Lucene search
+L
PtsecurityRecent

187169 matches found

ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.14 views

PT-2026-51047

Name of the Vulnerable Software and Affected Versions py7zr version 1.1.0 Description An arbitrary file write issue exists when using the extractall function to extract an archive. The software fails to properly restrict the targets of symbolic links, allowing crafted malicious symbolic link chai...

8CVSS6.3AI score0.00404EPSS
Exploits0References27
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-50916

Name of the Vulnerable Software and Affected Versions RealTimes Desktop Service version 18.1.4 Description An unquoted service path exists in the rpdsvc.exe binary. This allows local attackers to escalate privileges by placing malicious executables in unquoted path directories, which are then...

8.5CVSS5.9AI score0.00119EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-51113

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.9 Craft CMS versions 5.0.0-RC1 through 5.9.9 Description Craft CMS is subject to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection via the '/actions/app/resource-js' endpoint. The iss...

9.2CVSS6AI score0.0033EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51111

Name of the Vulnerable Software and Affected Versions OpenBao versions 2.5.2 through 2.5.4 Description An authenticated user with write access to the transit/keys/ endpoint can cause a denial-of-service by crashing the server. This occurs when a key-creation request is sent combining an asymmetri...

6.5CVSS5.9AI score
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50966

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack buffer overflow occurs in the '/goform/AdvSetMacMtuWan' endpoint through the wanMTU parameter. A stack buffer overflow is a condition where a program writes more data to a buffer located on the...

9.8CVSS6.4AI score0.00384EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-51009

Name of the Vulnerable Software and Affected Versions gonic versions prior to 0.21.0 Description An authenticated Subsonic user can bypass ownership checks to read or delete playlists belonging to other users and probe arbitrary file paths on the host for existence or readability. This occurs...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-50971

Summary In affected versions, Request::buildRequestUrl inserts path variables into the request URL without URL encoding implode'/', $pathVariables. All request classes implementing getPathVariables are affected, e.g. GetContentDetailsRequest scheme, contentId. If a consuming application passes...

4.8CVSS5.9AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-51049

Description When a LiveProp is typed as a DateTimeInterface and no explicit format is configured, SymfonyUXLiveComponentLiveComponentHydrator::hydrateObjectValue falls back to new $className$value. The DateTime / DateTimeImmutable constructors accept relative strings such as "now", "tomorrow", or...

6.9CVSS6AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.7 views

PT-2026-56267

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.3 Description Anki launches a local HTTP server to serve media files and web pages for its interface. The server does not sufficiently block requests from other origins, allowing a malicious website to trigger...

8.7CVSS6.1AI score0.00181EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.24 views

PT-2026-50947

Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.2r0.0 Description Improper neutralization of input during web page generation in the password reset form allows Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted...

5.3CVSS5.8AI score0.00136EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-51007

Name of the Vulnerable Software and Affected Versions js-toml versions prior to 1.1.1 Description The software contains a quadratic time complexity issue during the parsing of hexadecimal, octal, and binary integer literals. This occurs because the parseBigInt function uses a loop that performs a...

7.5CVSS5.8AI score0.00415EPSS
Exploits1References13
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51059

Name of the Vulnerable Software and Affected Versions @tinacms/cli versions prior to 2.4.3 Description @tinacms/cli contains a Remote Code Execution issue in its Forestry-to-Tina migration command. The internal helper function addVariablesToCode unquotes any value matching the marker " TINA...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51014

Name of the Vulnerable Software and Affected Versions urllib3 version 2.6.3 Brotli version 1.2.0 Description A decompression bomb bypass exists in the streaming API preload content=False when Brotli support is used. This occurs because three independent code paths in response.py bypass the max...

7.5CVSS7.4AI score0.00304EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50945

Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description Improper neutralization of input during web page generation allows for Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted websites. Recommendation...

5.1CVSS5.8AI score0.00136EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-50938

Name of the Vulnerable Software and Affected Versions Joomla! Component Bargain Product VM3 version 1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product id parameter. Attackers can use crafted SQL...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.12 views

PT-2026-51019

Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.44 Description YARD is a documentation generation tool for the Ruby programming language. The static cache lookup reads a request path before the router's path cleanup process occurs. When a server is configured with...

