Lucene search
+L
PtsecurityRecent

187212 matches found

ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.14 views

PT-2026-51065

Name of the Vulnerable Software and Affected Versions jupyterlab-git affected versions not specified Description A stored cross-site scripting XSS issue exists in the PlainTextDiff.ts component of the jupyterlab-git extension. The createHeader function passes Git filenames directly to innerHTML...

9.3CVSS6.6AI score0.00284EPSS
Exploits2References14
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.21 views

PT-2026-50884

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.3 through 3.16.0 Description The openid-connect plugin under default configuration contains an issue where insufficient verification of data authenticity allows an attacker to spoof identity headers. This can lead to...

9.1CVSS5.9AI score0.00213EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.18 views

PT-2026-50952

Name of the Vulnerable Software and Affected Versions Joomla StreetGuessr Game version 1.1.8 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-50996

Name of the Vulnerable Software and Affected Versions Joomla! Component Easy Shop version 1.2.3 Description A local file inclusion issue allows unauthenticated attackers to read arbitrary files by providing base64-encoded file paths. This is achieved by sending GET requests to the 'index.php'...

6.9CVSS7.4AI score0.00426EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.24 views

PT-2026-51016

Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.18 through 3.0.8 Description ProxySQL contains a pre-authentication heap memory corruption issue within the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can trigger this by declaring an...

9.8CVSS5.9AI score0.00358EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-50987

Name of the Vulnerable Software and Affected Versions J-ClassifiedsManager version 3.0.5 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. By submitting crafted payloads to the 'displayads' component...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.25 views

PT-2026-51001

Name of the Vulnerable Software and Affected Versions Slopsmith versions prior to 0.2.9-alpha.5 Description Slopsmith is a web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC. A path-traversal issue in the archive extractors allows an attacker to write arbitrary files...

9.4CVSS6.7AI score0.00568EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.31 views

PT-2026-50985

Name of the Vulnerable Software and Affected Versions Joomla J-CruisePortal version 6.0.4 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the "cruises" endpoint using crafted SQL...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.11 views

PT-2026-50982

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description An arbitrary address write issue exists in the reference AV1 codec implementation. A missing bounds check in the Scalable Video Coding SVC layer ID control function allows an attacker to injec...

7.6CVSS6.1AI score0.00414EPSS
Exploits0References36
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50909

Name of the Vulnerable Software and Affected Versions Windows Firewall Control version 4.8.6.0 Description An unquoted service path issue exists where the wfcs.exe service is configured with a path containing spaces that is not enclosed in quotes. This allows a local attacker to escalate privileg...

8.5CVSS5.9AI score0.00113EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-50871

Name of the Vulnerable Software and Affected Versions FFmpeg affected versions not specified Description A use-after-free issue exists in the RASC video decoder. The decode move function initializes a read pointer into a decompressed buffer; however, a subsequent reallocation of that buffer durin...

6.5CVSS6AI score0.00245EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.19 views

PT-2026-51079

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML 1.1 and SAML 2.0 token validation fails to correctly resolve the issuer signing key or enforce signed tokens when IdentityConfiguration is used with federated...

10CVSS6AI score0.00246EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.20 views

PT-2026-50901

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description Insecure default credentials exist when TLS configuration is absent and the server is bound beyond the loopback interface. This allows an unauthenticated user on the local network to gain...

9.3CVSS6.8AI score0.00308EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-50926

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA Remote Direct Memory Access component during the rereg mr process. When IB MR REREG ACCESS changes from read-only RO to read-write RW, the umem user memory mu...

8.8CVSS5.8AI score0.0053EPSS
Exploits1References379
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.12 views

PT-2026-53767

Summary EnvironmentManager.backup recursively collects files using collectBackupFiles. collectBackupFiles uses statSyncfull, which follows symlinks. If data/ contains a symlink to a directory outside the environment root, backup recursion follows the symlink and copies external files into...

5.5CVSS5.8AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.16 views

PT-2026-50927

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The vti6 init net function fails to set the netns immutable flag on the per-netns fallback tunnel device 'ip6 vti0'. This flag is intended to prevent the device from being moved to anoth...

7.8CVSS5.8AI score0.0012EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.25 views

PT-2026-50835

Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...

