Lucene search
+L
PtsecurityRecent

187305 matches found

ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50807

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.128 Description A cross-origin agent execution issue exists in the 'POST /agui' endpoint, allowing remote attackers to trigger arbitrary agent execution. The endpoint lacks authentication and utilizes hardcoded...

8.6CVSS6.2AI score0.00504EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.22 views

PT-2026-50778

Name of the Vulnerable Software and Affected Versions Mojolicious::Sessions::Storable versions prior to 0.06 Description The software generates session IDs insecurely. The default session ID generator utilizes a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address o...

5.3CVSS5.9AI score0.00274EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50739

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.15.1 ZITADEL versions 3.0.0 through 3.4.11 Description A flaw in user lifecycle enforcement allows deleted users to retain their original organization or tenant association. When a user is deleted, the historic...

2.3CVSS5.9AI score0.00286EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50673

UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...

7.1CVSS5.3AI score0.00293EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.33 views

PT-2026-50703

Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...

9.8CVSS5.9AI score0.00427EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50772

Name of the Vulnerable Software and Affected Versions JTL Shop versions 5.2.0 through 5.7.1 Description Unauthenticated attackers can inject malicious template syntax because unsanitized user-supplied input is passed to the Smarty template engine, a tool used to generate dynamic web content. This...

9.8CVSS6.1AI score0.00333EPSS
Exploits1References9
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50677

Name of the Vulnerable Software and Affected Versions Woodpecker versions 3.0.0 through 3.14.0 Description A flaw in the gRPC layer of the CI/CD engine allows an authenticated agent to impersonate any other agent on the same server. This occurs because the server verifies the JWT JSON Web Token b...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.17 views

PT-2026-50810

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 1.0 through 9.15 Description SQL injection is possible across multiple dialog templates that render descriptions for Domains, Foreign Tables, Languages, and Event Triggers, as well as the Views OID-lookup query. The issue...

8.8CVSS6.3AI score0.00489EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.32 views

PT-2026-50823

Name of the Vulnerable Software and Affected Versions armeria-xds versions 1.38.0 through 1.39.0 Description DataSourceStream in the xDS module resolves filename and environment variable fields from SDS Secret resources without an allow-list or base-directory confinement. This allows a compromise...

5.9CVSS6AI score0.00198EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50693

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots in a temporary directory. StepThroughItemsBlock can be used to iterate ScreenshotWebPageBlock...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50797

Name of the Vulnerable Software and Affected Versions Hashgraph Guardian versions prior to 3.5.0 commit ba8c566 Description A stored cross-site scripting issue exists where authenticated users with the STANDARD REGISTRY role can inject malicious scripts. This occurs by submitting a crafted...

4.8CVSS5.9AI score0.00177EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.13 views

PT-2026-50806

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description An arbitrary shell command execution issue exists where UI modules hardcode approval mode to auto, which overrides the administrator configuration set in the PRAISON APPROVAL MODE environment...

8.8CVSS6.3AI score0.00476EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.17 views

PT-2026-50674

Name of the Vulnerable Software and Affected Versions Docker Sandboxes sbx affected versions not specified Description Docker Sandboxes sbx implements an egress allowlist restricted to HTTP/S traffic but fails to apply this restriction to DNS resolution. The embedded DNS server for each network...

5.7CVSS5.8AI score0.00103EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.23 views

PT-2026-50580

Name of the Vulnerable Software and Affected Versions PTC Windchill PDMlink versions prior to 11.0 M030 PTC FlexPLM versions prior to 11.0 M030 CPS affected versions not specified Description A critical remote code execution RCE flaw exists due to the deserialization of untrusted data and imprope...

9.8CVSS7AI score0.01247EPSS
Exploits0References35
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.38 views

PT-2026-50769

Name of the Vulnerable Software and Affected Versions pam usb versions 0.9.1 and earlier Description The xfree memory release helper calls free without zeroing buffer contents first. This results in heap-allocated buffers containing sensitive data, such as one-time pad bytes read from disk, being...

