Lucene search
+L
PtsecurityRecent

187129 matches found

ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-50981

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description A heap buffer overflow occurs in the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode allows the first-pass stats ring buffer wrap-around guard to...

7.6CVSS6.2AI score0.00414EPSS
Exploits0References37
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.6 views

PT-2026-53802

Unescaped Locator Data XSS in MCP-UI Resource createLocatorGeneratorUI Summary appium-mcp's createLocatorGeneratorUI function interpolates attacker-controlled element attributes — text, content-desc, resource-id, and locator selector values — directly into an HTML template literal without any HTM...

8.2CVSS6.4AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-50989

Name of the Vulnerable Software and Affected Versions Joomla! Component VMap version 1.9.6 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. This is achieved by sending GET requests to the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.25 views

PT-2026-51103

Summary A Stored Cross-Site Scripting XSS issue previously existed in the Text Widget in Board of Outerbase Studio where unsanitized HTML could be rendered using dangerouslySetInnerHTML Steps to Reproduce 1. Create a new dashboard. 2. Add a Text widget. 3. Insert the following payload: html...

4.4CVSS5.8AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.14 views

PT-2026-51121

Name of the Vulnerable Software and Affected Versions SpiceDB versions prior to 1.54.0 Description Under concurrency, the CheckPermission and CheckBulkPermissions functions can incorrectly return PERMISSIONSHIP HAS PERMISSION instead of PERMISSIONSHIP CONDITIONAL PERMISSION for a specific resourc...

3.7CVSS5.9AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-51018

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS6.6AI score0.0047EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.14 views

PT-2026-50964

Name of the Vulnerable Software and Affected Versions JHotelReservation version 6.0.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'search-hotels' endpoint with malicious code injected into the roo...

8.8CVSS6.2AI score0.00296EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51110

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.5 Description Users granted namespace management capabilities within a non-root namespace can abuse the canonicalization of the literal path "root" to manage the containing namespace itself. Several endpoints unde...

2.3CVSS5.9AI score
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50978

Name of the Vulnerable Software and Affected Versions Tilt versions 0.19.5 through 0.37.3 Description The Tilt HUD server mounts Go's net/http/pprof handlers under the '/debug' endpoint without access control. When the HUD is network-exposed, an unauthenticated caller can read process memory via...

8.3CVSS6AI score0.00384EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51088

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj is a JSON parser and Object marshaller for Ruby. A Use-After-Free issue exists when using the Oj::Parser in SAJ mode. The parser fails to protect cached object keys of 35 bytes or more from garbage...

8.7CVSS5.7AI score0.00253EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-50954

Name of the Vulnerable Software and Affected Versions Joomla Event Registration Pro Calendar version 4.1.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the 'index.php' endpoi...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.25 views

PT-2026-50828

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module versions 1.000 and prior Description An integer overflow or wraparound in the EtherNet/IP function allows a remote attacker to cause a denial-of-service DoS condition. By rapidl...

8.7CVSS6AI score0.00379EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-51093

Name of the Vulnerable Software and Affected Versions UltraJSON versions prior to 5.13.0 Description The functions ujson.dumps, ujson.dump, and ujson.encode contain an issue when the reject bytes variable is set to False. In this configuration, the software may accept malformed or truncated UTF-8...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.30 views

PT-2026-50896

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.5.0 through 3.16.0 Description An authentication bypass issue exists in the opa plugin. An attacker can relay spoofed identity headers to upstream services by exploiting non-default configurations in the opa plugin,...

5.4CVSS5.9AI score0.00359EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-51030

Name of the Vulnerable Software and Affected Versions Microsoft Copilot affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to perform tampering over a network. Recommendations At th...

7.5CVSS5.8AI score0.00399EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-51038

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A flaw exists in the Enforce Password Policy feature. When a Super Admin enables this policy and updates their password to a compliant one, the backend fails to update the password-compliance state...

6.9CVSS5.9AI score0.00299EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-50958

Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.4 Description The JoomRecipe component for Joomla contains a blind SQL injection flaw. This allows attackers to inject SQL code via POST requests to the search endpoint using the search author parameter. This can be used...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50845

Name of the Vulnerable Software and Affected Versions The Royal Addons for Elementor – Addons and Templates Kit for Elementor versions 1.7.1058 through 1.7.1059 Description An arbitrary file read issue exists due to the wpr get csv handle helper function. When the settings.table upload csv.url...

