1 Description An issue exists where an authenticated user with read-only access to account settings can escalate their privileges to the Administrator level. Recommendations At the moment, there is no information...

8.7CVSS5.8AI score0.00255EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51054

Name of the Vulnerable Software and Affected Versions Symfony UX LiveComponent versions prior to 2.x Symfony UX LiveComponent versions prior to 3.x Description Methods annotated with LiveAction in symfony/ux-live-component are invokable from the browser to mutate server-side state via AJAX. The...

2.1CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50994

Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An unrestricted file upload issue allows authenticated attackers to upload arbitrary PHP files. This is achieved by submitting malicious files through the profile pic parameter via POST request...

8.8CVSS6.4AI score0.0067EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51093

Name of the Vulnerable Software and Affected Versions UltraJSON versions prior to 5.13.0 Description The functions ujson.dumps, ujson.dump, and ujson.encode contain an issue when the reject bytes variable is set to False. In this configuration, the software may accept malformed or truncated UTF-8...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.28 views

PT-2026-50933

Name of the Vulnerable Software and Affected Versions Joomla Survey Force Deluxe version 3.2.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the component containing crafted S...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-50833

Name of the Vulnerable Software and Affected Versions Hitachi Virtual Storage Platform E990, E1090, E1090H versions prior to DKCMAIN Ver.93-07-21-80/00-05, CHBiSCSI Ver.88-01-02-04 Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H versions prior to DKCMAIN...

8.6CVSS5.9AI score0.00268EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50844

Name of the Vulnerable Software and Affected Versions Woosa – Marktplaats for WooCommerce versions prior to 2.0.5 Description Insufficient path sanitization in the render logs ui function allows authenticated attackers with Administrator-level access to read arbitrary files on the server, such as...

4.9CVSS6AI score0.00397EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50882

Name of the Vulnerable Software and Affected Versions FlexNet Manager Suite 2025 R1 FlexNet Manager Suite 2025 R2 Description Insufficient access control in the software could allow unauthorized access to attachment files. Recommendations At the moment, there is no information about a newer versi...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50939

Name of the Vulnerable Software and Affected Versions Joomla! Component Ajax Quiz version 1.8 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the cid parameter. Attackers can send GET requests to...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50842

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 3.16.0 Description A path traversal issue exists in the shared-folder upload endpoint '/api/folder/uploadToSharedFolder.php'. The FolderController validates the upload filename using basename and REGEX FILE NAME, but...

9.8CVSS6.3AI score0.0072EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50865

Name of the Vulnerable Software and Affected Versions GPU DDK affected versions not specified Description Software run by a non-privileged user can execute improper GPU system calls to trigger an error path, resulting in a Use-After-Free UAF of GPU page tables. This occurs because an error recove...

7.7CVSS5.7AI score0.0011EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50874

Name of the Vulnerable Software and Affected Versions JetBrains GoLand versions prior to 2026.1.3 Description Remote code execution is possible through the use of untrusted project configuration. Recommendations Update JetBrains GoLand to version 2026.1.3 or later...

8.8CVSS6.3AI score0.00253EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50940

Name of the Vulnerable Software and Affected Versions Joomla! Component FocalPoint Pro/Free version 1.2.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the id parameter. Attackers can send GET...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51053

Name of the Vulnerable Software and Affected Versions symfony/ux-live-component versions prior to 2.x and 3.x Description An issue exists in the SymfonyUXLiveComponentLiveComponentHydrator where the HMAC Hash-based Message Authentication Code used to protect read-only props and the propsFromParen...

2.3CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50970

Summary The agent sandbox gates shell commands behind an allowlist SandboxPolicy.isCommandAllowed, which THREAT MODEL.md calls the main control against a compromised agent Adversary 3.2. The allowlist glob-matches the whole command string, but ShellExecutor runs that string through /bin/sh -c. So...

9.9CVSS6.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50936

Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com osdownloads&view=item&id=SQL to extract...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50935

Name of the Vulnerable Software and Affected Versions RPC Responsive Portfolio version 1.6.1 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. This is achieved by sending GET requests to the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50941

Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com sponsorwall&task=click&walli...

