Lucene search
K
PtsecurityRecent

185787 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50902

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An incorrect conversion between numeric types occurs in NI grpc-device due to missing range checks in CodeGen. This issue may result in the silent discarding of high bits if a size value...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.28 views

PT-2026-51031

Name of the Vulnerable Software and Affected Versions Azure Active Directory affected versions not specified Description Improper authentication allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...

10CVSS5.9AI score0.00562EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-51036

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication bypass exists in the OTP One-Time Password verification process. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely indicate that...

9.4CVSS5.9AI score0.00188EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-51055

Name of the Vulnerable Software and Affected Versions symfony/ux-autocomplete versions prior to 2.x symfony/ux-autocomplete versions prior to 3.x Description The Stimulus controller in the software renders AJAX response items into a dropdown by interpolating the text field directly into HTML...

5.1CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50986

Name of the Vulnerable Software and Affected Versions Joomla Component J-MultipleHotelReservation version 6.0.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50950

Name of the Vulnerable Software and Affected Versions Joomla! Component KissGallery version 1.0.0 Description An SQL injection allows unauthenticated attackers to inject SQL commands through the component URL path. By supplying malicious SQL code in the 'kissgallery' endpoint, attackers can execu...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50886

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.14.1 through 3.16.0 Description An incorrect authorization issue exists in the authz-casdoor plugin when using the default configuration. This allows an attacker to authenticate using credentials from a different sourc...

8.1CVSS5.9AI score0.00285EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50955

Name of the Vulnerable Software and Affected Versions Joomla LMS King Professional version 3.2.4.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...

8.8CVSS5.9AI score0.00237EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50915

Name of the Vulnerable Software and Affected Versions TFTP Broadband version 4.3.0.1465 Description The tftpt.exe service binary contains an unquoted service path issue. This occurs when a service path contains spaces and is not enclosed in quotation marks, allowing a local attacker to place a...

8.5CVSS5.9AI score0.00119EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.29 views

PT-2026-50870

Name of the Vulnerable Software and Affected Versions Cloudflare Quiche versions prior to 0.29.2 Description Two use-after-free issues exist in the connection ID iterator FFI Foreign Function Interface functions. The functions quiche connection id iter next and quiche conn retired scid next retur...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50911

Name of the Vulnerable Software and Affected Versions Wise Care 365 version 4.27 Wise Disk Cleaner version 9.29 Description An unquoted service path issue exists in the WiseBootAssistant and SpyHunter 4 Service. This allows local users to execute arbitrary code with SYSTEM privileges by placing...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-50888

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An untrusted pointer dereference exists in the sideband streaming API. This issue allows an attacker to trigger an arbitrary memory dereference, which could lead to remote code execution...

9.8CVSS6.3AI score0.00549EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50953

Name of the Vulnerable Software and Affected Versions Joomla Ultimate Property Listing version 1.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the sf selectuser id parameter. Attackers can...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50908

Name of the Vulnerable Software and Affected Versions Comodo Dragon Browser versions prior to 52.15.25.664 Description The DragonUpdater service contains a privilege escalation flaw caused by an unquoted service path that runs with SYSTEM privileges. A local attacker can exploit this by placing a...

8.5CVSS6.2AI score0.00122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-51033

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Online affected versions not specified Description Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. There have been reports of elevated activities targeti...

9.6CVSS5.8AI score0.00389EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-51061

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.6.0 Description The Konnected integration registers an HTTP endpoint 'KonnectedView' located in homeassistant/components/konnected/ init .py that is configured to not require authentication. While write...

7.6CVSS5.9AI score0.00193EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50942

Name of the Vulnerable Software and Affected Versions Joomla! Component Flip Wall version 8.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the wallid parameter via GET requests to the 'index.ph...

7.1CVSS6.1AI score0.00241EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50943

Name of the Vulnerable Software and Affected Versions Joomla SP Movie Database version 1.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the searchword parameter when sending GET requests to the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50836

Name of the Vulnerable Software and Affected Versions Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation versions prior to 2.8.8 Description An issue exists where unauthenticated attackers can perform Server-Side Request Forgery SSRF, a flaw that allows a serv...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-51012

Name of the Vulnerable Software and Affected Versions gonic versions prior to 0.21.0 Description The Subsonic API endpoints '/rest/deletePlaylist.view' and '/rest/getPlaylist.view' lack per-resource authorization. An authenticated user, regardless of privilege level, can delete any playlist or re...

7.1CVSS5.8AI score0.00168EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.25 views

PT-2026-51013

Name of the Vulnerable Software and Affected Versions Gonic versions prior to 0.21.0 Description A logic error in the ServeCreateOrUpdatePlaylist function allows for arbitrary file write operations within the music streaming server. Recommendations Update to version 0.21.0 or later. As a temporar...

8.1CVSS5.9AI score0.00269EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.69 views

PT-2026-50891

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An unchecked enum cast issue exists in the BeginSidebandStream function. An attacker can trigger invalid enum states and undefined behavior by supplying a specially crafted message containing...

7.1CVSS5.9AI score0.00254EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50917

Name of the Vulnerable Software and Affected Versions Realtek Audio Service version 1.0.0.55 Description An unquoted service path issue exists in RtkAudioService64.exe. This allows local attackers to escalate privileges by placing malicious executable files in the unquoted service path directory,...

8.5CVSS5.9AI score0.00121EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50965

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.5.1 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The software contains a shell command injection flaw occurring when the binary path for WeasyPrint is processed...

8.2CVSS5.9AI score0.00154EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-51034

Name of the Vulnerable Software and Affected Versions Azure Synapse affected versions not specified Description Execution with unnecessary privileges allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version th...