6.5CVSS6AI score0.0024EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-51024

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.3.19 Kestra versions prior to 1.2.19 Kestra versions prior to 1.1.19 Kestra versions prior to 1.0.43 Description Kestra is an open-source, event-driven orchestration platform. The inputFiles task writes rendered file...

6.5CVSS6AI score0.00308EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50878

Name of the Vulnerable Software and Affected Versions SIMA GmbH Bondix versions prior to 1.25.7.6 Description OS command injection exists in the environment and tunnel configuration functionality on Linux. An authenticated attacker with configuration write access can execute arbitrary...

8.6CVSS6.2AI score0.01098EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51109

Summary OpenBao users with access to the sys/leases/revoke/:lease id endpoint in any namespace can revoke leases in any other namespace as long as the lease identifier is known to them, bypassing ACLs that should apply for cross-namespace revocations. Impact OpenBao's namespaces provide...

2.1CVSS5.8AI score
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50901

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description Insecure default credentials exist when TLS configuration is absent and the server is bound beyond the loopback interface. This allows an unauthenticated user on the local network to gain...

9.3CVSS6.8AI score0.00308EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.26 views

PT-2026-51102

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An issue exists in components based on BaseFileComponent, including Docling DoclingInlineComponent, Docling Serve DoclingRemoteComponent, Read File FileComponent, NVIDIA Retriever Extraction...

9.6CVSS6.7AI score0.00411EPSS
Exploits1References13
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50830

Name of the Vulnerable Software and Affected Versions Classified Listing – Classified ads & Business Directory versions prior to 5.4.3 Description The plugin contains a missing authorization flaw in the gallery image update as feature AJAX handler action: rtcl fb gallery image update as feature...

4.3CVSS5.9AI score0.00213EPSS
Exploits0References14
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.13 views

PT-2026-51092

Name of the Vulnerable Software and Affected Versions concurrent-ruby versions prior to 1.3.7 Description A synchronization correctness issue exists in the public Concurrent::ReadWriteLock API. The function release write lock does not verify if the calling thread actually acquired the write lock,...

9.8CVSS5.9AI score0.0016EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.21 views

PT-2026-50948

Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description The GridTime 3000 GNSS Time Server contains an open redirect issue within the password change form submission. An open redirect occurs when an application takes a user-provided URL an...

5.3CVSS5.9AI score0.00122EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50942

Name of the Vulnerable Software and Affected Versions Joomla! Component Flip Wall version 8.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the wallid parameter via GET requests to the 'index.ph...

7.1CVSS6.1AI score0.00241EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50931

Name of the Vulnerable Software and Affected Versions Joomla! Component User Bench version 1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. This is achieved by sending GET requests to the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51117

Summary The built-in HTTP server started by allure serve and allure open is vulnerable to path traversal. The server resolves request URI paths directly against the report directory without normalizing or validating that the resolved path stays within the report directory. An attacker who can rea...

6.2CVSS6.1AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50930

Name of the Vulnerable Software and Affected Versions Joomla! Component My Projects version 2.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the VerAyari parameter at the component endpoint,...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51100

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.0 Description The logout button fails to clear the user session, allowing a previous user to remain logged in unless another user explicitly authenticates. This occurs because the '/logout' endpoint deletes...

6.1CVSS5.9AI score0.00152EPSS
Exploits1References10
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51078

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML token validation in the SamlSecurityTokenHandler does not enforce SubjectConfirmation method URIs or holder-of-key proof keys. This allows an attacker to...

7.4CVSS5.9AI score0.00178EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-51010

Name of the Vulnerable Software and Affected Versions AWX affected versions not specified Description A flaw exists in the GitHub webhook integration where the controller stores the pull request.statuses url value from a pull request webhook payload without validating if it points to a trusted...

6.3CVSS5.9AI score0.00204EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50968

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack buffer overflow occurs in the '/goform/AdvSetMacMtuWan' endpoint through the mac parameter. A stack buffer overflow is a condition where a program writes more data to a buffer located on the...