5CVSS5.9AI score0.00208EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.15 views

PT-2026-50621

The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'rule id' parameter due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.1AI score0.0026EPSS
Exploits0References16
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50642

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/admin/admin.config.php, the configuration update action 'a=update' processes POST data via cot config update options without calling cot check xg to...

8.8CVSS5.5AI score0.00176EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.23 views

PT-2026-50637

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the 'user id' parameter due to missing validation on a user controlled key...

2.7CVSS5.4AI score0.0028EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.10 views

PT-2026-53179

Impact RSACrypt::decryptWithRSA15 used by the RSA1 5 key-encryption algorithm implements RSAES-PKCS1-v1 5 decryption by inspecting the padding after RSADP and throwing InvalidArgumentException as soon as the padding is malformed. It does not implement the implicit-rejection countermeasure require...

6.3CVSS5.8AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.8 views

PT-2026-53150

Summary The published npm package praisonai exports SandboxExecutor, CommandValidator, and sandboxExec as "safe command execution with restrictions." When allowedCommands is configured, CommandValidator checks only the first whitespace-delimited token of the command string. SandboxExecutor then...

8.8CVSS6.2AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.7 views

PT-2026-53121

Summary When the trusted proxies option is configured, heimdall extracts client IP addresses from the Forwarded for= parameter and X-Forwarded-For headers and exposes them as Request.ClientIPAddresses to the rule pipeline. However, extracted values are not validated to be syntactically valid IP...

7CVSS5.9AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50812

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.9 through 9.15 Description In server mode, two state-mutating endpoints in the SQL Editor blueprint are missing the @pga login required authentication decorator, allowing them to be accessed without an authenticated sessio...

9.5CVSS6.5AI score0.0071EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.16 views

PT-2026-50816

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 1.0 through 9.15 Description An issue exists in the named restore point endpoint 'POST /browser/server/restore point/gid/sid' where the user-supplied value field is interpolated directly into the SQL string using str.format...

5.3CVSS5.9AI score0.00245EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.22 views

PT-2026-50629

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replace file function. This makes i...

4.3CVSS5.3AI score0.00157EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.22 views

PT-2026-50701

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device...

5.8AI score0.00329EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50680

I got six CVEs in a major npm package including 4 RCEs. CVE-2026-54662, CVE-2026-54661, CVE-2026-54666, CVE-2026-54664, CVE-2026-54660, CVE-2026-54663 Full writeup with every sink and payload here: https://t.co/Pgwn5lgb9y infosec cybersecurity rce...

5.2AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.22 views

PT-2026-50724

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description An external initialization issue exists in the Kirby Panel and REST API. This occurs when a site has no configured user accounts and is hosted on a publicly accessible...

9.1CVSS5.9AI score0.00545EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.2 views

PT-2026-54529

Уязвимость функции gf isom add track kind файла isomedia/isom write.c упаковщика MP4Box мультимедийной платформы GPAC связана с ошибками разыменования указателей. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании с помощью специально созданног...

7.8CVSS6.6AI score0.00352EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.6 views

PT-2026-53175

Unknown description...

5.8AI score0.00101EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-51526

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A NULL pointer dereference exists in the gf isom add track kind function within the isomedia/isom write.c file. This issue allows a remote attacker to trigger a Denial of Service DoS by processing a speciall...

7.8CVSS5.8AI score0.00352EPSS
Exploits1References16
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.11 views

PT-2026-50854

These are all security issues fixed in the MozillaFirefox-152.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS5.9AI score0.00476EPSS
Exploits0References41
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.14 views

PT-2026-50858

These are all security issues fixed in the inspektor-gadget-0.53.2-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.9AI score0.0056EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.10 views

PT-2026-50857

These are all security issues fixed in the firefox-esr-140.12.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.6CVSS5.9AI score0.00476EPSS
Exploits0References30
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.22 views

PT-2026-50791

Name of the Vulnerable Software and Affected Versions Guzzle versions prior to 7.12.1 Description In certain configurations, traffic intended to be protected by TLS on the hop to the proxy is transmitted in cleartext. This occurs when an application uses the built-in cURL handlers...

5.9CVSS5.9AI score0.00106EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50787

Name of the Vulnerable Software and Affected Versions Coturn versions prior to 4.10.0 Description A stack buffer overflow exists in the decode oauth token gcm function. A nonce len field, read from an attacker-supplied OAuth access token, is passed to memcpy as the copy length into a 256-byte sta...

