Lucene search
K
PtsecurityRecent

185797 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50975

Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 2.3.6 CedarJava versions prior to 3.4.1 CedarJava versions prior to 4.9 Description Improper input handling allows Record-to-Entity type confusion across the Java-Rust FFI Foreign Function Interface boundary...

8.8CVSS6.1AI score0.0048EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-51005

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.23 Statamic versions prior to 6.20.0 Description An authenticated Control Panel user can view metadata and content for resources they lack permission to access. This includes entries, assets, users, roles, group...

4.3CVSS5.9AI score0.00162EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51024

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.3.19 Kestra versions prior to 1.2.19 Kestra versions prior to 1.1.19 Kestra versions prior to 1.0.43 Description Kestra is an open-source, event-driven orchestration platform. The inputFiles task writes rendered file...

6.5CVSS6AI score0.00308EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50878

Name of the Vulnerable Software and Affected Versions SIMA GmbH Bondix versions prior to 1.25.7.6 Description OS command injection exists in the environment and tunnel configuration functionality on Linux. An authenticated attacker with configuration write access can execute arbitrary...

8.6CVSS6.2AI score0.01098EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50988

Name of the Vulnerable Software and Affected Versions Joomla! Component J-BusinessDirectory version 4.9.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the type parameter via GET requests to the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50880

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.2 through 3.16.0 Description An authentication bypass by spoofing exists in the jwt-auth plugin. This flaw allows an attacker to completely bypass authentication by using a spoofed token when certain configurations of...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51109

Summary OpenBao users with access to the sys/leases/revoke/:lease id endpoint in any namespace can revoke leases in any other namespace as long as the lease identifier is known to them, bypassing ACLs that should apply for cross-namespace revocations. Impact OpenBao's namespaces provide...

2.1CVSS5.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50901

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description Insecure default credentials exist when TLS configuration is absent and the server is bound beyond the loopback interface. This allows an unauthenticated user on the local network to gain...

9.3CVSS6.8AI score0.00308EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50927

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The vti6 init net function fails to set the netns immutable flag on the per-netns fallback tunnel device 'ip6 vti0'. This flag is intended to prevent the device from being moved to anoth...

8.8CVSS5.8AI score0.93235EPSS
Exploits31References399
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50926

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA Remote Direct Memory Access component during the rereg mr process. When IB MR REREG ACCESS changes from read-only RO to read-write RW, the umem user memory mu...

8.8CVSS5.8AI score0.0053EPSS
Exploits1References379
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51095

Name of the Vulnerable Software and Affected Versions miniflux-v2 affected versions not specified Description URL restrictions can be bypassed, leading to an open redirect. The application uses the IsRelativePath function to validate redirect URLs by requiring relative paths and prohibiting host ...

5.1CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-55487

Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...

9.6CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50934

Name of the Vulnerable Software and Affected Versions Quiz Deluxe version 3.7.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL commands through the 'ajaxaction.flag question' task. Attackers can inject malicious SQL code via the stu quiz id or flag quest...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51081

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.9.1 Description CoreWCF SPNEGO SecurityContextToken SCT negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are...

7.4CVSS5.9AI score0.00175EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.8 views

PT-2026-54544

Уязвимость платформы для управления и защиты идентификационных данных Azure Active Directory связана с недостатками процедуры аутентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии...

10CVSS7.3AI score0.00562EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.16 views

PT-2026-50681

I got six CVEs in a major npm package including 4 RCEs. CVE-2026-54662, CVE-2026-54661, CVE-2026-54666, CVE-2026-54664, CVE-2026-54660, CVE-2026-54663 Full writeup with every sink and payload here: https://t.co/Pgwn5lgb9y infosec cybersecurity rce...

5.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50621

The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'rule id' parameter due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.1AI score0.0026EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50807

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.128 Description A cross-origin agent execution issue exists in the 'POST /agui' endpoint, allowing remote attackers to trigger arbitrary agent execution. The endpoint lacks authentication and utilizes hardcoded...

