Lucene search
+L
PtsecurityRecent

187155 matches found

ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-51004

Name of the Vulnerable Software and Affected Versions WP Go Maps versions prior to 10.1.02 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Unauthenticated attackers can create arbitrary records in plugin...

5.3CVSS6AI score0.00205EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.7 views

PT-2026-53796

Impact The default security.http.urls policy denies requests to loopback, internal, and cloud-metadata IPv4 literals e.g. http://127.0.0.1/, http://169.254.169.254/. The deny rule only matched dotted-decimal notation, so alternate IPv4 encodings of the same addresses — integer, hex, or octal, whi...

7.7CVSS5.9AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.7 views

PT-2026-53329

Impact Parse Server is vulnerable to denial of service. A remote attacker can send a single, small query 1 KB containing deeply nested query condition operators. Parse Server processes the nested structure with exponential time complexity, which blocks the Node.js event loop and makes the server...

8.7CVSS5.8AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50827

Name of the Vulnerable Software and Affected Versions User Admin Simplifier versions prior to 3.0.1 Description The User Admin Simplifier plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a type of attack where an unauthorized user tricks a victim into performing actions they di...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50894

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description An open redirect issue exists where an attacker can manipulate client headers, specifically the Host header in the cas-auth plugin, to influence the CAS service URL. This can lead to the...

7.2CVSS5.9AI score0.00409EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-50999

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The software uses a case-sensitive blacklist to protect output filenames against the phar:// stream wrapper...

8.1CVSS6.2AI score0.00555EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.25 views

PT-2026-50864

The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fx file close even when the file was never successfully opened. Multiple error branches jump to...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-50951

Name of the Vulnerable Software and Affected Versions Joomla! Component Twitch Tv version 1.1 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the username and id parameters. Attackers can send GET...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.28 views

PT-2026-50990

Name of the Vulnerable Software and Affected Versions Joomla Component vRestaurant version 1.9.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'menu-listing-layout' endpoint with malicious code...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50924

Name of the Vulnerable Software and Affected Versions compose-rich-editor version 1.0.0-rc14 Description The compose-rich-editor library, used in HCL Verse for Android for rich text email composition, fails to properly validate HTML input. This lack of validation allows malicious content to be...

6.3CVSS5.8AI score0.00112EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51023

Name of the Vulnerable Software and Affected Versions Lima versions prior to 2.1.3 Description An unprivileged user within a Lima QEMU guest can escalate privileges to root. The issue stems from the guest-agent socket located at /run/lima-guestagent.sock being world-writable permissions 0o777 and...

8.2CVSS6.2AI score0.00197EPSS
Exploits0References14
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51087

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj::Parser in usual mode fails to mark array class and hash class references during garbage collection GC, resulting in a Use-After-Free condition. If the GC executes after the class is assigned but befo...

8.7CVSS5.8AI score0.00253EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.21 views

PT-2026-50890

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description A NULL pointer dereference occurs in the data moniker service of NI grpc-device. A NULL pointer dereference is a condition where a program attempts to read or write to a memory address that i...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.13 views

PT-2026-51053

Name of the Vulnerable Software and Affected Versions symfony/ux-live-component versions prior to 2.x and 3.x Description An issue exists in the SymfonyUXLiveComponentLiveComponentHydrator where the HMAC Hash-based Message Authentication Code used to protect read-only props and the propsFromParen...

2.3CVSS5.8AI score
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.24 views

PT-2026-50837

Name of the Vulnerable Software and Affected Versions BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor versions prior to 4.5.4 Description Stored Cross-Site Scripting occurs via the blockId attribute of the 'betterdocs/category-slate-layout' Gutenberg block. The issue...

6.4CVSS6AI score0.00212EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-50967

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack buffer overflow occurs in the '/goform/AdvSetMacMtuWan' endpoint through the cloneType parameter. A stack buffer overflow is a condition where a program writes more data to a buffer located on...

