Lucene search
+L
PtsecurityRecent

187186 matches found

ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.10 views

PT-2026-53765

Summary When parsing a WSDL or XSD document, python-zeep follows transitive references — xsd:import, xsd:include, wsdl:import, and lxml entity/DTD resolution — and will fetch http/https URLs found in those references. The Settings.forbid external option, intended to disable this transitive remote...

5.9CVSS6AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50959

Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.3 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. This is achieved by sending GET requests to the 'all-recipes' endpoint...

8.8CVSS6AI score0.00237EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-50848

Name of the Vulnerable Software and Affected Versions WP Hotel Booking versions prior to 2.3.1 Description Several AJAX handlers do not enforce capability checks, which allows authenticated users with Subscriber-level access to read booking line items of other users, enumerate active coupons, and...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-51003

Name of the Vulnerable Software and Affected Versions Joomla com booking component version 2.4.9 Description An information disclosure issue allows unauthenticated attackers to enumerate user accounts. By exploiting the getUserData function in the customer controller, attackers can send GET...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51631

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Gogs contains a path traversal flaw where organization names containing relative path sequences e.g., ../ are accepted without proper sanitization. This occurs because the internal/database/org.go file...

10CVSS7.5AI score0.01107EPSS
Exploits0References19
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.27 views

PT-2026-50912

Name of the Vulnerable Software and Affected Versions AnyDesk version 2.5.0 Description An unquoted service path issue exists in the service installation, allowing local users to execute arbitrary code with SYSTEM privileges. This occurs when a service path contains spaces and is not enclosed in...

8.5CVSS6.2AI score0.00181EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50940

Name of the Vulnerable Software and Affected Versions Joomla! Component FocalPoint Pro/Free version 1.2.3 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the id parameter. Attackers can send GET...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.21 views

PT-2026-50906

Name of the Vulnerable Software and Affected Versions Comodo Chromodo Browser version 52.15.25.664 Description The ChromodoUpdater service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker to place a malicious executable within the service path to...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.21 views

PT-2026-50988

Name of the Vulnerable Software and Affected Versions Joomla! Component J-BusinessDirectory version 4.9.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the type parameter via GET requests to the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.26 views

PT-2026-50838

Name of the Vulnerable Software and Affected Versions Blocksy Companion versions prior to 2.1.46 Description The Blocksy Companion plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings caused by insufficient input sanitization and output escaping. This allows...

4.4CVSS5.9AI score0.00208EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-50833

Name of the Vulnerable Software and Affected Versions Hitachi Virtual Storage Platform E990, E1090, E1090H versions prior to DKCMAIN Ver.93-07-21-80/00-05, CHBiSCSI Ver.88-01-02-04 Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H versions prior to DKCMAIN...

8.6CVSS5.9AI score0.00268EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50834

Name of the Vulnerable Software and Affected Versions WP DSGVO Tools GDPR versions prior to 3.1.40 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Unauthenticated attackers can provide an arbitrary victim...

5.3CVSS6AI score0.00385EPSS
Exploits0References18
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-51120

Name of the Vulnerable Software and Affected Versions Python Liquid versions prior to 2.2.1 Description A denial of service issue exists where the engine hangs in an infinite loop during parse time. This occurs when a malformed % case % tag is used without an associated % when % or % else % block...

7.1CVSS6AI score0.00451EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.30 views

PT-2026-50879

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.12.0 through 3.16.0 Description Improper Input Validation in the forward-auth plugin allows an attacker to spoof identity headers by leveraging specific configurations. Recommendations Upgrade to version 3.17.0...

8.8CVSS5.9AI score0.00403EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-51080

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description WS-Security signature verification fails to ensure that the selected ds:Signature covers the expected Security header target. This allows an attacker who has captured ...

7.4CVSS6AI score0.00143EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-51115

Name of the Vulnerable Software and Affected Versions go.qbee.io/transport versions prior to v1.26.25 Description The extractTar routine in the go.qbee.io/transport library contains a symlink-chain path traversal issue. Because path validation is strictly lexical and does not account for on-disk...

