Lucene search
+L
PtsecurityRecent

187155 matches found

ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50980

Name of the Vulnerable Software and Affected Versions Tilt versions 0.20.8 through 0.37.3 Description The HUD HTTP server lacks authentication for state-changing and sensitive-read endpoints. When the HUD is bound to a non-loopback address, a network attacker can trigger pre-defined Tiltfile...

9.2CVSS5.9AI score0.00397EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.10 views

PT-2026-56606

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.9.1-alpha.12 Parse Server versions prior to 8.6.82 Description Deeply nested $or, $and, and $nor query condition operators used in the REST API or LiveQuery query handling can trigger exponential-time processin...

8.7CVSS6.1AI score0.00335EPSS
Exploits0References14
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.8 views

PT-2026-56607

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.9.1-alpha.13 Parse Server versions prior to 8.6.83 Description A LiveQuery subscriber may receive object field values they are not authorized to read. This occurs when a single save operation simultaneously...

2.3CVSS6.1AI score0.00386EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51112

Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description The default fileUpload.fileExtensions blocklist can be bypassed by uploading files with non-standard or compound extensions combined with a dangerous content type. This allows the upload...

2.1CVSS5.8AI score0.00406EPSS
Exploits0References14
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51101

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.0.19 Description An unauthenticated attacker can cause a denial of service by sending a request to the '/api/v1/files/upload/' endpoint without authentication tokens or cookies. By abusing a very long multipart for...

7.5CVSS5.9AI score0.00321EPSS
Exploits1References10
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.26 views

PT-2026-51063

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.3 Description When parsing a JSON object with a key of 254 bytes or longer, the Oj.load function in :object mode reads uninitialized stack memory. For keys 256 bytes or longer, the process also performs an out-of-boun...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.30 views

PT-2026-50870

Name of the Vulnerable Software and Affected Versions Cloudflare Quiche versions prior to 0.29.2 Description Two use-after-free issues exist in the connection ID iterator FFI Foreign Function Interface functions. The functions quiche connection id iter next and quiche conn retired scid next retur...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50939

Name of the Vulnerable Software and Affected Versions Joomla! Component Ajax Quiz version 1.8 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the cid parameter. Attackers can send GET requests to...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-50946

Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description The GridTime 3000 GNSS Time Server leaks the access token within the URL parameters of certain endpoints. Recommendations Update GridTime 3000 versions 1.0r0.03 through 1.1r0.0 to a...

6.5CVSS6.1AI score0.00227EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51090

Name of the Vulnerable Software and Affected Versions concurrent-ruby versions prior to 1.3.7 Description The Concurrent::AtomicReferenceupdate function can enter a permanent busy retry loop when the current value is Float::NAN. This occurs due to the interaction between AtomicReferenceupdate,...

8.2CVSS5.8AI score0.00278EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50969

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack buffer overflow exists in the '/goform/AdvSetMacMtuWan' endpoint. This issue occurs when processing the wanSpeed parameter, which can lead to remote arbitrary code execution. Recommendations At...

9.8CVSS6.4AI score0.00584EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50983

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description A heap-buffer-overflow read occurs in the reference AV1 codec implementation due to a missing bounds check in the SVC Scalable Video Coding layer ID control function. This allows the spatial...

7.1CVSS5.7AI score0.00272EPSS
Exploits0References34
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50949

Name of the Vulnerable Software and Affected Versions Zap Calendar Lite version 4.3.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eid parameter. Attackers can send GET requests to the RSVP plugin endpoint t...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.21 views

PT-2026-50841

Name of the Vulnerable Software and Affected Versions Advanced Import versions prior to 1.4.7 Description Server-Side Request Forgery SSRF occurs when the plugin uses the wp remote get function to fetch a user-supplied URL without validating that the destination does not point to internal or...

6.4CVSS5.9AI score0.00208EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-51002

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The library fetches content of option values server-side using the file get contents function when a value is...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50998

Name of the Vulnerable Software and Affected Versions Joomla! Component JoomProject version 1.1.3.2 Description An information disclosure issue allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. By sending requests to 'index.php' using the paramete...

8.7CVSS5.9AI score0.00442EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.30 views

PT-2026-50933

Name of the Vulnerable Software and Affected Versions Joomla Survey Force Deluxe version 3.2.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the component containing crafted S...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.24 views

PT-2026-50888

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An untrusted pointer dereference exists in the sideband streaming API. This issue allows an attacker to trigger an arbitrary memory dereference, which could lead to remote code execution...

