Lucene search
K
PtsecurityRecent

187100 matches found

Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.21 views

PT-2026-51253

Name of the Vulnerable Software and Affected Versions OFFIS DCMTK versions prior to 3.7.1 Description A heap-based buffer overflow can occur in the XMLNode::parseFile function within the ofstd/libsrc/ofxml.cc library. This issue allows a remote attacker to execute a manipulation that leads to the...

7.5CVSS6.8AI score0.00279EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.21 views

PT-2026-51233

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.13 Craft CMS versions 4.0.0-RC1 through 4.17.7 Description An authorization bypass exists in the 'assets/preview-file' endpoint. The system fails to enforce per-asset view authorization before returning...

5.3CVSS5.9AI score0.00221EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.15 views

PT-2026-51262

A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in an...

6.5CVSS6.2AI score0.01158EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51256

A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz 5in1 redirect of the file /goform/wiz 5in1 redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched remotely. The exploi...

6.5CVSS6.5AI score0.01158EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.14 views

PT-2026-51246

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The xmlwf component contains an integer overflow in the resolveSystemId function. An integer overflow occurs when an arithmetic operation results in a value that exceeds the maximum size of the...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.15 views

PT-2026-51218

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the '/build/status' and '/build/logs' endpoints. Attackers can access build jobs belonging to different applications by providing a mismatched app id and job id...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51247

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The xmlwf component contains an integer overflow in the endDoctypeDecl function. This issue is triggered via NOTATION declarations, which are used in XML to define the format of non-XML data...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51241

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow exists in the getAttributeId function. An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.10 views

PT-2026-51243

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow occurs in the doProlog function, specifically related to storeEntityValue and the entity textLen variable. An integer overflow is a condition where an arithmetic operation attemp...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51239

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow exists in the storeAtts function. An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.47 views

PT-2026-51259

Name of the Vulnerable Software and Affected Versions Radware Cyber Controller versions prior to 10.11.0 Description An issue exists within the HTML Report Generation component that allows for HTML injection. This flaw can be exploited remotely to inject malicious HTML code into reports...

5.1CVSS5.9AI score0.00195EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51231

Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...

4.8CVSS5.8AI score0.00177EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51248

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where XML TOK DATA CHARS is not considered in the doCdataSection function. This leads to a lack of handler call depth tracking for various calls from within handlers during policy...

5.9CVSS5.9AI score0.00105EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51260

Name of the Vulnerable Software and Affected Versions activepieces versions prior to 0.83.1 Description An issue exists in the File URL Handler component within the handleUrlFile function located in the packages/server/engine/src/lib/variables/processors/file.ts library. This flaw allows for remo...

6.5CVSS6.8AI score0.00201EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51200

A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. This affects an unknown part of the file /index.php?page=houses. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS5.6AI score0.00192EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51215

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.25 Description The software fails to detect malicious pickle files that utilize the timeit.timeit function within the reduce method. This allows for remote code execution, as attackers can craft pickle files th...

7.6CVSS6.4AI score0.00418EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.21 views

PT-2026-51223

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Improper access control in the public.get org members RPC function allows unauthenticated attackers to enumerate organization members. By using a public sb publishable key and an organization UUID,...

8.7CVSS5.9AI score0.00249EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51255

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description Command injection is possible via the POST Request Handler component. A remote attacker can exploit this by manipulating the interface argument within the stainfo function of the '/goform/stainfo'...

6.5CVSS6.7AI score0.01182EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.20 views

PT-2026-51232

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.7 Craft CMS versions 5.0.0-RC1 through 5.9.13 Description A missing authorization issue exists in the 'assets/preview-thumb' endpoint. A Control Panel user lacking permissions to view a specific privat...

5.3CVSS6AI score0.00193EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51265

Name of the Vulnerable Software and Affected Versions Browserbase versions prior to 20260526 Description An issue exists in the Autobrowse Trace Artifact Handler component where a flaw in an unknown function allows for the manipulation of default permissions, resulting in incorrect permission...

4.8CVSS5.8AI score0.00115EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.11 views

PT-2026-51269

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description Information regarding the nature of the issue is not provided in the available sources. Recommendations At the moment, there is no information about a newer version that contains a fix for thi...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.28 views

PT-2026-51237

phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser and updateUserRights endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit user permission can set is superadmin flag or grant arbitrary rights to escalate to...

8.8CVSS6AI score0.00251EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51244

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow exists in the copyString function. An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51197

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.59.9 Description An improper authentication flaw exists in the MCP Proxy component. Specifically, the UserAPIKeyAuth function within the file litellm/proxy/ experimental/mcp server/auth/user api key auth...

9.8CVSS7.2AI score0.00612EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.32 views

PT-2026-51261

Name of the Vulnerable Software and Affected Versions Comfast CF-WR631AX V3 versions prior to 2.7.0.8 Description A remote OS command injection flaw exists in the API Endpoint component. The issue occurs within the system function of the '/cgi-bin/mbox-config?section=ping config' endpoint when th...

6.5CVSS6.9AI score0.01182EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.19 views

PT-2026-51207

Name of the Vulnerable Software and Affected Versions ILIAS Learning Management System version 11.0 Description An issue exists in the Learning Progress Tracking component within the ilTrQuery::executeQueries function of the components/ILIAS/Tracking/classes/class.ilTrQuery.php file. Remote...