5.3CVSS5.7AI score0.00273EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.21 views

PT-2026-50883

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 1.2.0 through 3.16.0 Description A Use of Less Trusted Source issue exists where an attacker can leverage the wolf-rbac plugin under default configuration. This allows for the potential pollution of logs with spoofed...

5.8CVSS5.9AI score0.00314EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50953

Name of the Vulnerable Software and Affected Versions Joomla Ultimate Property Listing version 1.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the sf selectuser id parameter. Attackers can...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.27 views

PT-2026-50869

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network...

8.8CVSS5.7AI score0.00282EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.25 views

PT-2026-51029

Name of the Vulnerable Software and Affected Versions Quarkus versions prior to 3.37.0 Quarkus versions prior to 3.36.3 Quarkus versions prior to 3.33.3 Quarkus versions prior to 3.33.2.1 Quarkus versions prior to 3.27.5 Quarkus versions prior to 3.27.4.1 Quarkus versions prior to 3.20.6.2...

7.5CVSS5.9AI score0.00463EPSS
Exploits1References16
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.24 views

PT-2026-50881

Name of the Vulnerable Software and Affected Versions FlexNet Manager Suite 2025 R1 Description An issue exists where an authenticated user with read-only access to account settings can escalate their privileges to the Administrator level. Recommendations At the moment, there is no information...

8.7CVSS5.8AI score0.00255EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.25 views

PT-2026-50846

Name of the Vulnerable Software and Affected Versions Avada Fusion Builder versions prior to 3.15.4 Description The Avada Fusion Builder plugin for WordPress contains a flaw allowing unauthenticated attackers to delete arbitrary files on the server. This issue stems from insufficient file path...

9.1CVSS6.6AI score0.01193EPSS
Exploits1References27
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50929

Name of the Vulnerable Software and Affected Versions Joomla NextGen Editor version 2.1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL commands. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com nge and...

8.8CVSS6.2AI score0.00323EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50911

Name of the Vulnerable Software and Affected Versions Wise Care 365 version 4.27 Wise Disk Cleaner version 9.29 Description An unquoted service path issue exists in the WiseBootAssistant and SpyHunter 4 Service. This allows local users to execute arbitrary code with SYSTEM privileges by placing...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50840

Name of the Vulnerable Software and Affected Versions Appointment Booking Calendar versions prior to 1.4.5 Description The Appointment Booking Calendar plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping in custom booking...

6.4CVSS6AI score0.00193EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50992

Name of the Vulnerable Software and Affected Versions Joomla! Component vAccount version 2.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the 'vaccount-dashboard/expense'...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50887

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.11.0 through 3.16.0 Description An authentication bypass exists due to a capture-replay issue. An attacker can leverage specific configurations in the hmac-auth module to reuse a token indefinitely, effectively bypassi...

6.5CVSS5.9AI score0.0043EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50920

Name of the Vulnerable Software and Affected Versions Brother SAPSprint version 7.60 Description An unquoted service path issue exists in the SAPSprint service binary. This allows local attackers to escalate privileges by placing a malicious executable in the Program Files directory path, which i...

8.5CVSS5.9AI score0.00115EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51083

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj::Doc iterators each value, each child, each leaf are subject to a heap use-after-free. This occurs when a Ruby block yielded during iteration calls doc.close or d.close, causing the document's heap...

8.7CVSS5.7AI score0.00117EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-50925

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The AbstractGenerator::$temporaryFiles public array allows any code with a reference to a generator instance to...

3CVSS6.1AI score0.00112EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.26 views

PT-2026-51025

Name of the Vulnerable Software and Affected Versions Authelia versions 4.36.0 through 4.39.19 Description Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO. A lack of domain canonicalization in specific edge cases can...

2.3CVSS5.9AI score0.00283EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-51020

Name of the Vulnerable Software and Affected Versions Mercator versions prior to 2025.05.19 Description The Query Engine allows authenticated users to execute queries via a JSON DSL Domain Specific Language, which is a specialized language used to define data queries. The controller method...

7.1CVSS5.9AI score0.00281EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-51097

Name of the Vulnerable Software and Affected Versions py7zr versions prior to 0.22.1 Description The Worker.decompress function in py7zr/worker.py extracts archive entries without tracking the total decompressed size. This allows a specially crafted .7z file to cause disk or memory exhaustion...

