Lucene search
K
PtsecurityRecent

187129 matches found

Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51042

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authentication logic flaw exists where a user authorized to manage team or organization security settings can enforce mandatory two-factor authentication 2FA for all team members without having 2...

5.1CVSS5.9AI score0.00206EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.25 views

PT-2026-51188

Name of the Vulnerable Software and Affected Versions AOMEI Partition Assistant versions prior to 10.10.2 Description Improper access controls exist within the Kernel Driver component, specifically affecting unknown code in the ampa10.sys library. This issue allows a local attacker to manipulate...

8.5CVSS7.2AI score0.00113EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51154

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the require apikey expiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers wit...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.22 views

PT-2026-51045

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description Authenticated users can modify the mutable public.users.email variable to arbitrary addresses. The SSO provisioning endpoint trusts this value as an account-merge key. This allows an attacker to...

8.7CVSS5.9AI score0.00228EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.25 views

PT-2026-51132

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains insufficient authorization checks that allow unauthenticated attackers to delete and modify files on the server. This issue occurs within t...

7.5CVSS5.9AI score0.00433EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.26 views

PT-2026-51140

Name of the Vulnerable Software and Affected Versions WordPress Time Capsule Plugin version 1.21.16 Description An authentication bypass allows unauthenticated attackers to gain administrative access by sending a crafted POST request containing the IWP JSON PREFIX header. This flaw enables the...

8.7CVSS5.9AI score0.00398EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.29 views

PT-2026-51175

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description An authorization bypass exists in the Meet plugin's 'uploadRecordedVideo.json.php' endpoint. The system derives the target users id from the uploaded filename without proper verification. An attacker w...

9.2CVSS6AI score0.00295EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.23 views

PT-2026-51152

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the unauthenticated '/replication' endpoint. This allows attackers to retrieve internal PostgreSQL replication telemetry without authentication, exposing...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.21 views

PT-2026-51136

Name of the Vulnerable Software and Affected Versions SP LMS versions prior to 4.1.4 Description SP LMS com splms by JoomShaper contains a PHP Object injection flaw where user-controlled cookie data is deserialized without validation. Specifically, the application passes the lmsOrders cookie to a...

9.5CVSS6.3AI score0.02726EPSS
Exploits5References14
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.14 views

PT-2026-53939

Affected versionf of memmap2 did not perform enough validation on the offset and len parameters of Mmap::unchecked advise range, MmapMut::unchecked advise ranage and MmapMut::flush async range. This can cause undefined behavior due to invalid values being passed to pointer::offset and pointer::ad...

5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.15 views

PT-2026-51153

Name of the Vulnerable Software and Affected Versions capacitor-native-biometric versions prior to 12.128.2 Description An authentication bypass exists because the onAuthenticationSucceeded function fails to validate CryptoObject parameters. This allows attackers to use dynamic instrumentation to...

4.8CVSS5.9AI score0.00165EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51158

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'stripe portal' and 'stripe checkout' endpoints. These endpoints accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers ca...

4.8CVSS5.9AI score0.00152EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.7 views

PT-2026-55717

bcrypt::verifypassword, hash and HashParts::from strhash panic in str::slice error fail when given a 60-byte &str containing a multi-byte UTF-8 character at certain byte positions. Impact Any Rust code that calls bcrypt::verify or HashParts::from str with an attacker-controlled hash string will...

5.3CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.24 views

PT-2026-51173

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS5.8AI score0.00302EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.15 views

PT-2026-51189

A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploi...

8.5CVSS6.4AI score0.00113EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.17 views

PT-2026-51178

Name of the Vulnerable Software and Affected Versions GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN version 1.0 Description An issue exists where a crafted SQL statement can be used to access sensitive database information. This occurs via the scost parameter in the...

7.7CVSS5.9AI score0.00215EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51043

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the public.upsert version meta SECURITY DEFINER function exposed via PostgREST RPC. This allows unauthenticated attackers to insert arbitrary rows into version meta...

