Lucene search
+L
PtsecurityRecent

187352 matches found

ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50566

Name of the Vulnerable Software and Affected Versions Steeltoe.Security.Authentication.CloudFoundryBase versions prior to 3.4.0 Steeltoe.Security.Authentication.JwtBearer versions prior to 4.2.0 Steeltoe.Security.Authentication.OpenIdConnect versions prior to 4.2.0 Description The JWT signing key...

5.9CVSS5.8AI score0.0029EPSS
Exploits0References9
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•14 views

PT-2026-50546

Impact In versions up to and including 3.0.0, two parts of the GraphQL API returned data without checking whether the data belonged to the logged-in user: - Document content. A logged-in user could download the raw content of any document by its ID, regardless of who owned it. The resolver has...

6.5CVSS5.8AI score
Exploits0References4
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50433

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description A missing authentication for critical function issue exists. An unauthenticated attacker with adjacent network access could exploit this to achieve code execution, denial of...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•44 views

PT-2026-50223

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS5.6AI score0.00094EPSS
Exploits0References3
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•24 views

PT-2026-50292

Unauthenticated Cross Site Request Forgery CSRF in WordPress Dating Theme = 11.2.0 versions...

8.8CVSS5.2AI score0.00184EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50544

Name of the Vulnerable Software and Affected Versions PHP Standard Library PSL versions 6.1.0 through 6.1.1 PHP Standard Library PSL version 6.2.0 Description The PslH2ServerConnection function does not validate that the total bytes received in DATA frames match the content-length header declared...

7.5CVSS5.9AI score0.00267EPSS
Exploits0References10
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50551

Name of the Vulnerable Software and Affected Versions joserfc versions 1.3.4 through 1.6.5 Description joserfc is a Python library implementing JSON Object Signing and Encryption JOSE standards. The library fails to apply the JWSRegistry.max payload length limit when processing RFC7797 b64=false...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References19
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•26 views

PT-2026-50535

Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.2 Description A stored Cross-Site Scripting XSS issue exists in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside ...

5.8CVSS5.3AI score0.0012EPSS
Exploits0References4
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•27 views

PT-2026-50539

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.4 Description Tinyproxy fails to reject requests containing multiple Content-Length headers with differing values. The software forwards all duplicate headers to the backend but uses only the first value to...

9.3CVSS6.1AI score0.00439EPSS
Exploits0References11
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50538

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to commit ff45d3b Description Tinyproxy fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine the number o...

9.3CVSS6.1AI score0.00439EPSS
Exploits0References11
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50530

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.3 commit 09312a1 Description Improper validation of the Host header during stathost detection allows unauthenticated attackers to access the statistics page by injecting a matching Host header or bypassing...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References11
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50448

Name of the Vulnerable Software and Affected Versions OpenStack Horizon versions prior to 25.7.4 Description OpenStack Horizon produces scripts for OpenStack RC file downloading that may contain a crafted project name with shell metacharacters. Shell metacharacters are special characters...

6CVSS6.2AI score0.0019EPSS
Exploits0References14
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50442

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A heap buffer over-read exists in the ngx http charset module module. This occurs when content is served or proxied through a location blo...

6.3CVSS6AI score0.00398EPSS
Exploits0References12
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•24 views

PT-2026-50439

Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.31.0 through 1.31.1 NGINX Ingress Controller affected versions not specified NGINX Gateway Fabric affected versions not specified NGINX Instance Manager affected versions not specified Description A use-after-free...

9.2CVSS7.1AI score0.03225EPSS
Exploits3References91
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50249

Name of the Vulnerable Software and Affected Versions snes9x version 1.63 Description An out-of-bounds write occurs when loading a ROM alongside a crafted .ups patch file, which can lead to a denial of service and cause the emulator to crash. Recommendations At the moment, there is no information...

2.9CVSS5.8AI score0.00125EPSS
Exploits0References6
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50238

A vulnerability in nltk.app.wordnet app up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request /SHUTDOWN%20THE%20SERVER to...

7.5CVSS7.4AI score0.00325EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50196

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in the Passwords component allows a remote attacker to leak cross-origin data, which is data from a different domain than the one serving the current...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References39
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•22 views

PT-2026-50205

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Tab Strip component. This occurs when a program continues to use a pointer after it has been freed, which can lead to heap corruption a memory...

8.8CVSS5.8AI score0.00601EPSS
Exploits0References42
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•24 views

PT-2026-50202

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description A use after free issue in the Downloads component allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free occurs when an...

8.8CVSS5.8AI score0.00601EPSS
Exploits0References41
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50194

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An out-of-bounds read in Chromoting allows a local attacker to obtain potentially sensitive information from process memory by using a malicious file. An out-of-bounds read occurs when...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References39
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50199

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in Chromoting on Windows allows a local attacker to achieve OS-level privilege escalation by using a malicious file. Use after free is a memory corruption flaw...

9.6CVSS5.8AI score0.00601EPSS
Exploits0References42
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50215

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An object lifecycle issue in Metrics allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use of a...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References41
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50201

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use-after-free issue exists in DigitalCredentials. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote attack...

