Lucene search
+L
PtsecurityRecent

187186 matches found

ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50845

Name of the Vulnerable Software and Affected Versions The Royal Addons for Elementor – Addons and Templates Kit for Elementor versions 1.7.1058 through 1.7.1059 Description An arbitrary file read issue exists due to the wpr get csv handle helper function. When the settings.table upload csv.url...

6.5CVSS6AI score0.0024EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.14 views

PT-2026-51065

Name of the Vulnerable Software and Affected Versions jupyterlab-git affected versions not specified Description A stored cross-site scripting XSS issue exists in the PlainTextDiff.ts component of the jupyterlab-git extension. The createHeader function passes Git filenames directly to innerHTML...

9.3CVSS6.6AI score0.00284EPSS
Exploits2References14
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.21 views

PT-2026-50884

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.3 through 3.16.0 Description The openid-connect plugin under default configuration contains an issue where insufficient verification of data authenticity allows an attacker to spoof identity headers. This can lead to...

9.1CVSS5.9AI score0.00213EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-51022

Name of the Vulnerable Software and Affected Versions Node.js version 22 Node.js version 24 Node.js version 26 Description A flaw in the Node.js HTTP Agent allows a client to accept a response as valid even if it was sent before the client transmitted the request. This issue has caused real-world...

4.3CVSS5.8AI score0.00371EPSS
Exploits1References114
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.14 views

PT-2026-52064

Name of the Vulnerable Software and Affected Versions Node.js versions 26.0.0 through 26.3.0 Description A flaw in the Node.js Permission API allows a local server to be started via a Unix domain socket, bypassing the requirement for the --allow-net permission. Recommendations Update to version...

10CVSS7.1AI score0.26356EPSS
Exploits4References49
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.8 views

PT-2026-52057

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x Node.js versions 24.x Node.js versions 26.0.0 through 26.3.0 Description An issue in proxy tunnel error handling may lead to the exposure of proxy credentials within ERR PROXY TUNNEL error messages. This occurs when...

7.5CVSS6.6AI score0.00437EPSS
Exploits0References141
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.24 views

PT-2026-50893

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x through 26.3.0 Description A flaw in TLS hostname handling occurs when Node.js processes unicode dot separators, leading to a mismatch between resolver and verifier hostname normalization. This discrepancy can result in a...

7.7CVSS7AI score0.02806EPSS
Exploits0References146
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.10 views

PT-2026-52058

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x, 24.x, and 26.x prior to 26.3.1-1.1 Description A flaw in the Node.js HTTP/2 client enables a server to send an unlimited number of ORIGIN frames, potentially causing an Out of Memory error on the client side...

7.5CVSS7.1AI score0.00656EPSS
Exploits0References143
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.7 views

PT-2026-52063

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x Node.js versions 24.x Node.js versions 26.x Description A flaw in the Node.js Permission API allows file metadata to be modified even when a path is configured as read-only, such as when using the --allow-fs-read flag...

7.5CVSS6.6AI score0.02806EPSS
Exploits1References142
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.9 views

PT-2026-52060

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x and earlier Node.js versions 24.x and earlier Node.js versions 26.0.0 through 26.3.0 Description An inconsistency in hostname matching can lead to a trust-policy bypass within multi-context mTLS mutual Transport Layer...

7.5CVSS6.6AI score0.02806EPSS
Exploits0References143
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.6 views

PT-2026-52061

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x and earlier Node.js versions 24.x and earlier Node.js versions 26.x and earlier Description A flaw in TLS hostname handling allows embedded-nul hostnames to cause silent authority rebinding. This occurs due to c-string...

9.8CVSS6.6AI score0.02806EPSS
Exploits0References144
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.12 views

PT-2026-52062

Name of the Vulnerable Software and Affected Versions Node.js versions 22.x through 26.3.0 Description A flaw in the TLS host verification process allows an attacker to bypass certification validation. Recommendations Update Node.js to version 26.3.1 or later...