6CVSS5.8AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.31 views

PT-2026-51008

Name of the Vulnerable Software and Affected Versions @microsoft/kiota-http-fetchlibrary versions 1.0.0-preview.97 through 1.0.0-preview.101 Description The RedirectHandler in the library fails to properly remove sensitive headers during cross-origin redirects. While it is intended to strip...

6.9CVSS5.8AI score0.0065EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50979

Name of the Vulnerable Software and Affected Versions Tilt versions 0.24.0 through 0.37.3 Description The Tilt HUD WebSocket endpoint /ws/view is susceptible to Cross-site WebSocket Hijacking CSWSH, a technique where an attacker tricks a victim's browser into establishing a WebSocket connection t...

8.3CVSS5.9AI score0.00222EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-50960

Name of the Vulnerable Software and Affected Versions Joomla Payage version 2.05 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to the 'index.php' endpoint with malicious...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50923

Name of the Vulnerable Software and Affected Versions AVAST Antivirus version 25.11 Description The SecureLine service contains an unquoted service path, which occurs when a service executable path contains spaces and is not enclosed in quotation marks. This allows local non-privileged users to...

8.5CVSS5.9AI score0.00127EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-50910

Name of the Vulnerable Software and Affected Versions NetDrive version 2.6.12 Description An unquoted service path issue exists in the Netdrive2 Service Netdrive2 service. This allows local users to execute arbitrary code with SYSTEM privileges by placing malicious executables in the system root...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51050

Name of the Vulnerable Software and Affected Versions Symfony UX Live Component versions prior to 2.x Symfony UX Live Component versions prior to 3.x Description The BatchActionController:: invoke function iterates over a client-supplied actions array and issues a full HttpKernel sub-request for...

5.3CVSS5.9AI score
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50965

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.5.1 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The software contains a shell command injection flaw occurring when the binary path for WeasyPrint is processed...

8.2CVSS5.9AI score0.00154EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.29 views

PT-2026-51099

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.1 Description An Insecure Direct Object Reference IDOR issue exists in the /api/v1/responses endpoint. This occurs because the get flow by id or endpoint name function queries the database using a flow ID without...

9.9CVSS6.3AI score0.0056EPSS
Exploits2References65
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50905

Name of the Vulnerable Software and Affected Versions Fortitude HTTP version 1.0.4.0 Description An unquoted service path issue exists, allowing local users to execute arbitrary code with elevated privileges. This occurs because the service binary path is not enclosed in quotes, enabling attacker...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-50898

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description A Cross-Site Request Forgery CSRF issue exists in the cas-auth plugin under default configurations. This allows a remote attacker to trick a victim into visiting a malicious webpage,...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.70 views

PT-2026-50891

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An unchecked enum cast issue exists in the BeginSidebandStream function. An attacker can trigger invalid enum states and undefined behavior by supplying a specially crafted message containing...

7.1CVSS5.9AI score0.00254EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-51055

Name of the Vulnerable Software and Affected Versions symfony/ux-autocomplete versions prior to 2.x symfony/ux-autocomplete versions prior to 3.x Description The Stimulus controller in the software renders AJAX response items into a dropdown by interpolating the text field directly into HTML...

5.1CVSS5.9AI score
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50903

Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute...

8.5CVSS6AI score0.00114EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-51098

Name of the Vulnerable Software and Affected Versions py7zr versions prior to 1.1.3 Description A denial of service issue exists where a crafted .7z archive with a large numstreams value causes excessive CPU consumption. This occurs because the PackInfo. read function in archiveinfo.py uses an On...

8.7CVSS5.9AI score0.00321EPSS
Exploits0References20
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51167

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.27.1 Description When clients are launched with the non-default /cache:codec:rfx option, the software passes the desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data. However, in the gdi Bitmap...