9.9CVSS5.9AI score0.005EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50894

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description An open redirect issue exists where an attacker can manipulate client headers, specifically the Host header in the cas-auth plugin, to influence the CAS service URL. This can lead to the...

7.2CVSS5.9AI score0.00409EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50951

Name of the Vulnerable Software and Affected Versions Joomla! Component Twitch Tv version 1.1 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the username and id parameters. Attackers can send GET...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-51040

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Improper access control exists in the SECURITY DEFINER PostgREST RPC function public.record build time. This function is granted to the anon role and can be called using only the public Supabase...

8.7CVSS6AI score0.00242EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50921

Name of the Vulnerable Software and Affected Versions Malwarebytes version 4.5 Description An unquoted service path issue exists in the MBAMService executable. This allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable...

8.5CVSS6AI score0.00205EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50999

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The software uses a case-sensitive blacklist to protect output filenames against the phar:// stream wrapper...

8.1CVSS6.2AI score0.00555EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50945

Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description Improper neutralization of input during web page generation allows for Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted websites. Recommendation...

5.1CVSS5.8AI score0.00136EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-51009

Name of the Vulnerable Software and Affected Versions gonic versions prior to 0.21.0 Description An authenticated Subsonic user can bypass ownership checks to read or delete playlists belonging to other users and probe arbitrary file paths on the host for existence or readability. This occurs...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-51037

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A cross-tenant authorization bypass exists in PostgREST endpoints. This issue allows API keys with organization-level read permissions to access webhook secrets and delivery logs belonging to other...

7.1CVSS5.9AI score0.00241EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50959

Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.3 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. This is achieved by sending GET requests to the 'all-recipes' endpoint...

8.8CVSS6AI score0.00237EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-50947

Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.2r0.0 Description Improper neutralization of input during web page generation in the password reset form allows Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted...

5.3CVSS5.8AI score0.00136EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50934

Name of the Vulnerable Software and Affected Versions Quiz Deluxe version 3.7.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL commands through the 'ajaxaction.flag question' task. Attackers can inject malicious SQL code via the stu quiz id or flag quest...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50883

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 1.2.0 through 3.16.0 Description A Use of Less Trusted Source issue exists where an attacker can leverage the wolf-rbac plugin under default configuration. This allows for the potential pollution of logs with spoofed...

5.8CVSS5.9AI score0.00314EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.7 views

PT-2026-53792

Summary network-ai's ApprovalInbox lib/approval-inbox.ts is a shipped, exported, documented feature — "a web-accessible approval queue with REST API … and SSE streaming" SECURITY.md. It is the network surface of the human-in-the-loop Approval Gate, which ApprovalGate uses to require explicit huma...

5.9CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-51057

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description A bug in the CRI plugin allows the restoration of container.log from a checkpoint image without validating a symlinked path...

9.9CVSS6AI score0.00412EPSS
Exploits0References42
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50983

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description A heap-buffer-overflow read occurs in the reference AV1 codec implementation due to a missing bounds check in the SVC Scalable Video Coding layer ID control function. This allows the spatial...

7.1CVSS5.7AI score0.00272EPSS
Exploits0References34
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.8 views

PT-2026-52057

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x Node.js versions 24.x Node.js versions 26.0.0 through 26.3.0 Description An issue in proxy tunnel error handling may lead to the exposure of proxy credentials within ERR PROXY TUNNEL error messages. This occurs when...

7.5CVSS6.6AI score0.00437EPSS
Exploits0References141
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50832

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description A heap-based buffer overflow occurs in the doProlog function within xmlparse.c. This issue arises because the reallocation of the scaffold backing array is mishandled when data-structure sharing is...

6.9CVSS6.1AI score0.00107EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-50982

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description An arbitrary address write issue exists in the reference AV1 codec implementation. A missing bounds check in the Scalable Video Coding SVC layer ID control function allows an attacker to injec...

7.6CVSS6.1AI score0.00414EPSS
Exploits0References36
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50900

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description The CRI checkpoint import process fails to validate...

9.9CVSS6.4AI score0.00354EPSS
Exploits0References43
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50984

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to provide crafted video frame pixels that overlap with internal encoder layer...

7.1CVSS6AI score0.00414EPSS
Exploits0References36
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50981

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description A heap buffer overflow occurs in the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode allows the first-pass stats ring buffer wrap-around guard to...

7.6CVSS6.2AI score0.00414EPSS
Exploits0References37
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51114

Summary The CartController defines a RateLimiter behavior that is only activated when the 'number' POST/GET parameter is explicitly provided. Details When an attacker submits coupon codes against the session-based cart without passing a 'number' parameter, no rate limiting is applied. This allows...

6.9CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.7 views

PT-2026-53781

A field can be hidden from a user with a field-level SELECT permission DEFINE FIELD code ON secret PERMISSIONS FOR select WHERE owner = $auth.id. When that field is indexed, a record user who cannot read it could still recover the relative ordering of its values across every record by issuing ORD...

4.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.5 views

PT-2026-53794

Impact The previous BasicCookieStorage did not enforce RFC 6265 scoping rules around cookie domain, path, and Secure attribute. A client using a single storage instance to talk to multiple origins could have cookies leak across domains, or have Secure cookies sent over plain HTTP — the deprecatio...

6.9CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50884

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.3 through 3.16.0 Description The openid-connect plugin under default configuration contains an issue where insufficient verification of data authenticity allows an attacker to spoof identity headers. This can lead to...

9.1CVSS5.9AI score0.00213EPSS
Exploits0References7
Total number of security vulnerabilities185787