Lucene search
+L
PtsecurityRecent

187352 matches found

ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50707

Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 3.4.0 Description An integer overflow exists in the drl field of the fcgi conn structure within the FastCGI parser. When the contentLength is 65535 and the paddingLength is 1 or more, the drl field wraps to 0. This...

9.1CVSS5.9AI score0.00321EPSS
Exploits0References31
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.20 views

PT-2026-50708

Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 3.4.0 Description A null pointer dereference occurs in the hpack dht insert function within src/hpack-tbl.c because the return value of hpack dht defrag is not validated when the memory pool is exhausted. An attacker...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References30
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.18 views

PT-2026-50639

The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasics user avatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes min height,...

6.4CVSS5.5AI score0.00193EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.21 views

PT-2026-50820

Name of the Vulnerable Software and Affected Versions AVer PTC500S affected versions not specified AVer PTC115 affected versions not specified AVer PTC500+ affected versions not specified AVer PTC115+ affected versions not specified Description Improper input validation in these networked...

9.8CVSS6.5AI score0.00616EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.26 views

PT-2026-50795

Name of the Vulnerable Software and Affected Versions mcp-pinot versions prior to 3.1.0 Description mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. The software defaults to running an HTTP MCP server bound to 0.0.0.0:8080 without authentication. Th...

10CVSS5.9AI score0.00498EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.22 views

PT-2026-50743

Name of the Vulnerable Software and Affected Versions opentelemetry-collector-contrib affected versions not specified Description The githubreceiver webhook handler fails to enforce the required headers configuration. While these headers are validated during startup, they are not checked on...

6.9CVSS6AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.30 views

PT-2026-50788

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 26.3.1-1.1 Description Security issues were identified in Node.js that could compromise server infrastructure. Recommendations Update to version 26.3.1-1.1...

9.8CVSS6.7AI score0.02806EPSS
Exploits1References172
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.17 views

PT-2026-50738

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.11.0 ZITADEL versions 3.0.0 through 3.4.11 Description An authentication bypass exists in the external JWT Identity Provider IdP implementation. While the system validates the cryptographic signature and the...

4.2CVSS5.9AI score0.00112EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.12 views

PT-2026-50339

Unauthenticated PHP Object Injection in Thrive Apprentice 10.8.10.2 versions...

9.8CVSS5.3AI score0.00375EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.22 views

PT-2026-50565

Name of the Vulnerable Software and Affected Versions Steeltoe.Management.Endpoint versions prior to 4.2.0 Steeltoe.Management.EndpointCore versions prior to 3.4.0 Description Steeltoe actuator endpoints default to EndpointPermissions.Restricted, which maps to Cloud Foundry's read basic data...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.20 views

PT-2026-50571

Name of the Vulnerable Software and Affected Versions ThingsBoard affected versions not specified Description Prototype pollution occurs when an attacker can manipulate the prototype of an object, potentially leading to arbitrary code execution within a sandboxed context. This issue can be...

8.6CVSS7.6AI score0.00603EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.16 views

PT-2026-50523

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The handle session export handler in api/routes.py fails to verify active-profile ownership before serializing session...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.22 views

PT-2026-50251

Name of the Vulnerable Software and Affected Versions Trivy versions prior to 0.71.1 Description Trivy improperly trusts the org.opencontainers.image.title annotation in an OCI artifact manifest, using it as the destination filename when downloading content without proper validation or...

7.5CVSS5.9AI score0.00292EPSS
Exploits0References16
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.16 views

PT-2026-50547

Today I received a public security credit for a vulnerability I responsibly disclosed: CVE-2026-54683 – Improper authorization in NL Portal The vulnerability allowed any authenticated portal user to download documents belonging to other users when they had access to a valid document identifier. A...

6.5CVSS5.2AI score
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.16 views

PT-2026-50272

Unauthenticated Cross Site Scripting XSS in Sonaar = 4.27.4 versions...

7.1CVSS5.1AI score0.0023EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.20 views

PT-2026-50301

Unauthenticated Local File Inclusion in Mikado Core = 1.6 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.23 views

PT-2026-50412

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

6.5CVSS5.2AI score0.00351EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.21 views

PT-2026-50601

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.5 Description A Deno program opening a client WebSocket connection can be crashed by a remote server. During the WebSocket handshake response, Deno parsed the 'Sec-WebSocket-Protocol' and 'Sec-WebSocket-Extensions'...

