Lucene search
+L
PtsecurityRecent

187305 matches found

ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.11 views

PT-2026-53145

Summary The execute code tool's subprocess sandbox advertises a three-layer defense AST validation, text-pattern blocklist, restricted builtins . In sandbox mode the default only two layers are active — the text-pattern blocklist is skipped — and both remaining layers are bypassed by combining tw...

6.5CVSS6.2AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.8 views

PT-2026-53177

Summary OTPHPFactory::loadFromProvisioningUri parses an attacker-supplied otpauth:// URI and forwards every query key to OTP::setParameter$key, $value. setParameter resolves the name with property exists$this, $parameter and performs a dynamic write $this-$parameter = $value src/OTP.php:196-197...

6.9CVSS5.8AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.9 views

PT-2026-53156

Root has patched GHSA-xmrv-pmrh-hhx2 in the rootio-github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs package for Root:Go. Multiple fixed versions available...

5.9CVSS5.8AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.9 views

PT-2026-53152

The MCP SSE server started via ToolsMCPServer.run sse / launch tools mcp servertransport="sse" binds to 0.0.0.0 by default and builds its Starlette application with no authentication middleware and no Origin-header validation. The module mcp/mcp security.py provides exactly the needed controls...

9.8CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.11 views

PT-2026-51180

CVE ID :CVE-2026-10687 Published : June 18, 2026, 3:53 p.m. | 2 hours, 16 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.8AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.9 views

PT-2026-53142

Summary The published A2U advisory GHSA-f292-66h9-fpmf says unauthenticated A2U event streaming was fixed in praisonai 4.5.115. Current head still exposes the same A2U subscription and event routes without authentication when the operator starts the documented CLI entrypoint: text praisonai serve...

7.5CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.8 views

PT-2026-53144

Summary The codeMode tool in src/praisonai-ts/src/tools/builtins/code-mode.ts uses new Function with a withsandbox pattern to execute LLM-generated code. The blocklist-based "sandbox" can be trivially bypassed via Function'return this' to recover the global object, followed by global.require with...

9.8CVSS6.5AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.15 views

PT-2026-50825

Summary signalk-server versions up to and including 2.27.0 contain a Server-Side Request Forgery SSRF vulnerability in three administrative endpoints used for remote Signal K server connection management. The makeRemoteRequest function accepts attacker-controlled host, port, useTLS, and...

5.8CVSS5.6AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.18 views

PT-2026-50813

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.6 through 9.15 Description HTML injection is possible in the cloud deployment module. The application propagates exception text from AWS, Azure, and Google SDKs, as well as file-resolution and database-commit exceptions,...

4.8CVSS5.8AI score0.00137EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.16 views

PT-2026-50730

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.18.0 Description When using MySQL as the datastore, the system may return identical responses for two distinct check requests. This occurs when authorization decisions depend on case-sensitive user strings...

2.1CVSS5.8AI score0.00248EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50662

Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior access to the system, can place a malicious DLL in C:WindowsTemp and wait for the application to be executed. Because DFIR-ORC is extracted and...

7.3CVSS5.3AI score0.00102EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50726

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Missing authorization in the content management system allows authenticated users to retrieve information for arbitrary published pages. By knowing or guessing page IDs or...

7.1CVSS6AI score0.00269EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50723

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites and plugins that process untrusted input using the writer or list fields, or specific sanitization methods, are subject to stored cross-site scripting XSS. XSS...

8.5CVSS6AI score0.00409EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.16 views

PT-2026-50670

UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser by tricking them into clicking a crafted link. Because vendor contact attempts were unsuccessful,...

5.1CVSS5.8AI score0.00293EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50700

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

5.8AI score0.01316EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.16 views

PT-2026-50675

Name of the Vulnerable Software and Affected Versions Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1 V1.0.6.020230803 Description A broken authorization boundary in the RTSP Real Time Streaming Protocol, a network control protocol for delivering audio and video med...

6CVSS5.8AI score0.00154EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.33 views

PT-2026-50696

Name of the Vulnerable Software and Affected Versions Grav version 2.0.0-rc.9 with Admin2 version 2.0.0-rc.14 Description A stored cross-site scripting XSS issue exists in the Admin2 Pages API save flow due to a missing XSS safety check during partial validation. Stored XSS occurs when an...