9.8CVSS6.4AI score0.00384EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51085

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description A heap use-after-free occurs when disabling symbol keys on a reused Oj::Parser instance. When the symbol keys setting is changed from true to false, the opt symbol keys set function frees the internal ke...

8.7CVSS5.8AI score0.00428EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50979

Name of the Vulnerable Software and Affected Versions Tilt versions 0.24.0 through 0.37.3 Description The Tilt HUD WebSocket endpoint /ws/view is susceptible to Cross-site WebSocket Hijacking CSWSH, a technique where an attacker tricks a victim's browser into establishing a WebSocket connection t...

8.3CVSS5.9AI score0.00222EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-53784

Arbitrary Cloudinary API Parameter Signing in @jhb.software/payload-cloudinary-plugin Summary @jhb.software/payload-cloudinary-plugin v0.3.4 exposes a server-side signing endpoint POST /api/cloudinary-generate-signature that passes attacker-supplied paramsToSign directly to cloudinary.utils.api...

7.1CVSS6AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51108

Name of the Vulnerable Software and Affected Versions OpenBao affected versions not specified Description An issue exists in the shared LDAP utility library sdk/helper/ldaputil/client.go used by the LDAP authentication backend and OpenLDAP secrets engine. The GetUserDN function incorrectly uses...

6.8CVSS6AI score
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.12 views

PT-2026-55945

Name of the Vulnerable Software and Affected Versions LangSmith Client SDKs versions prior to 0.8.18 Description An issue exists in the TracingMiddleware where an attacker can send an HTTP request to a server to force the reading of an arbitrary file from the local filesystem. The contents of the...

7.7CVSS6.2AI score0.00174EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50956

Name of the Vulnerable Software and Affected Versions Joomla! Component PHP-Bridge version 1.2.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending GET requests to the 'index.php' endpoint with the parameters option=com phpbridge and...

8.8CVSS6.2AI score0.00232EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51070

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description WS-Security signature verification performs a document-wide ds:Signature lookup. An unauthenticated remote attacker can place a SOAP header before wsse:Security and...

5.9CVSS6AI score0.00238EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51056

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description A bug in the CRI plugin allows the propagation of labe...

9.4CVSS6.2AI score0.00208EPSS
Exploits0References66
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.21 views

PT-2026-51026

Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.0.20 Description An open source implementation of the h.265 video codec contains an issue where a crafted H.265 bitstream can trigger an out-of-bounds array write within the decoder context::process reference pictu...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References9
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50915

Name of the Vulnerable Software and Affected Versions TFTP Broadband version 4.3.0.1465 Description The tftpt.exe service binary contains an unquoted service path issue. This occurs when a service path contains spaces and is not enclosed in quotation marks, allowing a local attacker to place a...

8.5CVSS5.9AI score0.00119EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-50902

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An incorrect conversion between numeric types occurs in NI grpc-device due to missing range checks in CodeGen. This issue may result in the silent discarding of high bits if a size value...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50993

Name of the Vulnerable Software and Affected Versions Joomla vWishlist version 1.0.1 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the component using crafted payloads in the...

7.1CVSS6.1AI score0.00221EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.38 views

PT-2026-51119

Name of the Vulnerable Software and Affected Versions @cyclonedx/cyclonedx-npm versions 2.1.0 through 4.x Description Command injection occurs when the CLI is invoked with the --workspace option while the environment variable npm execpath is unset or empty. In this scenario, user-supplied values...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50908

Name of the Vulnerable Software and Affected Versions Comodo Dragon Browser versions prior to 52.15.25.664 Description The DragonUpdater service contains a privilege escalation flaw caused by an unquoted service path that runs with SYSTEM privileges. A local attacker can exploit this by placing a...

8.5CVSS6.2AI score0.00122EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50986

Name of the Vulnerable Software and Affected Versions Joomla Component J-MultipleHotelReservation version 6.0.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50892

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description A memory leak exists in the BeginSidebandStream function, which can lead to a denial of service condition caused by memory exhaustion. Recommendations Update to a version later than 2.17.0. A...

7.5CVSS5.9AI score0.0024EPSS
Exploits0References6
Total number of security vulnerabilities187129