8.7CVSS5.9AI score0.00321EPSS
Exploits0References19
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.21 views

PT-2026-50997

Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal id parameter. Attackers can send GET requests to index.php with option=com joomcrm&view=contacts and inject SQL...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50844

Name of the Vulnerable Software and Affected Versions Woosa – Marktplaats for WooCommerce versions prior to 2.0.5 Description Insufficient path sanitization in the render logs ui function allows authenticated attackers with Administrator-level access to read arbitrary files on the server, such as...

4.9CVSS6AI score0.00397EPSS
Exploits0References16
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.38 views

PT-2026-51066

Name of the Vulnerable Software and Affected Versions jupyterlab-git versions prior to 0.54.0 Description An authenticated user on a case-insensitive filesystem such as macOS APFS or Windows NTFS can bypass the excluded paths security control. The issue occurs because the GitHandler.prepare...

7.1CVSS6.1AI score0.00285EPSS
Exploits1References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-51052

Description SymfonyUXAutocompleteDoctrineEntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping the SQL LIKE wildcards %, , . The value is passed as a bound parameter, so this is not SQL...

6.3CVSS5.9AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50957

Name of the Vulnerable Software and Affected Versions Joomla! Component SIMGenealogy version 2.1.5 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint with the...

8.8CVSS5.9AI score0.00237EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-50874

Name of the Vulnerable Software and Affected Versions JetBrains GoLand versions prior to 2026.1.3 Description Remote code execution is possible through the use of untrusted project configuration. Recommendations Update JetBrains GoLand to version 2026.1.3 or later...

8.8CVSS6.3AI score0.00253EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50839

Name of the Vulnerable Software and Affected Versions ts-deepmerge versions prior to 8.0.0 Description An uncaught exception occurs due to improper handling of built-in Object.prototype methods, such as toString and valueOf. When user-controlled input contains these keys with non-function values,...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.33 views

PT-2026-50907

Name of the Vulnerable Software and Affected Versions Iperius Remote version 1.7.0 Description An unquoted service path issue exists where the service installation path is not enclosed in quotes. This allows local users to execute arbitrary code with SYSTEM privileges. If the software is installe...

8.5CVSS6.1AI score0.00122EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-50900

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description The CRI checkpoint import process fails to validate...

9.9CVSS6.4AI score0.00354EPSS
Exploits0References43
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-50867

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

5.3CVSS5.8AI score0.00341EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50944

Name of the Vulnerable Software and Affected Versions Joomla! Component Calendar Planner version 1.0.1 Description An SQL injection allows unauthenticated attackers to inject SQL commands via the category id parameter. By sending GET requests to the events view containing malicious SQL code in th...

8.8CVSS6AI score0.00334EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-50964

Name of the Vulnerable Software and Affected Versions JHotelReservation version 6.0.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'search-hotels' endpoint with malicious code injected into the roo...

8.8CVSS6.2AI score0.00296EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.24 views

PT-2026-50851

Name of the Vulnerable Software and Affected Versions 2Download Connector for 2DL Hosted Checkout versions prior to 0.1.6 Description The plugin fails to properly verify user authorization before performing specific actions. This allows unauthenticated attackers to access arbitrary customer...

5.3CVSS6AI score0.00299EPSS
Exploits0References14
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-51041

Name of the Vulnerable Software and Affected Versions Branda plugin for WordPress versions prior to 3.4.30 Description The plugin is susceptible to privilege escalation through account takeover. This occurs because the software fails to properly validate a user's identity before updating a...

9.8CVSS6AI score0.00625EPSS
Exploits1References13
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.27 views

PT-2026-51057

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description A bug in the CRI plugin allows the restoration of container.log from a checkpoint image without validating a symlinked path...

9.9CVSS6AI score0.00412EPSS
Exploits0References42
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.21 views

PT-2026-50961

Name of the Vulnerable Software and Affected Versions Joomla Component Myportfolio version 3.0.2 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...

8.8CVSS5.9AI score0.00237EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-51202

CVE ID :CVE-2026-10746 Published : June 18, 2026, 10:19 p.m. | 3 hours, 52 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.8AI score
Exploits0References1
Total number of security vulnerabilities187169