Lucene search
K
PtsecurityRecent

186967 matches found

Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51281

Name of the Vulnerable Software and Affected Versions Apache Doris MCP Server versions prior to 0.6.1 Description A SQL injection exists in a metadata query path where a user-controlled database name is directly interpolated into a SQL query. The query is executed without the caller's authorizati...

8.1CVSS5.9AI score0.00375EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.33 views

PT-2026-51372

WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG PATH directory by sending requests with percent-encoded backslashes %5C that bypass the path.Clean sanitization in handler/router.go...

8.7CVSS6AI score0.00408EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51448

Name of the Vulnerable Software and Affected Versions @actual-app/sync-server versions prior to 26.6.0 Description An authorization asymmetry exists in the @actual-app/sync-server component of Actual. In OpenID multi-user deployments, the GET /secret/:name endpoint only verifies that a user has a...

4.3CVSS5.9AI score0.00342EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.24 views

PT-2026-51393

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The parameterless MessagePackInputFormatter constructor uses default serializer options that resolve to MessagePackSerializerOptions.Standard wit...

9.1CVSS5.6AI score0.00236EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51403

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A denial of service issue exists in the 'POST /app/demo' endpoint. Authenticated users with organization write permissions can create an unlimited number of demo applications because the system lack...

5.3CVSS5.8AI score0.00272EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51343

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database...

5.5CVSS5.9AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.19 views

PT-2026-51399

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51379

Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate function in models/attachment.go processes Office documents as ZI...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.20 views

PT-2026-51295

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...

6CVSS5.8AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51443

Summary Certain federation endpoints do not consistently apply output encoding when rendering user-supplied parameters into HTML responses. Under a non-default configuration used in some clustered deployments, this inconsistency can result in reflected XSS in the OpenAM origin without...

2.3CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.26 views

PT-2026-51427

A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In bt iso recv subsys/bluetooth/host/iso.c, when processing PB=START/SINGLE fragments, the code pulls a TS SDU header 8 bytes, ts=1 or a non-TS SDU header 4 bytes, ts=0 without...

7.1CVSS5.9AI score0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51446

Name of the Vulnerable Software and Affected Versions OpenDJ Community Edition versions prior to 5.1.1 Description A Deserialization of Untrusted Data issue in the JMX RMI connector allows an unauthenticated remote attacker to deserialize arbitrary Java objects on the server. The issue occurs...

9.2CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51439

Summary The PayPal webhook endpoint /extensions/paypal/webhook processes the PAYPAL-CERT-URL HTTP header without validation, allowing attackers to control server-side HTTP request destinations. Technical details: The /extensions/paypal/webhook endpoint processes incoming webhook requests and trus...

5.3CVSS6.1AI score0.00021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-55436

This update for rpcbind fixes the following issues - Update to rpcbind 1.2.9 bsc1267212 https://lore.kernel.org/linux-nfs/[email protected]/ rpcinfo: stack buffer overflow in rpcinfo rpcbaddrlist rpcbind: Stop unauthenticated oversized allocation in PMAPPROC CALLIT...

6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.19 views

PT-2026-51389

Name of the Vulnerable Software and Affected Versions Filament versions prior to 3.3.52 Filament versions prior to 4.11.5 Filament versions prior to 5.6.5 Description Filament applies Livewire's WithFileUploads trait to components where schemas may contain file upload fields. Certain schemas, suc...

6.5CVSS6AI score0.00207EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51317

The vulnerability is present in the ‘/addJugador’ endpoint: The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other users’ information without requiring prior authorization validation. This could enable an authenticated attacker to alter any user’s ID and change their...

9.4CVSS6AI score0.0029EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51456

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description A specially crafted issue index pattern can cause a panic during rendering, leading to a denial of service. In the internal/markup/markup.go file, the RenderIssueIndexPattern function uses com.Expand t...

3.5CVSS5.9AI score0.00284EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.22 views

PT-2026-51381

Name of the Vulnerable Software and Affected Versions phpseclib versions 0.1.1 through 1.0.29 phpseclib versions 2.0.0 through 2.0.54 phpseclib versions 3.0.0 through 3.0.53 Description An insecure default in the library allows an unauthenticated attacker to perform Server-Side Request Forgery...

5.8CVSS5.8AI score0.00133EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51307

Name of the Vulnerable Software and Affected Versions MISP Core affected versions not specified Description Broken access-control checks exist in the bulk deletion flows for Event Reports and Sharing Groups. The deleteSelection handlers authorized deletions using broad role-level permissions...

9.4CVSS5.8AI score0.00261EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51445

Name of the Vulnerable Software and Affected Versions MotionEye affected versions not specified Description An authentication bypass occurs because the application improperly trusts client-controlled cookies. The server accepts the cookies meye username and meye password hash as sufficient...

9.1CVSS5.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51425

Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2 fetch direntry subsys/fs/ext2/ext2 diskops.c, the code only checks de name len = EXT2 MAX FILE NAME and then copies the name with...

4.9CVSS6.1AI score0.00205EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51277

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.8AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.20 views

PT-2026-51289

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in...