5.1CVSS5.8AI score0.00299EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.25 views

PT-2026-50800

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics 365 affected versions not specified Description Improper access control allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.16 views

PT-2026-50634

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cf images do setup AJAX handler, which...

8.8CVSS5.9AI score0.00577EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.65 views

PT-2026-50661

Name of the Vulnerable Software and Affected Versions MCP Toolbox for Databases affected versions not specified Description An authenticated authorization bypass occurs due to missing scope enforcement in older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces...

8.6CVSS5.9AI score0.0015EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.8 views

PT-2026-54525

Уязвимость браузера Microsoft Edge связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, осуществить подмену данных...

9CVSS7.3AI score0.00282EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.8 views

PT-2026-54524

Уязвимость облачной службы корпоративной почты Microsoft Exchange Online связана с отсутствием авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии...

9.6CVSS7.3AI score0.00389EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.17 views

PT-2026-50698

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

5.9AI score0.01316EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.25 views

PT-2026-50651

Name of the Vulnerable Software and Affected Versions Fancy Testimonials versions prior to 1.1 Description The Fancy Testimonials plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the author attribute o...

6.4CVSS6AI score0.00187EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.11 views

PT-2026-50862

These are all security issues fixed in the tinyproxy-1.11.3-3.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.23 views

PT-2026-50682

I got six CVEs in a major npm package including 4 RCEs. CVE-2026-54662, CVE-2026-54661, CVE-2026-54666, CVE-2026-54664, CVE-2026-54660, CVE-2026-54663 Full writeup with every sink and payload here: https://t.co/Pgwn5lgb9y infosec cybersecurity rce...

5.2AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.16 views

PT-2026-50728

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Database connection information, including the username and password, is logged at the debug level when using .pgpass. Recommendations Upgrade to version 2.7.1 or greater. Filter out debug-level logs...

2.4CVSS6.1AI score
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.18 views

PT-2026-50727

Name of the Vulnerable Software and Affected Versions Pipecat versions prior to 1.4.0 Description The pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication. An unauthenticated remote attacker can connect to this endpoin...

7.5CVSS6AI score0.00343EPSS
Exploits1References14
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50709

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.468 Description An issue exists in the unauthenticated 'POST /api/onboarding/oauth/start' endpoint that allows for unbounded accumulation of in-memory flow state and daemon threads. This can lead to resource...

6.9CVSS5.9AI score0.00301EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.24 views

PT-2026-50704

Name of the Vulnerable Software and Affected Versions GAO Electronic Protest Docketing System EPDS affected versions not specified CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPD...

8.8CVSS5.9AI score0.004EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.17 views

PT-2026-50681

I got six CVEs in a major npm package including 4 RCEs. CVE-2026-54662, CVE-2026-54661, CVE-2026-54666, CVE-2026-54664, CVE-2026-54660, CVE-2026-54663 Full writeup with every sink and payload here: https://t.co/Pgwn5lgb9y infosec cybersecurity rce...

5.2AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.18 views

PT-2026-50803

Name of the Vulnerable Software and Affected Versions Chef 360 versions prior to 1.7.1 Description Improper handling of URL-encoded paths during request processing can allow unauthorized access to protected API endpoints. An authenticated request may bypass standard access controls to gain...

9.4CVSS5.9AI score0.00401EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.26 views

PT-2026-50676

Name of the Vulnerable Software and Affected Versions Docker Sandboxes affected versions not specified Description Docker Sandboxes sbx fail to re-apply the ICMP egress authorizer to networks rebuilt from disk after a Docker daemon restart. This allows a restart-surviving sandbox to forward ICMP...

5.7CVSS6AI score0.00097EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.27 views

PT-2026-50731

Name of the Vulnerable Software and Affected Versions Gotenberg version 8.33.0 Description A Server-Side Request Forgery SSRF issue exists in the /forms/libreoffice/convert endpoint. By uploading a specially crafted DOCX document, an attacker can force LibreOffice to retrieve external resources...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.23 views

PT-2026-50710

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting XSS vulnerability in AutoGPT's signup page. The application improperly trusts a URL parameter next, which is...