7.5CVSS7.1AI score0.02806EPSS
Exploits0References144
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-50927

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The vti6 init net function fails to set the netns immutable flag on the per-netns fallback tunnel device 'ip6 vti0'. This flag is intended to prevent the device from being moved to anoth...

7.8CVSS5.8AI score0.0012EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50952

Name of the Vulnerable Software and Affected Versions Joomla StreetGuessr Game version 1.1.8 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-50996

Name of the Vulnerable Software and Affected Versions Joomla! Component Easy Shop version 1.2.3 Description A local file inclusion issue allows unauthenticated attackers to read arbitrary files by providing base64-encoded file paths. This is achieved by sending GET requests to the 'index.php'...

6.9CVSS7.4AI score0.00426EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.24 views

PT-2026-51016

Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.18 through 3.0.8 Description ProxySQL contains a pre-authentication heap memory corruption issue within the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can trigger this by declaring an...

9.8CVSS5.9AI score0.00358EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50953

Name of the Vulnerable Software and Affected Versions Joomla Ultimate Property Listing version 1.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the sf selectuser id parameter. Attackers can...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-51006

Name of the Vulnerable Software and Affected Versions mcp-memory-service versions prior to 10.65.3 Description The HTTP MCP JSON-RPC endpoint at "/mcp" fails to properly validate OAuth scopes. It allows requests with only the read scope to be dispatched to handlers that include mutating tools...

8.1CVSS5.9AI score0.00264EPSS
Exploits0References14
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.6 views

PT-2026-55980

Name of the Vulnerable Software and Affected Versions Hugo versions 0.123.0 through 0.163.0 Description A regression in the virtual filesystem allows a symlink placed within a theme or local mount to read arbitrary files accessible to the user running the application. This occurs because the...

6.5CVSS6.2AI score0.00318EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.7 views

PT-2026-56267

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.3 Description Anki launches a local HTTP server to serve media files and web pages for its interface. The server does not sufficiently block requests from other origins, allowing a malicious website to trigger...

8.7CVSS6.1AI score0.00181EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-50900

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description The CRI checkpoint import process fails to validate...

9.9CVSS6.4AI score0.00354EPSS
Exploits0References43
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.11 views

PT-2026-55944

Name of the Vulnerable Software and Affected Versions pydantic-settings versions 2.12.0 through 2.14.1 Description The NestedSecretsSettingsSource reads secret values from files within a configured secrets dir. When the secrets nested subdir variable is set to true, the system follows symbolic...

5.3CVSS6AI score0.00138EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.9 views

PT-2026-55981

Name of the Vulnerable Software and Affected Versions Hugo versions 0.162.0 through 0.163.0 Description The default security.http.urls policy fails to properly block requests to loopback, internal, and cloud-metadata IPv4 literals because the deny rule only matches dotted-decimal notation...

7.7CVSS6.1AI score0.00208EPSS
Exploits0References14
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.9 views

PT-2026-56266

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.4 Description Webview-based pages communicate with the Rust backend via an internal localhost API. User scripts included through iframes in the editor can bypass protections to access this API. A malicious imported...

6.5CVSS6.2AI score0.00169EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.12 views

PT-2026-55979

Name of the Vulnerable Software and Affected Versions Hugo versions 0.60.0 through 0.163.2 Description The default code-block renderer fails to perform HTML escaping when writing the Markdown code-fence language or info-string into the code element's class and data-lang attributes. An attacker ca...

5.4CVSS6.1AI score0.00172EPSS
Exploits0References14
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.5 views

PT-2026-53800

Summary ChatterBot's UbuntuCorpusTrainer.extract uses a predictable, home-rooted output directory /ubuntu data/ubuntu dialogs with a check-then-create pattern if not os.path.exists: os.makedirs followed by tar.extractallpath=self.data path. A local attacker who pre-plants a symlink at the...

5.5CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51014

Name of the Vulnerable Software and Affected Versions urllib3 version 2.6.3 Brotli version 1.2.0 Description A decompression bomb bypass exists in the streaming API preload content=False when Brotli support is used. This occurs because three independent code paths in response.py bypass the max...