4.7CVSS6AI score0.00109EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.13 views

PT-2026-50859

These are all security issues fixed in the kubevirt-1.8-container-disk-1.8.3-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.8 views

PT-2026-53121

Summary When the trusted proxies option is configured, heimdall extracts client IP addresses from the Forwarded for= parameter and X-Forwarded-For headers and exposes them as Request.ClientIPAddresses to the rule pipeline. However, extracted values are not validated to be syntactically valid IP...

7CVSS5.9AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.9 views

PT-2026-53150

Summary The published npm package praisonai exports SandboxExecutor, CommandValidator, and sandboxExec as "safe command execution with restrictions." When allowedCommands is configured, CommandValidator checks only the first whitespace-delimited token of the command string. SandboxExecutor then...

8.8CVSS6.2AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.3 views

PT-2026-54529

Уязвимость функции gf isom add track kind файла isomedia/isom write.c упаковщика MP4Box мультимедийной платформы GPAC связана с ошибками разыменования указателей. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании с помощью специально созданног...

7.8CVSS6.6AI score0.00352EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.11 views

PT-2026-53179

Impact RSACrypt::decryptWithRSA15 used by the RSA1 5 key-encryption algorithm implements RSAES-PKCS1-v1 5 decryption by inspecting the padding after RSADP and throwing InvalidArgumentException as soon as the padding is malformed. It does not implement the implicit-rejection countermeasure require...

6.3CVSS5.8AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.30 views

PT-2026-50788

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 26.3.1-1.1 Description Security issues were identified in Node.js that could compromise server infrastructure. Recommendations Update to version 26.3.1-1.1...

9.8CVSS6.7AI score0.02806EPSS
Exploits1References172
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.11 views

PT-2026-50857

These are all security issues fixed in the firefox-esr-140.12.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.6CVSS5.9AI score0.00476EPSS
Exploits0References30
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50636

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'embed' Episode Meta Field in all versions up to, and including, 11.16.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS5.4AI score0.00202EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.52 views

PT-2026-53154

The WhatsApp and Linear bot adapters verify the inbound webhook HMAC signature only when a secret is configured. When the secret environment variable is unset — the default on a fresh install and common in development — verification is skipped entirely and the webhook body is parsed and dispatche...

8.6CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.8 views

PT-2026-53136

PraisonAI LinearBot processes unsigned webhooks when LINEAR WEBHOOK SECRET is missing Summary PraisonAI's LinearBot starts a public webhook listener on 0.0.0.0 and treats LINEAR WEBHOOK SECRET as optional. When the secret is absent, startup only logs a warning and handle webhook skips...

8.6CVSS6.4AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.17 views

PT-2026-50679

I got six CVEs in a major npm package including 4 RCEs. CVE-2026-54662, CVE-2026-54661, CVE-2026-54666, CVE-2026-54664, CVE-2026-54660, CVE-2026-54663 Full writeup with every sink and payload here: https://t.co/Pgwn5lgb9y infosec cybersecurity rce...

5.2AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.25 views

PT-2026-50780

Name of the Vulnerable Software and Affected Versions nanobot versions prior to 0.1.5.post4 Description The WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The bridge downloads media...

8.7CVSS6AI score0.00276EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.24 views

PT-2026-50770

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description An issue exists in the pusb is loginctl local function where a NULL dereference crash can occur when parsing loginctl output. The function utilizes popen to read results; if the Remote field contains...

5.5CVSS5.9AI score0.00113EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.17 views

PT-2026-50683

I got six CVEs in a major npm package including 4 RCEs. CVE-2026-54662, CVE-2026-54661, CVE-2026-54666, CVE-2026-54664, CVE-2026-54660, CVE-2026-54663 Full writeup with every sink and payload here: https://t.co/Pgwn5lgb9y infosec cybersecurity rce...

5.2AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.18 views

PT-2026-50631

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'form id' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of...

5.3CVSS5.4AI score0.00331EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.16 views

PT-2026-50671

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries...

8.6CVSS5.7AI score0.00305EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50744

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.7.53 Description An authenticated administrator with backup permissions can download a ZIP archive containing the full installation root. This archive includes sensitive files such as user/accounts/admin.yaml, which...