8.6CVSS6.2AI score0.00504EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.21 views

PT-2026-50793

Name of the Vulnerable Software and Affected Versions Guzzle versions prior to 7.12.1 Description CookieJar incorrectly accepts cookies with a dot-only Domain attribute such as Domain=., Domain=.., Domain=... and whitespace-padded variants. The SetCookie::matchesDomain function removes leading...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50641

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description A missing permission check in the AndroidManifest.xml file allows for a persistent local denial of service. This issue can be triggered without requiring user interaction or additional...

10CVSS6AI score0.00138EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50617

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the change order status, add order note, delete order note, add shipping...

4.3CVSS5.7AI score0.0025EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50790

Name of the Vulnerable Software and Affected Versions deepstream versions prior to 10.0.5 Description A Prototype Pollution issue exists in the server, which allows clients and backend services to synchronize data, send messages, and make remote procedure calls RPCs at scale. Prototype Pollution...

9.9CVSS5.9AI score0.0027EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50733

Name of the Vulnerable Software and Affected Versions piscina versions prior to 6.0.0-rc.2 piscina versions prior to 5.2.0 piscina versions prior to 4.9.3 Description Prototype pollution in the constructor and run paths allows an attacker to control the filename option. When the options object...

8.1CVSS5.9AI score0.00296EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50714

Name of the Vulnerable Software and Affected Versions WP EasyPay versions prior to 4.4.0 Description Cross-Site Request Forgery CSRF allows an attacker to induce a user to perform actions they did not intend to do by tricking their browser into sending a forged request to the application...

6.5CVSS5.9AI score0.00124EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50824

Name of the Vulnerable Software and Affected Versions Daytona versions prior to 0.186 Description A sandbox volume reference volumeId which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing...

4.2CVSS5.8AI score0.00171EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50741

Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0 through 4.15.1 Zitadel versions 3.0.0 through 3.4.11 Description The OAuth2 / OIDC CodeExchange and RefreshToken implementations fail to validate that the requesting client matches the client that originally initiated th...

7.4CVSS6AI score0.00276EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50724

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description An external initialization issue exists in the Kirby Panel and REST API. This occurs when a site has no configured user accounts and is hosted on a publicly accessible...

9.1CVSS5.9AI score0.00545EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50718

Name of the Vulnerable Software and Affected Versions jupyter-server versions prior to 2.20.0 Description The nbconvert HTTP handlers render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy CSP, which is a security layer that helps...

9.3CVSS6AI score0.00227EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50723

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites and plugins that process untrusted input using the writer or list fields, or specific sanitization methods, are subject to stored cross-site scripting XSS. XSS...

8.5CVSS6AI score0.00409EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.13 views

PT-2026-50721

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites using the writer field in any blueprint are susceptible to cross-site scripting XSS. The link and email marks within the writer components fail to prevent the...

7.4CVSS5.9AI score0.00289EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50776

Name of the Vulnerable Software and Affected Versions Node.js version 22 Node.js version 24 Description A flaw in the HTTP/2 server API allows servers to continue accepting data after a GOAWAY frame has been sent. A GOAWAY frame is a mechanism used in the HTTP/2 protocol to notify the peer that t...

5.3CVSS5.9AI score0.00445EPSS
Exploits0References86
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50702

Name of the Vulnerable Software and Affected Versions Node.js version 22 Node.js version 24 Node.js version 26 Description A flaw in the Permission Model enforcement allows a bypass through path misvalidation in the process.report.writeReport function. This issue can result in a confidentiality...

1.8CVSS5.8AI score0.00208EPSS
Exploits0References108
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50684

Name of the Vulnerable Software and Affected Versions Grav versions 1.7.52 through 2.0 Description An incomplete fix for a stored Cross-Site Scripting XSS issue allows users with admin.pages permissions to inject unsanitized CSS into the style attribute of images via Markdown media actions. While...

4.8CVSS6.2AI score0.00187EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-56003

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.9.0 Description The Docker API server allows the browser config.extra args parameter to be passed directly into Chromium launch arguments. Because the Docker API is unauthenticated by default, an attacker can injec...

10CVSS6.1AI score0.00523EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50809

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.115 Description A path traversal issue exists in MultiAgentMonitor due to improper sanitization of agent IDs when constructing file paths. This allows attackers to use traversal sequences, such as ../, within...