9.8CVSS6.3AI score0.00549EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.6 views

PT-2026-53789

Impact The HmacSha256 class contained two functions: - hashpayload — a plain unkeyed SHA-256 digest. The Hmac prefix in the class name was misleading; this function has no key parameter, so it could never have been an HMAC. - hmacSHA256key, data — a properly keyed HMAC-SHA256. A reader who didn't...

8.2CVSS5.9AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-50962

Name of the Vulnerable Software and Affected Versions Joomla! Component Extra Search version 2.2.8 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.13 views

PT-2026-51166

These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51071

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The SamlSerializer skips the final SignatureValue verification when a service validates SAML tokens using a non-X.509 signing token. This occurs when the service is...

7.4CVSS5.9AI score0.0015EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.7 views

PT-2026-53764

Summary EnvironmentManager.restoreenv, backupId computes the backup path with joinenvDir, '.backups', backupId and only checks that this path exists. It does not resolve the result or verify that it remains under data//.backups. A caller can pass a traversal backup ID such as...

6.1CVSS5.9AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.14 views

PT-2026-51089

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj is a JSON parser and Object marshaller for Ruby. The Oj.load function is susceptible to heap corruption when processing a JSON string exceeding 2 GB. An integer overflow occurs within the buf append...

8.7CVSS5.9AI score0.00253EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.7 views

PT-2026-53793

XML Entity Expansion Billion Laughs DoS in XMLSitemapParser Summary ultimate-sitemap-parser version 1.8.0 and earlier parse attacker-controlled XML content using Python's xml.parsers.expat without any restriction on DTD declarations or recursive entity references. An attacker who can serve a...

7.5CVSS6AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-51118

Summary The ansi.js Handlebars helper in allure-generator passes user-controlled statusMessage and statusTrace values from test result files through the ansi-to-html library and wraps the output in Handlebars SafeString without HTML escaping. Since ansi-to-html does not escape HTML entities by...

6.1CVSS6AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.8 views

PT-2026-53786

Impact reverseProxy and reverseProxyRouting matched configured vhosts by substring on the Host header Contains matcher by default. The intended use of these functions in http4k is outbound dispatch e.g. matching AWS service subdomains, per the Contains docstring and test-time composition of fake...

6.3CVSS5.8AI score
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-51079

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML 1.1 and SAML 2.0 token validation fails to correctly resolve the issuer signing key or enforce signed tokens when IdentityConfiguration is used with federated...

10CVSS6AI score0.00246EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.6 views

PT-2026-53787

An authenticated user could crash a SurrealDB server with a single query containing a long chain of operators. Such a query — for example RETURN 1 + 1 + 1 + ... with tens of thousands of terms — is parsed into an expression tree one level deep per operator. Because the chain is flat and the pratt...

6.5CVSS6.2AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.6 views

PT-2026-53775

Summary A GitHub Actions workflow is vulnerable to command injection through the issue title. The workflow is triggered when an issue is opened or closed, and it directly inserts github.event.issue.title into a Bash variable assignment. If an issue title contains command substitution syntax, Bash...

7.1CVSS6.1AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-51114

Summary The CartController defines a RateLimiter behavior that is only activated when the 'number' POST/GET parameter is explicitly provided. Details When an attacker submits coupon codes against the session-based cart without passing a 'number' parameter, no rate limiting is applied. This allows...

6.9CVSS5.9AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.7 views

PT-2026-53781

A field can be hidden from a user with a field-level SELECT permission DEFINE FIELD code ON secret PERMISSIONS FOR select WHERE owner = $auth.id. When that field is indexed, a record user who cannot read it could still recover the relative ordering of its values across every record by issuing ORD...

4.3CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.5 views

PT-2026-53794

Impact The previous BasicCookieStorage did not enforce RFC 6265 scoping rules around cookie domain, path, and Secure attribute. A client using a single storage instance to talk to multiple origins could have cookies leak across domains, or have Secure cookies sent over plain HTTP — the deprecatio...