6.8CVSS6AI score0.00174EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50790

Name of the Vulnerable Software and Affected Versions deepstream versions prior to 10.0.5 Description A Prototype Pollution issue exists in the server, which allows clients and backend services to synchronize data, send messages, and make remote procedure calls RPCs at scale. Prototype Pollution...

9.9CVSS5.9AI score0.0027EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50695

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, MediaDurationBlock will download and store the video in a temporary directory without deleting before all noded are done. StepThroughItemsBlock can be used t...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50732

Impact A denial-of-service DoS vulnerability exists in the factorial operator implementation of NCalc. Specially crafted expressions containing extremely large factorial operands can trigger excessive CPU consumption or cause evaluation to enter a non-terminating loop due to integer overflow in t...

4.8CVSS5.6AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.14 views

PT-2026-50722

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites and plugins using the KirbyHttpRemote class, including the functions Remote::request, Remote::get, and Remote::post, are susceptible to HTTP header injection...

6.9CVSS6AI score0.0029EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50617

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the change order status, add order note, delete order note, add shipping...

4.3CVSS5.7AI score0.0025EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.14 views

PT-2026-50775

Name of the Vulnerable Software and Affected Versions bpm-release versions prior to v1.4.30 Description A container-to-host privilege escalation exists where the setupBpmLogs function follows symlinks for bpm.log during open and chown operations. A compromised process within a bpm container can...

6.9CVSS6.1AI score0.00125EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.18 views

PT-2026-50771

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description An infinite loop Denial of Service DoS occurs during the process-tree walk when a parent process exits during authentication. The function usb get process parent id fails to initialize the ppid...

4.7CVSS5.9AI score0.00104EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.16 views

PT-2026-50694

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.63 Description AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. The AddAudioToVideoBlock function downloads and stores video and audio file...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.23 views

PT-2026-50664

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

8.6CVSS5.8AI score0.00947EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.16 views

PT-2026-53146

PraisonAI Slack app mention bypasses configured user/channel authorization Summary PraisonAI's Slack bot applies its configured allowed users, allowed channels, and unknown-user pairing policy in the normal Slack message event handler, but not in the adjacent Slack app mention event handler. A...

8.3CVSS6.5AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.23 views

PT-2026-50669

uBB.threads is vulnerable to a Cross-Site Request Forgery CSRF due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version...

8.6CVSS5.2AI score0.00293EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.23 views

PT-2026-50719

Name of the Vulnerable Software and Affected Versions opentelemetry-collector-contrib sentryexporter affected versions not specified Description The Sentry exporter fails to validate the service.name resource attribute when constructing Sentry API URLs. Because this attribute is controlled by...

5.3CVSS6.1AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.18 views

PT-2026-50672

UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server that application has privileges to, what results in Remote Code Execution. Because vendor contact attempts were unsuccessful, the vulnerability...

8.6CVSS5.5AI score0.00628EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.23 views

PT-2026-50804

Name of the Vulnerable Software and Affected Versions Chef 360 versions prior to 1.7.0 Description A static credential embedded in the software allows unauthenticated access to internal message queues. These queue messages contain tenant-specific identifiers. Recommendations Update to version 1.7...

5.1CVSS5.9AI score0.0017EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50649

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...

6.4CVSS5.5AI score0.00205EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.16 views

PT-2026-50684

Name of the Vulnerable Software and Affected Versions Grav versions 1.7.52 through 2.0 Description An incomplete fix for a stored Cross-Site Scripting XSS issue allows users with admin.pages permissions to inject unsanitized CSS into the style attribute of images via Markdown media actions. While...

4.8CVSS6.2AI score0.00187EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50740

Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0 through 4.15.1 Zitadel versions 3.0.0 through 3.4.11 Description A Server-Side Request Forgery SSRF issue exists in components that handle outgoing HTTP requests, specifically HTTP Notification Channels, OIDC BackChannel...

2.3CVSS6AI score0.00252EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.29 views

PT-2026-50802

Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description A missing authentication flaw in a critical function allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no information about ...

9.8CVSS5.9AI score0.00578EPSS
Exploits0References9
Total number of security vulnerabilities187305