8.8CVSS6.3AI score0.00687EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50739

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.15.1 ZITADEL versions 3.0.0 through 3.4.11 Description A flaw in user lifecycle enforcement allows deleted users to retain their original organization or tenant association. When a user is deleted, the historic...

2.3CVSS5.9AI score0.00286EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.26 views

PT-2026-50731

Name of the Vulnerable Software and Affected Versions Gotenberg version 8.33.0 Description A Server-Side Request Forgery SSRF issue exists in the /forms/libreoffice/convert endpoint. By uploading a specially crafted DOCX document, an attacker can force LibreOffice to retrieve external resources...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50734

Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 0.16.0 through 2.0.9 http-proxy-middleware versions 3.0.0 through 3.0.5 http-proxy-middleware versions 4.0.0 through 4.0.9 Description An issue exists in the router proxy-table implementation where host+path...

8.6CVSS5.9AI score0.0034EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50642

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/admin/admin.config.php, the configuration update action 'a=update' processes POST data via cot config update options without calling cot check xg to...

8.8CVSS5.5AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50729

Component: tract-nnef nnef/src/tensors.rs::read tensor + tract-data data/src/tensor.rs - Affected versions: 0.21.16, 0.22.0–0.22.2, 0.23.0–0.23.1 — the dense DatLoader path was unguarded across all three release lines; patched in 0.21.16 / 0.22.2 / 0.23.1 - Class: CWE-190 integer overflow →...

6.1CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.11 views

PT-2026-50786

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.1 commit 2dae302 Description An out-of-bounds heap read exists in the sftp symlink function within src/sftp.c. A malicious SSH server or man-in-the-middle attacker can disclose heap memory contents or cause a cra...

8.3CVSS7.2AI score0.00267EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.13 views

PT-2026-50775

Name of the Vulnerable Software and Affected Versions bpm-release versions prior to v1.4.30 Description A container-to-host privilege escalation exists where the setupBpmLogs function follows symlinks for bpm.log during open and chown operations. A compromised process within a bpm container can...

6.9CVSS6.1AI score0.00125EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50803

Name of the Vulnerable Software and Affected Versions Chef 360 versions prior to 1.7.1 Description Improper handling of URL-encoded paths during request processing can allow unauthorized access to protected API endpoints. An authenticated request may bypass standard access controls to gain...

9.4CVSS5.9AI score0.00401EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50680

I got six CVEs in a major npm package including 4 RCEs. CVE-2026-54662, CVE-2026-54661, CVE-2026-54666, CVE-2026-54664, CVE-2026-54660, CVE-2026-54663 Full writeup with every sink and payload here: https://t.co/Pgwn5lgb9y infosec cybersecurity rce...

5.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50668

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

5.1CVSS5.3AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50796

Name of the Vulnerable Software and Affected Versions Relyra versions 1.0.0 through 1.1.0 Description Relyra is a SAML 2.0 Service Provider library for Elixir and Phoenix that accepts forged SAML signatures. This occurs because the SignatureValue is not cryptographically verified before the libra...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50737

Name of the Vulnerable Software and Affected Versions @tinacms/mdx versions prior to 2.1.7 tinacms versions prior to 3.9.3 Description Rich-text parsing and the default link/image renderers fail to sanitize the url field on Slate link/image nodes. This allows content containing javascript: or...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50743

Name of the Vulnerable Software and Affected Versions opentelemetry-collector-contrib affected versions not specified Description The githubreceiver webhook handler fails to enforce the required headers configuration. While these headers are validated during startup, they are not checked on...

6.9CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.11 views

PT-2026-50806

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description An arbitrary shell command execution issue exists where UI modules hardcode approval mode to auto, which overrides the administrator configuration set in the PRAISON APPROVAL MODE environment...

8.8CVSS6.3AI score0.00476EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50820

Name of the Vulnerable Software and Affected Versions AVer PTC500S affected versions not specified AVer PTC115 affected versions not specified AVer PTC500+ affected versions not specified AVer PTC115+ affected versions not specified Description Improper input validation in these networked...

9.8CVSS6.5AI score0.00616EPSS
Exploits0References8
Total number of security vulnerabilities185797