Lucene search
K
PtsecurityRecent

187039 matches found

Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51275

The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and activate an account without access to the associated email inbox...

5.9AI score0.00129EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.20 views

PT-2026-51310

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A site administrator can configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Since log entries can contain attacker-controlled content, an authenticated attacker...

8.7CVSS6.4AI score0.00383EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51342

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

6.1CVSS5.5AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51327

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51335

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Incorrect caching of authentication between different polkit PolicyKit, a component for controlling privileges in Unix-like operating systems methods allows a local attacker to perform unauthorized...

8.4CVSS5.8AI score0.00133EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51298

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description Improper isolation of Python execution combined with an authentication bypass allows an unauthenticated remote attacker to execute arbitrary code on the host system, leading to a comple...

10CVSS6.5AI score0.00502EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51284

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.12.0 through 2.9.0 Description Authorization is missing when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51336

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description The qSnapper dbus service incorrectly caches authentication between different users. This allows a local attacker to utilize dbus functions after a privileged user has already performed authenticati...

8.4CVSS5.8AI score0.00134EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51274

Name of the Vulnerable Software and Affected Versions PaperCut Print Deploy Client for Windows affected versions not specified Description An insecure process execution issue exists in the pc-printer-updater.exe component. The application operates with high-level system privileges and performs an...

7.3CVSS6.1AI score0.00136EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51285

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51297

Name of the Vulnerable Software and Affected Versions GitHub Copilot version 1.372.0 Description An issue exists where the software allows filesystem access outside of a workspace folder without user approval. This occurs via a file-handler URI parameter used in the fetch webpage function. This...

7.5CVSS5.8AI score0.00853EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51371

Name of the Vulnerable Software and Affected Versions TP-Link routers affected versions not specified Description Insufficient validation of externally supplied DHCP option data in the DHCP option processing logic allows an adjacent, unauthenticated attacker to execute arbitrary commands with...

8.7CVSS6.2AI score0.00409EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51363

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description The public dashboard query endpoint does not limit the request body size before processing. This allows unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51299

Name of the Vulnerable Software and Affected Versions Tempo datasource plugin affected versions not specified Loki datasource plugin affected versions not specified Description These plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization,...

5.4CVSS5.8AI score0.00258EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51303

Name of the Vulnerable Software and Affected Versions Loki datasource plugin affected versions not specified Description The callResource handler in the Loki datasource plugin contains a path traversal flaw. This allows an authenticated user with a Viewer role to escape the resource sandbox and...

7.7CVSS5.9AI score0.00394EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.22 views

PT-2026-51319

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51324

Name of the Vulnerable Software and Affected Versions IBM Engineering Workflow Management versions 7.0.2 through 7.0.2 Interim Fix 035 IBM Engineering Workflow Management versions 7.0.3 through 7.0.3 Interim Fix 017 IBM Engineering Workflow Management versions 7.1 through 7.1 Interim Fix 004...

6.5CVSS5.7AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51438

Summary The OAuth 2.0 / OpenID Connect authorization endpoint does not sufficiently sanitize certain user-supplied parameters before incorporating them into the HTML response generated for the form post response mode. This may allow an attacker to inject content into the rendered page in the...

9.3CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51287

Name of the Vulnerable Software and Affected Versions SafeLine SL6 affected versions not specified SafeLine SL6+ affected versions not specified Description SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems contain an authentication bypass. This issue allows...

8.7CVSS6.1AI score0.00207EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.20 views

PT-2026-51273

Name of the Vulnerable Software and Affected Versions ASUS Armoury Crate affected versions not specified Description A permissive list of allowed inputs allows a local administrator to bypass the validation mechanism. This can lead to arbitrary memory read/write operations or cause a system crash...

7.1CVSS5.9AI score0.00224EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51304

Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost version 11.6.2 Mattermost version 11.5.5 Mattermost version 10.11.17 Description Improper authorization in the GitLab connect command handler allows any authenticated user to overwrite the global default...

5.4CVSS5.8AI score0.0017EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51460

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description Budibase contains a mass assignment issue in the externalTrigger function. The webhook trigger endpoint /api/webhooks/trigger/:instance/:id is publicly accessible and passes the full HTTP request...

9.6CVSS6AI score0.00461EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51361

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

4.8CVSS6AI score0.00321EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51330

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

5.3CVSS6.1AI score0.0043EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51418

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.1 Description vLLM is an inference and serving engine for large language models. The Dockerfile is susceptible to a dependency confusion attack involving the flashinfer-jit-cache package. This occurs because the...

8.8CVSS6.2AI score0.00304EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.20 views

PT-2026-51340

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.3CVSS5.8AI score0.002EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51450

Summary scim-patch performs prototype pollution when applying a SCIM PATCH operation whose value object contains a key like " proto .someProp". After one such patch, Object.prototype.someProp is set process-wide, affecting every plain object in the Node process. Any service that calls scimPatch o...