9.6CVSS6.3AI score0.00601EPSS
Exploits0References42
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50216

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A heap buffer overflow exists in WebRTC in Google Chrome on Windows. A remote attacker can execute arbitrary code by inducing the victim to open a crafted HTML page. A heap buffer...

9.6CVSS6.6AI score0.00601EPSS
Exploits0References41
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50203

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description Insufficient validation of untrusted input allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanism that...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References40
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50190

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in DigitalCredentials on Windows allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free occurs when an...

9.6CVSS6.1AI score0.00601EPSS
Exploits0References41
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50211

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An out-of-bounds read exists in WebRTC Web Real-Time Communication, a project that provides websites and applications with real-time communication capabilities in Google Chrome on...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References40
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•17 views

PT-2026-50219

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description An uninitialized use in the GPU allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version 149.0.7827.155 o...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References38
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50206

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in Extensions allows an attacker to bypass the Same Origin Policy SOP—a security mechanism that restricts how a document or script loaded from one origi...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References40
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50214

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in the Browser component allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achieved...

9.6CVSS5.8AI score0.00601EPSS
Exploits0References42
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•12 views

PT-2026-53079

Local Privilege Escalation via LIBMOUNT FORCE MOUNT2 Environment Variable - nosuid/noexec Bypass in SUID mount8...

5.8AI score
Exploits0References6
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•22 views

PT-2026-50543

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted...

5.8CVSS5.2AI score0.0013EPSS
Exploits0References2
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•26 views

PT-2026-50536

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...

4.8CVSS5.3AI score0.00115EPSS
Exploits0References2
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50516

Name of the Vulnerable Software and Affected Versions undici versions 6.x prior to 6.26.0 undici versions 7.0.0 through 7.27.x undici versions 8.x prior to 8.5.0 Description The cookie parser in the parseSetCookie function percent-decodes cookie values using qsUnescape, which converts encoded...

5.9CVSS5.5AI score0.00257EPSS
Exploits0References86
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50429

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component when NGINX Plus is used as the data plane. User-supplied string values from the serverTokens field of the...

8.6CVSS6AI score0.00567EPSS
Exploits0References11
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50430

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw exists in the aclp normalize acltxt function within aclparse.c. A malformed Access Control Instruction ACI string can trigger heap-buffer-overflow writes and reads during...

5.4CVSS5.8AI score0.00226EPSS
Exploits0References12
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•33 views

PT-2026-50438

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A flaw in the ngx http proxy v2 module and ngx http grpc module modules can be triggered when NGINX is configured to proxy HTTP/2 traffic...

9.2CVSS7.5AI score0.03552EPSS
Exploits1References86
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•24 views

PT-2026-50410

Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 2.2.1 Apache Shiro versions prior to 3.0.0-alpha-2 Description A remote attacker can inject LDAP special characters into the Distinguished Name DN construction within the DefaultLdapRealm class. User-supplied...

9.1CVSS5.3AI score0.00494EPSS
Exploits0References9
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50250

Got 2 CVEs today: CVE-2026-46655 - virtio-win kvm-guest-drivers - 7.8 High CVE-2026-46977 - Oracle VirtualBox - 3.2 Low...

3.2CVSS5.2AI score0.00162EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•28 views

PT-2026-50207

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in Extensions allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML page. Site isolation is a...

9.6CVSS5.8AI score0.00601EPSS
Exploits0References40
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50212

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use-after-free issue exists in the Media component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...

9.6CVSS6.2AI score0.00601EPSS
Exploits0References41
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•25 views

PT-2026-50217

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in Extensions allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A use after free...

9.6CVSS5.6AI score0.00601EPSS
Exploits0References42
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50210

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description Insufficient policy enforcement in File System Access allows a remote attacker who has compromised the renderer process to bypass site isolation by using a crafted PDF file. Site...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References40
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•26 views

PT-2026-50208

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in the Passwords component allows a remote attacker to leak cross-origin data. This occurs when a user is convinced to perform specific UI gestures on a...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References40
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•27 views

PT-2026-50193

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Web Authentication component. This allows a remote attacker to execute arbitrary code by inducing the user to open a specially crafted HTML page. U...

9.6CVSS6.3AI score0.00601EPSS
Exploits0References41
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•17 views

PT-2026-50200

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in the Media component allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References38
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50197

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A heap buffer overflow occurs in WebRTC, which is a framework that enables real-time communication such as voice and video calls within web browsers. This issue allows a remote attacke...

9.6CVSS6.5AI score0.00601EPSS
Exploits0References41
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•13 views

PT-2026-50189

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in Digital Credentials allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use after free is a condition where a program...

9.6CVSS5.8AI score0.00601EPSS
Exploits0References41
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•22 views

PT-2026-50218

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.155 Description A race condition in the Updater allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use of a...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References41
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•17 views

PT-2026-50187

Name of the Vulnerable Software and Affected Versions Google Chrome on Windows versions prior to 149.0.7827.155 Description A use-after-free issue exists in WebShare. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References42
Total number of security vulnerabilities187352