7.5CVSS7.4AI score0.00304EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.26 views

PT-2026-51162

These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.15 views

PT-2026-51165

These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.14 views

PT-2026-51163

These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-51164

These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.13 views

PT-2026-51166

These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.25 views

PT-2026-50963

Name of the Vulnerable Software and Affected Versions Joomla! Component jCart for OpenCart version 2.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-51048

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description A maliciously crafted image can cause a Denial of...

9.9CVSS5.9AI score0.00781EPSS
Exploits0References63
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.27 views

PT-2026-51057

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description A bug in the CRI plugin allows the restoration of container.log from a checkpoint image without validating a symlinked path...

9.9CVSS6AI score0.00412EPSS
Exploits0References42
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-51058

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description The CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image...

9.9CVSS6AI score0.00412EPSS
Exploits0References42
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51056

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description A bug in the CRI plugin allows the propagation of labe...

9.4CVSS6.2AI score0.00208EPSS
Exploits0References66
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-51009

Name of the Vulnerable Software and Affected Versions gonic versions prior to 0.21.0 Description An authenticated Subsonic user can bypass ownership checks to read or delete playlists belonging to other users and probe arbitrary file paths on the host for existence or readability. This occurs...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.25 views

PT-2026-50886

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.14.1 through 3.16.0 Description An incorrect authorization issue exists in the authz-casdoor plugin when using the default configuration. This allows an attacker to authenticate using credentials from a different sourc...

8.1CVSS5.9AI score0.00285EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50936

Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com osdownloads&view=item&id=SQL to extract...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50941

Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com sponsorwall&task=click&walli...

7.1CVSS6.2AI score0.00241EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.15 views

PT-2026-50621

The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'rule id' parameter due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.1AI score0.0026EPSS
Exploits0References16
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.13 views

PT-2026-50779

Name of the Vulnerable Software and Affected Versions Coturn versions prior to 4.11.0 Description A stored cross-site scripting XSS issue exists in the web-admin HTTPS interface. An attacker can inject HTML or JavaScript by creating a TURN allocation with a crafted USERNAME value. This script...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50642

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/admin/admin.config.php, the configuration update action 'a=update' processes POST data via cot config update options without calling cot check xg to...

8.8CVSS5.5AI score0.00176EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.23 views

PT-2026-50637

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the 'user id' parameter due to missing validation on a user controlled key...

2.7CVSS5.4AI score0.0028EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.10 views

PT-2026-53179

Impact RSACrypt::decryptWithRSA15 used by the RSA1 5 key-encryption algorithm implements RSAES-PKCS1-v1 5 decryption by inspecting the padding after RSADP and throwing InvalidArgumentException as soon as the padding is malformed. It does not implement the implicit-rejection countermeasure require...

6.3CVSS5.8AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.8 views

PT-2026-53150

Summary The published npm package praisonai exports SandboxExecutor, CommandValidator, and sandboxExec as "safe command execution with restrictions." When allowedCommands is configured, CommandValidator checks only the first whitespace-delimited token of the command string. SandboxExecutor then...

8.8CVSS6.2AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.7 views

PT-2026-53121

Summary When the trusted proxies option is configured, heimdall extracts client IP addresses from the Forwarded for= parameter and X-Forwarded-For headers and exposes them as Request.ClientIPAddresses to the rule pipeline. However, extracted values are not validated to be syntactically valid IP...

7CVSS5.9AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.2 views

PT-2026-54529

Уязвимость функции gf isom add track kind файла isomedia/isom write.c упаковщика MP4Box мультимедийной платформы GPAC связана с ошибками разыменования указателей. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании с помощью специально созданног...

7.8CVSS6.6AI score0.00352EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50812

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.9 through 9.15 Description In server mode, two state-mutating endpoints in the SQL Editor blueprint are missing the @pga login required authentication decorator, allowing them to be accessed without an authenticated sessio...

9.5CVSS6.5AI score0.0071EPSS
Exploits0References13
Total number of security vulnerabilities187186