5.8CVSS5.8AI score0.00206EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.22 views

PT-2026-51198

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue in the MCP Server Connection Testing component allows for server-side request forgery SSRF, which is a flaw that enables an attacker to induce the server-side application to make...

6.5CVSS6.6AI score0.00262EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.19 views

PT-2026-51199

Name of the Vulnerable Software and Affected Versions Montodel House-Rental-Management versions prior to 90010017b81265eb1ef3810268909f7719a33863 Description A SQL injection issue exists in the '/login.php' endpoint. Remote attackers can exploit this by manipulating the Username parameter. SQL...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.13 views

PT-2026-51242

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow occurs in the XML ParseBuffer function because it lacks a specific check that is implemented in the XML Parse function. Recommendations Update to version 2.8.2 or later...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.18 views

PT-2026-51213

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description Improper authorization occurs in the ui view users function located in the litellm/proxy/management endpoints/internal user endpoints.py file. This flaw allows a remote attacker to bypass...

5.3CVSS6.2AI score0.00288EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.14 views

PT-2026-51264

Name of the Vulnerable Software and Affected Versions langflow-ai langflow versions prior to 1.9.4 Description An issue exists in the Bundle URL Loader component where manipulation of an unknown function allows for code injection. This attack must be performed locally. Recommendations At the...

7.8CVSS6AI score0.00188EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.14 views

PT-2026-51201

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, a flaw exists where the conn-binding flag remains set after a SESSION SETUP call. Because this flag is connection-wide, the global session lookup function ksmbd...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.19 views

PT-2026-51186

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An issue in the M2M JWT Handler component, specifically within the file litellm/proxy/auth/user api key auth.py, leads to improper authorization. This flaw allows a remote attacker to bypass...

7.5CVSS5.9AI score0.00288EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.15 views

PT-2026-51245

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The xmlwf tool contains an integer overflow related to the output filename when the -d outputDir option is utilized. An integer overflow occurs when a mathematical operation results in a value that...

6.5CVSS5.9AI score0.00098EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51159

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'confirm-signup' endpoint. The confirmation url parameter is not validated, which allows attackers to redirect users to arbitrary external websites. This can be...

5.1CVSS6AI score0.0018EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51161

Name of the Vulnerable Software and Affected Versions Prefect version 3.6.23 Description Remote code execution is possible due to improper handling of user-controlled input within the GitRepository storage class. The commit sha parameter is passed to git commands without validation or the use of ...

9.9CVSS6.6AI score0.00874EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.22 views

PT-2026-51192

Name of the Vulnerable Software and Affected Versions EaseUS Partition Master versions prior to 14.6 Description A security flaw exists in the Kernel Driver component within the EUEDKEPM.sys library. An unknown function in this library allows for improper access controls, which can be exploited b...

8.5CVSS7.1AI score0.00109EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.17 views

PT-2026-51174

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 27.1 Description Authenticated administrators can perform server-side request forgery SSRF—a flaw where a server is tricked into making requests to an unintended location—via the 'plugin/Live/test.php' endpoint. The...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.17 views

PT-2026-51046

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A scope escalation issue exists in the 'POST /functions/v1/apikey' endpoint. This allows users with app-limited API keys to generate unrestricted keys by providing empty limits. An attacker possessi...

8.8CVSS5.9AI score0.00251EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.33 views

PT-2026-51144

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The preview subdomain resolver uses ILIKE pattern matching instead of exact matching for app id lookup. This allows underscore characters within the app id to function as SQL wildcards. An attacker...

3.1CVSS5.9AI score0.00215EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51156

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.read devices access can exploit...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51149

Name of the Vulnerable Software and Affected Versions capgo versions prior to 12.128.2 Description An authorization bypass exists in several Supabase PostgREST RPC functions: get app metrics, get global metrics, and get total metrics. These functions are granted to the anon role without enforcing...

6.9CVSS5.8AI score0.00274EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.21 views

PT-2026-51172

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.2 through 0.12.x Description Multimodal embeddings processing lacks sparse tensor validation. Since PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests containing...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51128

Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions prior to 1.5.2 Description Insufficient file path validation in the view page function allows unauthenticated attackers to delete arbitrary files on the server...

8.1CVSS6.3AI score0.00662EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51150

Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objects including PII to unauthenticated attackers. An attacker can enumerate valid email addresses and harvest sensitive user data including user IDs,...

6.9CVSS5.9AI score0.00328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.16 views

PT-2026-51139

Name of the Vulnerable Software and Affected Versions WordPress Ultimate Addons for Beaver Builder version 1.2.4.1 Description An authentication bypass exists in the social media login form functionality. Attackers can gain unauthorized access by submitting a POST request to the 'admin-ajax.php'...

9.8CVSS5.9AI score0.00428EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.44 views

PT-2026-51138

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

5.9CVSS5.8AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51147

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Insufficient webhook URL validation allows for Server-Side Request Forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. Organization admins can configure...

5.4CVSS5.9AI score0.00156EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.24 views

PT-2026-51131

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains a flaw allowing unauthenticated attackers to delete arbitrary files on the server. This occurs due to insufficient file path validation...

7.5CVSS6.8AI score0.0078EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.7 views

PT-2026-54954

Unknown description...

5.8AI score
Exploits0References6
Total number of security vulnerabilities187100