9.1CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51435

OpenAM Open Identity Platform is an open-source IAM platform providing SSO, OAuth2, SAML, and OpenID Connect capabilities. The CREST REST API layer exposes user query endpoints under /json/realm/users. In IdentityResourceV1.queryCollection, the HTTP query parameter queryId is passed to a CrestQue...

8.7CVSS6AI score0.76385EPSS
Exploits5References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-55280

Root has patched GHSA-p6gq-j5cr-w38f in the @rootio/nodemailer package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51412

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A rate limit bypass exists in the 'channel self' endpoint. Attackers can circumvent rate limiting by rotating the user-controlled device id parameter, enabling them to send multiple requests per...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51350

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified Description Remote code execution and denial of service are possible when...

9.8CVSS6.3AI score0.00409EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51346

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified IBM i versions 7.3 through 7.6 Description The WebSphere Web Server Plug-in component is susceptible to...

8.8CVSS6.4AI score0.0026EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51348

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description An issue exists when the Ajax Proxy is configured, which may allow an attacker to send unauthorized requests from the system. This server-sid...

9.1CVSS5.8AI score0.00221EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.30 views

PT-2026-51374

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified Description A denial of service issue exists in the WebSphere WebServer...

7.5CVSS5.8AI score0.00271EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51351

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 Description A denial of service issue exists where a remote attacker can se...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51344

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server 9.0 IBM WebSphere Application Server 8.5 IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 Description HTTP request smuggling occurs when a remote attacker sends a specially crafted...

9.1CVSS5.8AI score0.00338EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51453

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.3 Description The application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by recaptcha...

7.4CVSS6AI score0.0029EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51306

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Container Platform 4 affected versions not specified Description A flaw exists in the Windows Machine Config Operator WMCO where SSH connections to Windows worker nodes are established without verifying the remote server host...

8.3CVSS6AI score0.00181EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51288

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

5.4CVSS6AI score0.00168EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51439

Summary The PayPal webhook endpoint /extensions/paypal/webhook processes the PAYPAL-CERT-URL HTTP header without validation, allowing attackers to control server-side HTTP request destinations. Technical details: The /extensions/paypal/webhook endpoint processes incoming webhook requests and trus...

5.3CVSS6.1AI score0.00021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51440

Summary The email update functionality fails to invalidate the existing verification state when a user changes their email address, allowing a verified account to retain its verified status after switching to an unverified or unowned email address. Technical Details When a user updated their emai...

4.3CVSS6AI score0.00034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51446

Name of the Vulnerable Software and Affected Versions OpenDJ Community Edition versions prior to 5.1.1 Description A Deserialization of Untrusted Data issue in the JMX RMI connector allows an unauthenticated remote attacker to deserialize arbitrary Java objects on the server. The issue occurs...

9.2CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.8 views

PT-2026-51535

CVE ID :CVE-2026-12845 Published : June 21, 2026, 10:32 p.m. | 1 hour, 54 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51293

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description Multiple core controllers and model capture paths accept client-controlled request fields, including primary keys id and ownership or scope foreign keys such as event id, org id, user id, sharin...

9.4CVSS6AI score0.00362EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51441

Summary The ticket creation endpoint accepts a user-supplied service identifier without enforcing ownership validation, allowing authenticated users to create support tickets referencing services belonging to other accounts by modifying the service ID in the request. Technical Details The ticket...

5.4CVSS5.9AI score0.00042EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.23 views

PT-2026-51433

Vulnerability Details CWE: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory The official docker-compose.yml line 61 mounts the entire project root directory as the Apache document root: yaml volumes: - "./:/var/www/html/AVideo" This causes the .env file —...

7.5CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51329

A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths...

6.1CVSS6.5AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51391

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.11.4 Filament versions prior to 5.6.5 Description A flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This...

7.4CVSS5.9AI score0.00193EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51382

Name of the Vulnerable Software and Affected Versions FastStone Image Viewer versions prior to 8.3.0.1 Description Heap-based buffer overflow flaws exist in the JP2 and PSD file parsers within the FSViewer.exe process. A malformed QCD quantization default marker 0xFF5C in a crafted JPEG 2000 JP2...

6.5CVSS6.5AI score0.00465EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51410

Name of the Vulnerable Software and Affected Versions Capgo backend Supabase edge functions versions prior to 12.128.2 Description Inconsistent authentication enforcement exists across HTTP methods. The global authentication middleware is not applied to the 'GET /private/role bindings/:org id'...

6.9CVSS5.8AI score0.00322EPSS
Exploits0References5
Total number of security vulnerabilities187039