6.9CVSS5.8AI score
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.7 views

PT-2026-53790

Unauthenticated nested page API leaks restricted & unpublished content - Location: app/controllers/alchemy/api/pages controller.rb:28 Api::PagesControllernested - Affected version: Alchemy CMS 8.3.0.dev Rails 8.1.3 Description The unauthenticated GET /api/pages/nested endpoint returns the full pa...

7.5CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.4 views

PT-2026-54553

Уязвимость плагина openid-connect облачного API-шлюза Apache APISIX связана с недостаточной проверкой подлинности данных при обработке заголовков идентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить спуфинг-атаки...

9.4CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.5 views

PT-2026-53240

Root has patched GHSA-wxgw-qj99-44c2 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.5 views

PT-2026-53801

Summary On a multi-tenant stigmem node, RTBF right-to-be-forgotten tombstones were mis-scoped two ways. 1 issue tombstone defaulted the tenant to "default" instead of the caller's tenant, so tombstones could be written to the wrong tenant. 2 The read-suppression path — get tombstone filter...

7.2CVSS5.5AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.2 views

PT-2026-54536

Уязвимость плагина forward-auth облачного API-шлюза Apache APISIX связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить спуфинг-атаки...

9CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.7 views

PT-2026-54535

Уязвимость плагина authz-casdoor облачного API-шлюза Apache APISIX связана с недостатками процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации...

8.5CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.3 views

PT-2026-54537

Уязвимость плагина jwt-auth облачного API-шлюза Apache APISIX связана с обходом аутентификации посредством спуфинга. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации...

9.4CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.6 views

PT-2026-53771

Impact A Parse Server LiveQuery subscriber can receive object field values they are not authorized to read when a single save changes both an object field and the subscriber's ACL read access to that object. When such a save removes the subscriber's read access, the resulting leave event still...

2.3CVSS5.8AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.4 views

PT-2026-54527

Уязвимость программного средства управления проектами и задачами JetBrains YouTrack и программного обеспечения управления аккаунтами JetBrains Hub связана с отсутствием аутентификации для критичной функции. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти...

10CVSS5.8AI score
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.6 views

PT-2026-53769

Summary Anki launches a local HTTP server to serve media files and web pages for parts of its interface. The server fails to validate requests in the following ways: 1. No sufficient validation of the Origin header. 2. Some endpoints are vulnerable to path traversal attacks. This allows malicious...

8.7CVSS5.8AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.7 views

PT-2026-53779

Lokka versions prior to 2.1.2 constructed Azure Resource Manager request URLs using direct string concatenation with user-controlled path input. Specially crafted path values could alter URL authority parsing and cause Azure Resource Manager bearer tokens to be sent to an unintended host. Version...

8.7CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.9 views

PT-2026-53783

SurrealDB fetches the JWKS document for a JWT or record access method using a bare reqwest client that follows HTTP redirects by default. The network capability check in core/src/iam/jwks.rs check capabilities url is applied only to the originally configured URL; redirect targets are not...

4.1CVSS5.9AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.11 views

PT-2026-53767

Summary EnvironmentManager.backup recursively collects files using collectBackupFiles. collectBackupFiles uses statSyncfull, which follows symlinks. If data/ contains a symlink to a directory outside the environment root, backup recursion follows the symlink and copies external files into...

5.5CVSS5.8AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.4 views

PT-2026-53766

Summary On a multi-tenant stigmem node, a caller holding a write credential for one tenant can run a decay sweep that acts on every tenant's facts. The candidate-selection queries in lifecycle/decay.py select ttl candidates, select confidence candidates carried no tenant id predicate, and the...

7.2CVSS5.5AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.11 views

PT-2026-51094

Summary convert builds the nested tree by using each flat record's id and parent field values directly as object keys, with no guard against proto / constructor / prototype. A record whose parent is the string " proto " makes tempparent resolve to Object.prototype, and the following initPush...

7.5CVSS6AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50987

Name of the Vulnerable Software and Affected Versions J-ClassifiedsManager version 3.0.5 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. By submitting crafted payloads to the 'displayads' component...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.13 views

PT-2026-53768

Summary The Order::setPaymentAmount method accepts any float value without enforcing a minimum positive amount. The PaymentsController casts the user-supplied 'paymentAmount' parameter directly to float with no lower-bound check. Details When the store has 'Allow Partial Payment on Checkout'...

6.9CVSS5.7AI score
Exploits0References4
Total number of security vulnerabilities187155