6.9CVSS6AI score0.00235EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.24 views

PT-2026-51195

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 0.0.1 through 2.9.0 Description Apache NiFi allows the construction of qualified URLs using several HTTP request headers that serve as alternatives to the standard Host header without validating the provided values. While ...

6.3CVSS5.9AI score0.00268EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.19 views

PT-2026-51130

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A stored cross-site scripting issue exists due to the use of an outdated notebookjs library. While .ipynb previews are sanitized on the server side via the '/-/api/sanitize ipynb' endpoint,...

8.9CVSS5.8AI score0.00429EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51072

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description A CoreWCF service listening on a Kafka topic stops processing new records when the KafkaTransportPump receives a null-value tombstone record. A tombstone record is a...

6.5CVSS6AI score0.00336EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51082

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description When operating in object mode, the Oj.dump function is susceptible to a heap buffer overflow during the serialization of Exception objects if a large :indent value is used. The issue occurs because the...

8.7CVSS6AI score0.00119EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-55979

Name of the Vulnerable Software and Affected Versions Hugo versions 0.60.0 through 0.163.2 Description The default code-block renderer fails to perform HTML escaping when writing the Markdown code-fence language or info-string into the code element's class and data-lang attributes. An attacker ca...

5.4CVSS6.1AI score0.00172EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50922

Name of the Vulnerable Software and Affected Versions Chromacam version 4.0.3.0 Description An unquoted service path issue exists in the PsyFrameGrabberService. This allows local attackers with write access to C: or subdirectories such as C:Program Files x86Personify to execute arbitrary code. By...

8.5CVSS6.5AI score0.0012EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51092

Name of the Vulnerable Software and Affected Versions concurrent-ruby versions prior to 1.3.7 Description A synchronization correctness issue exists in the public Concurrent::ReadWriteLock API. The function release write lock does not verify if the calling thread actually acquired the write lock,...

9.8CVSS5.9AI score0.0016EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.27 views

PT-2026-50889

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An out-of-bounds read occurs in the NI grpc-device streaming API because of a missing bounds check. This issue can lead to a denial of service if an attacker provides a specially crafted writ...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50914

Name of the Vulnerable Software and Affected Versions Network Inventory Advisor version 5.0.26.0 Description The niaservice service is installed with an unquoted binary path. This configuration allows local attackers to escalate privileges by placing malicious executables in intermediate...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-50985

Name of the Vulnerable Software and Affected Versions Joomla J-CruisePortal version 6.0.4 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the "cruises" endpoint using crafted SQL...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50835

Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...

5CVSS5.9AI score0.00208EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.9 views

PT-2026-56266

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.4 Description Webview-based pages communicate with the Rust backend via an internal localhost API. User scripts included through iframes in the editor can bypass protections to access this API. A malicious imported...

6.5CVSS6.2AI score0.00169EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.8 views

PT-2026-54004

Name of the Vulnerable Software and Affected Versions MessagePack versions prior to 1.2.1 Description An out-of-bounds read occurs when an Unpacker is reused after an error has been caught, which can lead to a denial of service DoS attack. If the Unpacker is used repeatedly following such an erro...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51123

Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.32.0 through 2.36.0 Symfony UX versions 3.0.0 through 3.1.9 Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. Due to improper validation in...

7.8CVSS6.1AI score0.00146EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51096

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.30.2 Description An incomplete Server-Side Request Forgery SSRF protection exists in the Link Check API. The tools.IsInternalIP deny-list in internal/tools/net.go fails to block certain IPv6 transition mechanisms an...

5.8CVSS6.1AI score0.00282EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-51122

Name of the Vulnerable Software and Affected Versions Symfony UX Icons affected versions not specified Description The ux icon Twig function is marked as safe for HTML, which prevents Twig from escaping its output. The Icon::toHtml function inlines SVG source code directly into the page. Because...

6.1CVSS5.5AI score0.00194EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51074

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The NetNamedPipe transport in CoreWCF allows local interception of traffic. This occurs because the transport accepts attachments to pre-existing named pipe instances...