7.5CVSS6.3AI score0.00526EPSS
Exploits1References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.7 views

PT-2026-56538

Name of the Vulnerable Software and Affected Versions Zeep versions 4.0.0 through 4.3.2 Description In this Python SOAP client, the Settings.forbid external setting is not enforced during the parsing of WSDL or XSD documents. This allows transitive xsd:import, xsd:include, wsdl:import, and lxml...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-51097

Name of the Vulnerable Software and Affected Versions py7zr versions prior to 0.22.1 Description The Worker.decompress function in py7zr/worker.py extracts archive entries without tracking the total decompressed size. This allows a specially crafted .7z file to cause disk or memory exhaustion...

8.7CVSS5.9AI score0.00321EPSS
Exploits0References19
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50926

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA Remote Direct Memory Access component during the rereg mr process. When IB MR REREG ACCESS changes from read-only RO to read-write RW, the umem user memory mu...

8.8CVSS5.8AI score0.0053EPSS
Exploits1References379
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-50928

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel BPF reuseport program handling. When a UDP reuseport group uses a cBPF program and that program is replaced or detached via the setsocko...

7.8CVSS5.8AI score0.00104EPSS
Exploits0References19
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.28 views

PT-2026-50889

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An out-of-bounds read occurs in the NI grpc-device streaming API because of a missing bounds check. This issue can lead to a denial of service if an attacker provides a specially crafted writ...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.26 views

PT-2026-50828

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module versions 1.000 and prior Description An integer overflow or wraparound in the EtherNet/IP function allows a remote attacker to cause a denial-of-service DoS condition. By rapidl...

8.7CVSS6AI score0.00379EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-50919

Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot...

8.5CVSS6AI score0.0012EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.31 views

PT-2026-50896

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.5.0 through 3.16.0 Description An authentication bypass issue exists in the opa plugin. An attacker can relay spoofed identity headers to upstream services by exploiting non-default configurations in the opa plugin,...

5.4CVSS5.9AI score0.00359EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50921

Name of the Vulnerable Software and Affected Versions Malwarebytes version 4.5 Description An unquoted service path issue exists in the MBAMService executable. This allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable...

8.5CVSS6AI score0.00205EPSS
Exploits1References9
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51024

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.3.19 Kestra versions prior to 1.2.19 Kestra versions prior to 1.1.19 Kestra versions prior to 1.0.43 Description Kestra is an open-source, event-driven orchestration platform. The inputFiles task writes rendered file...

6.5CVSS6AI score0.00308EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-50934

Name of the Vulnerable Software and Affected Versions Quiz Deluxe version 3.7.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL commands through the 'ajaxaction.flag question' task. Attackers can inject malicious SQL code via the stu quiz id or flag quest...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51087

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj::Parser in usual mode fails to mark array class and hash class references during garbage collection GC, resulting in a Use-After-Free condition. If the GC executes after the class is assigned but befo...

8.7CVSS5.8AI score0.00253EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50994

Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An unrestricted file upload issue allows authenticated attackers to upload arbitrary PHP files. This is achieved by submitting malicious files through the profile pic parameter via POST request...

8.8CVSS6.4AI score0.0067EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51018

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS6.6AI score0.0047EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.28 views

PT-2026-51102

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An issue exists in components based on BaseFileComponent, including Docling DoclingInlineComponent, Docling Serve DoclingRemoteComponent, Read File FileComponent, NVIDIA Retriever Extraction...

9.6CVSS6.7AI score0.00411EPSS
Exploits1References13
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-51005

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.23 Statamic versions prior to 6.20.0 Description An authenticated Control Panel user can view metadata and content for resources they lack permission to access. This includes entries, assets, users, roles, group...

4.3CVSS5.9AI score0.00162EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-50958

Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.4 Description The JoomRecipe component for Joomla contains a blind SQL injection flaw. This allows attackers to inject SQL code via POST requests to the search endpoint using the search author parameter. This can be used...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.28 views

PT-2026-50990

Name of the Vulnerable Software and Affected Versions Joomla Component vRestaurant version 1.9.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'menu-listing-layout' endpoint with malicious code...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50968

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack buffer overflow occurs in the '/goform/AdvSetMacMtuWan' endpoint through the mac parameter. A stack buffer overflow is a condition where a program writes more data to a buffer located on the...

9.8CVSS6.4AI score0.00384EPSS
Exploits1References5
Total number of security vulnerabilities187186