9.8CVSS6.4AI score0.00384EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-50913

Name of the Vulnerable Software and Affected Versions Matrix42 Remote Control Host version 3.20.0031 Description An unquoted service path issue exists in the FastViewerRemoteService and FastViewerRemoteProxy services. This allows local users to execute arbitrary code with SYSTEM privileges by...

8.5CVSS6.1AI score0.00119EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51070

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description WS-Security signature verification performs a document-wide ds:Signature lookup. An unauthenticated remote attacker can place a SOAP header before wsse:Security and...

5.9CVSS6AI score0.00238EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-50875

Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...

9.8CVSS5.9AI score0.00365EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-51005

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.23 Statamic versions prior to 6.20.0 Description An authenticated Control Panel user can view metadata and content for resources they lack permission to access. This includes entries, assets, users, roles, group...

4.3CVSS5.9AI score0.00162EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-50975

Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 2.3.6 CedarJava versions prior to 3.4.1 CedarJava versions prior to 4.9 Description Improper input handling allows Record-to-Entity type confusion across the Java-Rust FFI Foreign Function Interface boundary...

8.8CVSS6.1AI score0.0048EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.24 views

PT-2026-51001

Name of the Vulnerable Software and Affected Versions Slopsmith versions prior to 0.2.9-alpha.5 Description Slopsmith is a web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC. A path-traversal issue in the archive extractors allows an attacker to write arbitrary files...

9.4CVSS6.7AI score0.00568EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.24 views

PT-2026-50989

Name of the Vulnerable Software and Affected Versions Joomla! Component VMap version 1.9.6 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. This is achieved by sending GET requests to the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50952

Name of the Vulnerable Software and Affected Versions Joomla StreetGuessr Game version 1.1.8 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.6 views

PT-2026-53777

Impact ServerFilters.DigestAuth and the underlying DigestAuthProvider both defaulted their nonceVerifier parameter to true — i.e. every nonce was accepted regardless of value, age, or prior use. Any deployment using the default configuration had no replay protection on Digest authentication; a...

5.7AI score
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-50903

Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute...

8.5CVSS6AI score0.00114EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-51032

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot's Business Chat affected versions not specified Description An open redirect issue exists, which is a flaw that allows a user to be redirected to an untrusted external website. This can enable an unauthorized attacker to...

8.8CVSS5.8AI score0.00408EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.12 views

PT-2026-51073

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description A CoreWCF service hosted on Unix Domain Sockets using PosixIdentity client credentials may accept connections that bypass the application/unixposix stream upgrade befo...

4.4CVSS6AI score0.00109EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-51077

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The WS-Security 1.0 receive pipeline validates the SignatureMethod of an incoming ds:SignedInfo against the configured SecurityAlgorithmSuite but fails to validate the...

3.7CVSS6AI score0.00157EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.14 views

PT-2026-51104

Name of the Vulnerable Software and Affected Versions @tinacms/app versions prior to 2.5.6 tinacms versions prior to 3.9.3 Description Cross-origin postMessage handlers allow for stored XSS and session takeover. The software registers window message listeners—specifically the useTina overlay...

8.5CVSS5.8AI score0.00196EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50872

Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.14.2 Description A command injection issue exists in the import endpoint "/v3/import/token clusterId.yaml". This occurs due to unsanitized YAML parameters, which could allow remote attackers to break out of ...

9.6CVSS6AI score0.01277EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.6 views

PT-2026-54449

This update for xwayland fixes the following issues: - CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 - Font Alias Stack-based Buffer Overflow. bsc1266294 - GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write. bsc1266300 - XKB Key Types Stack-based Buffer Overflow. bsc12662...

5.8AI score
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.5 views

PT-2026-53331

Gradle Wrapper Execution During Dependency Discovery Enables Arbitrary Code Execution Summary agent-coderag unconditionally executes a repository-controlled gradlew script during its default sync dependency-discovery flow. An attacker who can induce a victim to index a malicious Gradle repository...

8.6CVSS6.5AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.25 views

PT-2026-53780

Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...