6.5CVSS6AI score0.00088EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51068

Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0-ea.1 through 3.7.4 Description A fail-open authentication issue exists in the Kubernetes Ingress NGINX provider. When an Ingress explicitly enables BasicAuth or DigestAuth using the nginx.ingress.kubernetes.io/auth-type...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51075

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description CoreWCF UnixDomainSocket POSIX peer identity resolution utilizes non-reentrant getpwuid and getgrgid calls. This creates a race condition where concurrent connections...

6.2CVSS6AI score0.001EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51076

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML token replay protection is inoperative because the DefaultTokenReplayCache.TryAdd function does not reject duplicate tokens when DetectReplayedTokens is enabled...

5.9CVSS5.9AI score0.00268EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-51008

Name of the Vulnerable Software and Affected Versions @microsoft/kiota-http-fetchlibrary versions 1.0.0-preview.97 through 1.0.0-preview.101 Description The RedirectHandler in the library fails to properly remove sensitive headers during cross-origin redirects. While it is intended to strip...

6.9CVSS5.8AI score0.0065EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.9 views

PT-2026-53770

Gzip Decompression Bomb Bypasses Sitemap Size Limit Summary ultimate-sitemap-parser enforces a 100 MiB size limit on sitemap responses, but applies it only to the compressed bytes received over the network. When a .gz sitemap is fetched, usp/helpers.py:239 calls gzip lib.decompressdata with no...

7.5CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-50843

Name of the Vulnerable Software and Affected Versions BetterDocs Pro versions prior to 3.8.1 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. Unauthenticated attackers can exploit this via the doc style...

9.8CVSS6.2AI score0.00886EPSS
Exploits2References10
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50877

Name of the Vulnerable Software and Affected Versions Microsoft HEIF Image Extensions version 1.2.22.0 Description An out-of-bounds read occurs because the CHEIFItemInfoEntry GetDataSize function can return a success status while leaving the reported data size at 0. This leads a caller to perform...

9.1CVSS6AI score0.00823EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-51036

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication bypass exists in the OTP One-Time Password verification process. Attackers can intercept OTP verification requests and manipulate HTTP responses to falsely indicate that...

9.4CVSS5.9AI score0.00188EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-51055

Name of the Vulnerable Software and Affected Versions symfony/ux-autocomplete versions prior to 2.x symfony/ux-autocomplete versions prior to 3.x Description The Stimulus controller in the software renders AJAX response items into a dropdown by interpolating the text field directly into HTML...

5.1CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50911

Name of the Vulnerable Software and Affected Versions Wise Care 365 version 4.27 Wise Disk Cleaner version 9.29 Description An unquoted service path issue exists in the WiseBootAssistant and SpyHunter 4 Service. This allows local users to execute arbitrary code with SYSTEM privileges by placing...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-50888

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An untrusted pointer dereference exists in the sideband streaming API. This issue allows an attacker to trigger an arbitrary memory dereference, which could lead to remote code execution...

9.8CVSS6.3AI score0.00549EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-51033

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Online affected versions not specified Description Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. There have been reports of elevated activities targeti...

9.6CVSS5.8AI score0.00389EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-51061

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.6.0 Description The Konnected integration registers an HTTP endpoint 'KonnectedView' located in homeassistant/components/konnected/ init .py that is configured to not require authentication. While write...

7.6CVSS5.9AI score0.00193EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.25 views

PT-2026-51013

Name of the Vulnerable Software and Affected Versions Gonic versions prior to 0.21.0 Description A logic error in the ServeCreateOrUpdatePlaylist function allows for arbitrary file write operations within the music streaming server. Recommendations Update to version 0.21.0 or later. As a temporar...

8.1CVSS5.9AI score0.00269EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.69 views

PT-2026-50891

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An unchecked enum cast issue exists in the BeginSidebandStream function. An attacker can trigger invalid enum states and undefined behavior by supplying a specially crafted message containing...

7.1CVSS5.9AI score0.00254EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-51040

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Improper access control exists in the SECURITY DEFINER PostgREST RPC function public.record build time. This function is granted to the anon role and can be called using only the public Supabase...

8.7CVSS6AI score0.00242EPSS
Exploits0References9
Total number of security vulnerabilities187129