4.3CVSS5.9AI score0.00183EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.17 views

PT-2026-50310

Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...

7.1CVSS5.2AI score0.00175EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.15 views

PT-2026-50332

Unauthenticated Privilege Escalation in LoginPress Pro = 6.2.2 versions...

9.8CVSS5.2AI score0.00321EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.15 views

PT-2026-50344

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...

9CVSS5.2AI score0.00294EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.21 views

PT-2026-50225

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.5AI score0.0008EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.32 views

PT-2026-50374

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6...

7.1CVSS8.3AI score0.00146EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.13 views

PT-2026-50287

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.20 views

PT-2026-50340

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS5.2AI score0.00548EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.20 views

PT-2026-50327

Unauthenticated Cross Site Scripting XSS in Profile Builder Pro = 3.15.0 versions...

7.1CVSS5.2AI score0.0023EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.15 views

PT-2026-50241

In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.4AI score0.00115EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.21 views

PT-2026-50239

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in the transfer function of the PackageInstaller.Session class within frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java allows for a memory...

10CVSS6AI score0.00125EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.19 views

PT-2026-50350

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.15 views

PT-2026-50322

Unauthenticated Cross Site Scripting XSS in collectchat = 2.4.9 versions...

7.1CVSS5.2AI score0.0023EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.17 views

PT-2026-50424

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...

9.3CVSS5.5AI score0.00236EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.17 views

PT-2026-50387

Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1...

9.8CVSS5.2AI score0.00313EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.27 views

PT-2026-50400

Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.18 views

PT-2026-50457

Name of the Vulnerable Software and Affected Versions Katello of Red Hat Satellite affected versions not specified Description Insufficient authorization checks in the ContentUploadsController within the content upload functionality allow authenticated users with the edit products permission to...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.14 views

PT-2026-50379

Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or...

5.1CVSS5.4AI score0.0042EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.21 views

PT-2026-50254

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

6.6CVSS6AI score0.00535EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.14 views

PT-2026-50279

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

8.1CVSS5.2AI score0.00363EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.16 views

PT-2026-50390

Unauthenticated Cross Site Scripting XSS in Avante 3.0.5 versions...

7.1CVSS5.1AI score0.0023EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.15 views

PT-2026-50299

Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...

6.5CVSS5.2AI score0.00252EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.18 views

PT-2026-50568

Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Encryption versions 4.0.0 through 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where configuring the encrypt:rsa:algorithm variable with...

1.9CVSS5.9AI score0.00046EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.23 views

PT-2026-50356

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

9.8CVSS5.2AI score0.0045EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.15 views

PT-2026-50381

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITYSYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...

8.4CVSS5.5AI score0.00126EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.12 views

PT-2026-50270

Unauthenticated Local File Inclusion in Joly = 1.22.0 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.19 views

PT-2026-50311

Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...

7.5CVSS5.2AI score0.004EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.16 views

PT-2026-50273

Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...

8.8CVSS5.2AI score0.00378EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.19 views

PT-2026-50317

Subscriber Arbitrary File Upload in Restaurant Zone = 0.7.8 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.23 views

PT-2026-50534

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.7.2 Description The MCP SSE server allows unauthenticated cross-origin MCP tool invocation because the server defaults to an empty secret and the isAuthorized function returns true when the secret is empty. While...

9.1CVSS5.2AI score0.00297EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.15 views

PT-2026-50605

Name of the Vulnerable Software and Affected Versions handlebars versions prior to 4.5.2 Description Applications that pass user-controlled input to the Handlebars.compile function using a FileTemplateLoader or ClassPathTemplateLoader are susceptible to arbitrary file read. This occurs when web...

7.5CVSS6.1AI score0.00414EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.21 views

PT-2026-50330

Name of the Vulnerable Software and Affected Versions JetSmartFilters versions prior to 3.8.2 Description An unauthenticated SQL Injection allows an attacker to interfere with the queries that an application makes to its database. This occurs in the JetSmartFilters WordPress plugin. Recommendatio...

9.3CVSS6AI score0.00372EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.22 views

PT-2026-50240

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.9AI score0.00148EPSS
Exploits0References3
Total number of security vulnerabilities187352