7.7CVSS5.9AI score0.00299EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.22 views

PT-2026-51442

Name of the Vulnerable Software and Affected Versions Inspektor Gadget versions 0.28.0 and later Description A malicious container can crash or destabilize the privileged Inspektor Gadget process when a gadget using USDT User-level Statically Defined Tracing probes is deployed. The issue exists i...

6.3CVSS5.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51394

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description When decompressing Lz4Block or Lz4BlockArray payloads, the software reads declared uncompressed lengths from the wire and allocates output buffer...

7.5CVSS5.9AI score0.00236EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51409

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description The software fails to filter deleted app versions when joining channels during the resolution of the '/updates' endpoint. This occurs due to a missing app versions.deleted filter in channel version...

7.1CVSS5.8AI score0.00302EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51292

Name of the Vulnerable Software and Affected Versions Net::Statsite::Client versions prior to 1.1.1 Description Net::Statsite::Client, a client for the statsite protocol a variant of statsd, allows metric injections. This occurs because newlines are not removed from metric names, and values are n...

9.1CVSS5.9AI score0.00352EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51329

A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths...

6.1CVSS6.5AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.25 views

PT-2026-51452

Name of the Vulnerable Software and Affected Versions Budibase versions 3.37.2 through 3.38.x Description Budibase contains an issue where the GET /api/chat-links/:instance/:token/handoff endpoint is public and lacks authentication and Cross-Site Request Forgery CSRF protection. This allows an...

7.3CVSS5.8AI score0.00192EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.23 views

PT-2026-51333

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description A path traversal issue exists when using the configName parameter. This allows a local attacker to utilize malicious configuration files for snapper, which can lead to a denial of service or potenti...

7.3CVSS5.8AI score0.00159EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51386

Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.3.10 Description mise processes .tool-versions files using the Tera template engine, which includes a registered exec function that allows for arbitrary command execution. In the default non-paranoid mode,...

9.6CVSS6AI score0.00685EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51428

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description A malicious user with permissions to create files in a repository or wiki page can trigger a denial of service. This occurs when pages containing file listings return an HTTP 500 error, rendering the w...

4.9CVSS5.8AI score0.0044EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51296

Name of the Vulnerable Software and Affected Versions IBM Engineering Workflow Management versions 7.0.3 through 7.0.3 Interim Fix 020 IBM Engineering Workflow Management versions 7.1 through 7.1 Interim Fix 007 Description An issue exists where an authenticated user can embed arbitrary JavaScrip...

5.4CVSS5.8AI score0.00139EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.23 views

PT-2026-51401

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Typeless deserialization in MessagePack-CSharp uses MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType to prevent the...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.34 views

PT-2026-51308

Name of the Vulnerable Software and Affected Versions MISP core affected versions not specified Description Broken access-control flaws exist where authorization checks are performed against incorrect entities or ownership and editability checks are missing on write paths. This allows a...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51824

CVE ID :CVE-2026-11825 Published : June 22, 2026, 4:47 p.m. | 1 hour, 43 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51326

IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.5AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.19 views

PT-2026-51375

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite WMS versions prior to 2605 Description An improper neutralization of special elements used in an SQL command, known as SQL Injection, allows a low privileged attacker with remote access to potentially gain unauthoriz...

8.1CVSS6AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.8 views

PT-2026-55371

Impact Following the path-safety patches in GHSA-wx3m-whqv-xv47 v0.1.2, a comprehensive multi-angle audit surfaced five further vulnerabilities, now patched in v0.1.3: 1. source sha argument injection in git ls-tree CRITICAL. InstalledSkill.source sha deserialized from .skills.toml committed,...

5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51339

Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.10.1 Description An issue exists where unauthenticated attackers can restore and inherit authenticated user sessions. This occurs during WebSocket session restoration when a valid sessionId is presented without...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51352

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls...

2.3CVSS5.8AI score0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51440

Summary The email update functionality fails to invalidate the existing verification state when a user changes their email address, allowing a verified account to retain its verified status after switching to an unverified or unowned email address. Technical Details When a user updated their emai...

4.3CVSS6AI score0.00034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51282

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.15.0 through 2.9.0 Description Authorization handling for component configuration verification requests allows clients with read access to submit proposed configuration properties. These proposed properties override the...

6.3CVSS5.8AI score0.00327EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51309

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier session id as the OAuth state...

9.3CVSS5.9AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51275

The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox...

5.9AI score0.00129EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.20 views

PT-2026-51310

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A site administrator can configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Since log entries can contain attacker-controlled content, an authenticated attacker...

8.7CVSS6.4AI score0.00383EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51342

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

6.1CVSS5.5AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51327

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51335

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Incorrect caching of authentication between different polkit PolicyKit, a component for controlling privileges in Unix-like operating systems methods allows a local attacker to perform unauthorized...

8.4CVSS5.8AI score0.00133EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51298

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description Improper isolation of Python execution combined with an authentication bypass allows an unauthenticated remote attacker to execute arbitrary code on the host system, leading to a comple...

10CVSS6.5AI score0.00502EPSS
Exploits0References12
Total number of security vulnerabilities186967