9.6CVSS6AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.5 views

PT-2026-53788

Summary AgentRuntime promises scoped file access under a configured sandbox basePath, but its path containment checks use raw string prefix tests. A sandbox base such as /tmp/network-ai-sandbox also matches a sibling path such as /tmp/network-ai-sandbox evil/secret.txt. An agent/user that can cal...

6.5CVSS5.8AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.6 views

PT-2026-53772

PathFilter's deny-list glob patterns are anchored, so .git, .obsidian, and node modules were only blocked at the vault root. Nested copies inside the vault e.g. tools/cli/node modules/..., tools/somerepo/.git/config, a nested .obsidian/ were fully traversable via isAllowed/isAllowedForListing...

6.9CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.4 views

PT-2026-53799

Kozou compiles a PostgreSQL schema into an Admin UI, a REST API, and an MCP server. Several hardening gaps in the bundled HTTP surfaces and the scaffolded dev stack are fixed in 1.8.1. Issues 1. MCP HTTP server lacked DNS-rebinding protection. The Streamable HTTP transport is unauthenticated and...

8.4CVSS6AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.24 views

PT-2026-50963

Name of the Vulnerable Software and Affected Versions Joomla! Component jCart for OpenCart version 2.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.5 views

PT-2026-54528

Уязвимость программного обеспечения управления аккаунтами JetBrains Hub связана с недостаточным контролем модификации динамически определённых характеристик объекта. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти ограничения безопасности, получить...

9CVSS5.8AI score
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.12 views

PT-2026-51081

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.9.1 Description CoreWCF SPNEGO SecurityContextToken SCT negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session establishment are...

7.4CVSS5.9AI score0.00175EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-50909

Name of the Vulnerable Software and Affected Versions Windows Firewall Control version 4.8.6.0 Description An unquoted service path issue exists where the wfcs.exe service is configured with a path containing spaces that is not enclosed in quotes. This allows a local attacker to escalate privileg...

8.5CVSS5.9AI score0.00113EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-51034

Name of the Vulnerable Software and Affected Versions Azure Synapse affected versions not specified Description Execution with unnecessary privileges allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version th...

9.9CVSS5.9AI score0.005EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.30 views

PT-2026-50873

Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...

10CVSS5.9AI score0.00416EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.5 views

PT-2026-54534

Уязвимость облачного API-шлюза Apache APISIX связана с переадресацией URL на ненадежный сайт. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, перенаправить пользователя на произвольный URL-адрес...

6.4CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-51016

Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.18 through 3.0.8 Description ProxySQL contains a pre-authentication heap memory corruption issue within the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can trigger this by declaring an...

9.8CVSS5.9AI score0.00358EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50832

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description A heap-based buffer overflow occurs in the doProlog function within xmlparse.c. This issue arises because the reallocation of the scaffold backing array is mishandled when data-structure sharing is...

6.9CVSS6.1AI score0.00107EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50831

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An issue exists where the software lacks handler call depth tracking for calls to the XML ResumeParser function when called from within handlers during a policy violation. This can lead to a...

4.9CVSS5.7AI score0.00135EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50943

Name of the Vulnerable Software and Affected Versions Joomla SP Movie Database version 1.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the searchword parameter when sending GET requests to the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50980

Name of the Vulnerable Software and Affected Versions Tilt versions 0.20.8 through 0.37.3 Description The HUD HTTP server lacks authentication for state-changing and sensitive-read endpoints. When the HUD is bound to a non-loopback address, a network attacker can trigger pre-defined Tiltfile...

9.2CVSS5.9AI score0.00397EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.10 views

PT-2026-56606

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.9.1-alpha.12 Parse Server versions prior to 8.6.82 Description Deeply nested $or, $and, and $nor query condition operators used in the REST API or LiveQuery query handling can trigger exponential-time processin...

8.7CVSS6.1AI score0.00335EPSS
Exploits0References14
Total number of security vulnerabilities187155