7.1CVSS6.2AI score0.00241EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51014

Name of the Vulnerable Software and Affected Versions urllib3 version 2.6.3 Brotli version 1.2.0 Description A decompression bomb bypass exists in the streaming API preload content=False when Brotli support is used. This occurs because three independent code paths in response.py bypass the max...

7.5CVSS7.4AI score0.00304EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50837

Name of the Vulnerable Software and Affected Versions BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor versions prior to 4.5.4 Description Stored Cross-Site Scripting occurs via the blockId attribute of the 'betterdocs/category-slate-layout' Gutenberg block. The issue...

6.4CVSS6AI score0.00212EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50898

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description A Cross-Site Request Forgery CSRF issue exists in the cas-auth plugin under default configurations. This allows a remote attacker to trick a victim into visiting a malicious webpage,...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50905

Name of the Vulnerable Software and Affected Versions Fortitude HTTP version 1.0.4.0 Description An unquoted service path issue exists, allowing local users to execute arbitrary code with elevated privileges. This occurs because the service binary path is not enclosed in quotes, enabling attacker...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50932

Name of the Vulnerable Software and Affected Versions Joomla! Component JB Visa version 1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the visatype parameter via GET requests to the 'index.php'...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-50851

Name of the Vulnerable Software and Affected Versions 2Download Connector for 2DL Hosted Checkout versions prior to 0.1.6 Description The plugin fails to properly verify user authorization before performing specific actions. This allows unauthenticated attackers to access arbitrary customer...

5.3CVSS6AI score0.00299EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50991

Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-55944

Name of the Vulnerable Software and Affected Versions pydantic-settings versions 2.12.0 through 2.14.1 Description The NestedSecretsSettingsSource reads secret values from files within a configured secrets dir. When the secrets nested subdir variable is set to true, the system follows symbolic...

5.3CVSS6AI score0.00138EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51005

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.23 Statamic versions prior to 6.20.0 Description An authenticated Control Panel user can view metadata and content for resources they lack permission to access. This includes entries, assets, users, roles, group...

4.3CVSS5.9AI score0.00162EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51111

Name of the Vulnerable Software and Affected Versions OpenBao versions 2.5.2 through 2.5.4 Description An authenticated user with write access to the transit/keys/ endpoint can cause a denial-of-service by crashing the server. This occurs when a key-creation request is sent combining an asymmetri...

6.5CVSS5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.9 views

PT-2026-55487

Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...

9.6CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51004

Name of the Vulnerable Software and Affected Versions WP Go Maps versions prior to 10.1.02 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Unauthenticated attackers can create arbitrary records in plugin...

5.3CVSS6AI score0.00205EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50866

Name of the Vulnerable Software and Affected Versions GPU DDK affected versions not specified Description Software run by a non-privileged user can perform improper GPU system calls leading to resource mismanagement. This occurs when a shared memory page, managed by a CPU driver thread and access...

7.7CVSS5.7AI score0.0011EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51202

CVE ID :CVE-2026-10746 Published : June 18, 2026, 10:19 p.m. | 3 hours, 52 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.38 views

PT-2026-50850

Name of the Vulnerable Software and Affected Versions Dell Server Hardware Manager versions prior to 3.2.2 Description Improper Access Control allows a low privileged attacker with local access to potentially achieve Elevation of privileges, which is the act of gaining higher-level permissions th...

7.8CVSS5.9AI score0.001EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50944

Name of the Vulnerable Software and Affected Versions Joomla! Component Calendar Planner version 1.0.1 Description An SQL injection allows unauthenticated attackers to inject SQL commands via the category id parameter. By sending GET requests to the events view containing malicious SQL code in th...

8.8CVSS6AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51059

Name of the Vulnerable Software and Affected Versions @tinacms/cli versions prior to 2.4.3 Description @tinacms/cli contains a Remote Code Execution issue in its Forestry-to-Tina migration command. The internal helper function addVariablesToCode unquotes any value matching the marker " TINA...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50952

Name of the Vulnerable Software and Affected Versions Joomla StreetGuessr Game version 1.1.8 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51020

Name of the Vulnerable Software and Affected Versions Mercator versions prior to 2025.05.19 Description The Query Engine allows authenticated users to execute queries via a JSON DSL Domain Specific Language, which is a specialized language used to define data queries. The controller method...

7.1CVSS5.9AI score0.00281EPSS
Exploits0References7
Total number of security vulnerabilities185744