8.8CVSS5.5AI score0.00189EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.9 views

PT-2026-53132

Summary The email search tool in src/praisonai-agents/praisonaiagents/tools/email tools.py constructs IMAP SEARCH commands by interpolating LLM-controlled parameters from addr, subject, query directly into IMAP protocol strings using f-string formatting with double-quote delimiters. An attacker w...

8.1CVSS6AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50734

Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 0.16.0 through 2.0.9 http-proxy-middleware versions 3.0.0 through 3.0.5 http-proxy-middleware versions 4.0.0 through 4.0.9 Description An issue exists in the router proxy-table implementation where host+path...

8.6CVSS5.9AI score0.0034EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.14 views

PT-2026-50861

These are all security issues fixed in the lemon-3.53.2-2.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.14 views

PT-2026-50783

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description This software provides hardware authentication for Linux using removable media. A race condition exists when updating a one-time pad file because a temporary file is created using the open function...

5.8CVSS5.9AI score0.00088EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.19 views

PT-2026-50656

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

9.8CVSS5.8AI score0.00587EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50735

Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 3.0.4 through 3.0.6 http-proxy-middleware versions prior to 4.1.1 Description An issue exists in the fixRequestBody helper function when the outgoing Content-Type is set to multipart/form-data. The function uses...

7.5CVSS5.8AI score0.00243EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.13 views

PT-2026-50716

Name of the Vulnerable Software and Affected Versions Bitnami MariaDB Galera container image versions 10.6.x prior to 10.6.27-photon-5-r0 Bitnami MariaDB Galera container image versions 10.11.x prior to 10.11.17-photon-5-r1 Bitnami MariaDB Galera container image versions 11.4.x prior to...

5.3CVSS6AI score0.00187EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50798

Name of the Vulnerable Software and Affected Versions Azure Bot Service affected versions not specified Description Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer...

8.8CVSS5.9AI score0.00411EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.22 views

PT-2026-50686

Name of the Vulnerable Software and Affected Versions Eclipse 4diac FORTE versions 3.0.0 through 3.1.0 Description A specially crafted DELETE connection command sent to the management interface can cause a dangling pointer. This condition enables a use-after-free scenario, where subsequent comman...

9.8CVSS5.8AI score0.00304EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.23 views

PT-2026-50714

Name of the Vulnerable Software and Affected Versions WP EasyPay versions prior to 4.4.0 Description Cross-Site Request Forgery CSRF allows an attacker to induce a user to perform actions they did not intend to do by tricking their browser into sending a forged request to the application...

6.5CVSS5.9AI score0.00124EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.15 views

PT-2026-50697

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

5.9AI score0.01316EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50733

Name of the Vulnerable Software and Affected Versions piscina versions prior to 6.0.0-rc.2 piscina versions prior to 5.2.0 piscina versions prior to 4.9.3 Description Prototype pollution in the constructor and run paths allows an attacker to control the filename option. When the options object...

8.1CVSS5.9AI score0.00296EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50789

Name of the Vulnerable Software and Affected Versions OneDev versions prior to 15.0.7 Description An arbitrary file write issue exists due to symlink path traversal. The TarUtils.untar function creates symbolic links using the getLinkName TAR entry without validating if the target is an absolute...

8.3CVSS6AI score0.00382EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.18 views

PT-2026-50776

Name of the Vulnerable Software and Affected Versions Node.js version 22 Node.js version 24 Description A flaw in the HTTP/2 server API allows servers to continue accepting data after a GOAWAY frame has been sent. A GOAWAY frame is a mechanism used in the HTTP/2 protocol to notify the peer that t...

5.3CVSS5.9AI score0.00445EPSS
Exploits0References86
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.15 views

PT-2026-50702

Name of the Vulnerable Software and Affected Versions Node.js version 22 Node.js version 24 Node.js version 26 Description A flaw in the Permission Model enforcement allows a bypass through path misvalidation in the process.report.writeReport function. This issue can result in a confidentiality...

1.8CVSS5.8AI score0.00208EPSS
Exploits0References108
Total number of security vulnerabilities187305