9.8CVSS6.7AI score0.0045EPSS
Exploits1References13
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.14 views

PT-2026-50777

Name of the Vulnerable Software and Affected Versions NILFS utilities versions prior to 2.3.1 Description The nilfs sb is valid function fails to validate the s log block size field in the NILFS2 superblock before performing bit-shift operations. An attacker can provide crafted NILFS2 images to...

6.7CVSS5.9AI score0.00105EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50688

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.71.0 Description The AI chat renders Markdown image tags from AI responses, which triggers unrestricted HTTP requests to arbitrary external URLs. When combined with prompt injection in a malicious workspace, a...

6.7CVSS6AI score0.00181EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50691

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.71.0 Description Files matching the pattern .prompts/.prompttemplate in a workspace are automatically loaded, allowing them to override or extend the AI agent's system prompts. This enables indirect prompt...

8.8CVSS6AI score0.00272EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.24 views

PT-2026-50712

Name of the Vulnerable Software and Affected Versions Webmin affected versions not specified Description Unauthenticated attackers can read the contents of any file ending in .conf within module directories. This is caused by a bypassable regex pattern, which is a sequence of characters used to...

6.9CVSS5.8AI score0.0028EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50711

Name of the Vulnerable Software and Affected Versions Webmin versions prior to 2.641 Description The Webmin HTTP server miniserv.pl improperly trusts a client-supplied HTTP header for SSL client certificate identity. This allows unauthenticated remote attackers to spoof certificate distinguished...

9.2CVSS6AI score0.00285EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.26 views

PT-2026-50792

Name of the Vulnerable Software and Affected Versions guzzlehttp/psr7 versions prior to 2.12.1 Description guzzlehttp/psr7 fails to reject Carriage Return CR and Line Feed LF characters in specific HTTP start-line fields, including the request method, protocol version, and response reason phrase...

4.8CVSS5.8AI score0.00158EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.22 views

PT-2026-50793

Name of the Vulnerable Software and Affected Versions Guzzle versions prior to 7.12.1 Description CookieJar incorrectly accepts cookies with a dot-only Domain attribute such as Domain=., Domain=.., Domain=... and whitespace-padded variants. The SetCookie::matchesDomain function removes leading...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.14 views

PT-2026-50786

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.1 commit 2dae302 Description An out-of-bounds heap read exists in the sftp symlink function within src/sftp.c. A malicious SSH server or man-in-the-middle attacker can disclose heap memory contents or cause a cra...

8.3CVSS7.2AI score0.00267EPSS
Exploits0References25
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.13 views

PT-2026-50779

Name of the Vulnerable Software and Affected Versions Coturn versions prior to 4.11.0 Description A stored cross-site scripting XSS issue exists in the web-admin HTTPS interface. An attacker can inject HTML or JavaScript by creating a TURN allocation with a crafted USERNAME value. This script...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.18 views

PT-2026-50718

Name of the Vulnerable Software and Affected Versions jupyter-server versions prior to 2.20.0 Description The nbconvert HTTP handlers render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy CSP, which is a security layer that helps...

9.3CVSS6AI score0.00227EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.29 views

PT-2026-50742

Name of the Vulnerable Software and Affected Versions Podman versions prior to 5.7.1 Description Running a malicious container image where the WORKDIR path contains a symlink can allow an attacker to create a directory or modify ownership on the host filesystem. Modifying ownership is less likely...

5.3CVSS5.9AI score0.00317EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.18 views

PT-2026-50776

Name of the Vulnerable Software and Affected Versions Node.js version 22 Node.js version 24 Description A flaw in the HTTP/2 server API allows servers to continue accepting data after a GOAWAY frame has been sent. A GOAWAY frame is a mechanism used in the HTTP/2 protocol to notify the peer that t...

5.3CVSS5.9AI score0.00445EPSS
Exploits0References86
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.23 views

PT-2026-50690

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.69.0 Description Custom task definitions in workspace files, such as .theia/tasks.json and .vscode/tasks.json, can be executed without requiring workspace trust. This allows an attacker to create a malicious...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References9
Total number of security vulnerabilities187212