Lucene search
+L
PtsecurityRecent

187392 matches found

ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50571

Name of the Vulnerable Software and Affected Versions ThingsBoard affected versions not specified Description Prototype pollution occurs when an attacker can manipulate the prototype of an object, potentially leading to arbitrary code execution within a sandboxed context. This issue can be...

8.6CVSS7.6AI score0.00603EPSS
Exploits0References5
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50523

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The handle session export handler in api/routes.py fails to verify active-profile ownership before serializing session...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References5
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•22 views

PT-2026-50251

Name of the Vulnerable Software and Affected Versions Trivy versions prior to 0.71.1 Description Trivy improperly trusts the org.opencontainers.image.title annotation in an OCI artifact manifest, using it as the destination filename when downloading content without proper validation or...

7.5CVSS5.9AI score0.00292EPSS
Exploits0References16
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50272

Unauthenticated Cross Site Scripting XSS in Sonaar = 4.27.4 versions...

7.1CVSS5.1AI score0.0023EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50301

Unauthenticated Local File Inclusion in Mikado Core = 1.6 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50412

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

6.5CVSS5.2AI score0.00351EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50601

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.5 Description A Deno program opening a client WebSocket connection can be crashed by a remote server. During the WebSocket handshake response, Deno parsed the 'Sec-WebSocket-Protocol' and 'Sec-WebSocket-Extensions'...

4.3CVSS5.9AI score0.00183EPSS
Exploits0References7
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•17 views

PT-2026-50310

Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...

7.1CVSS5.2AI score0.00175EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50332

Unauthenticated Privilege Escalation in LoginPress Pro = 6.2.2 versions...

9.8CVSS5.2AI score0.00321EPSS
Exploits0References3
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50344

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...

9CVSS5.2AI score0.00294EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50225

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.5AI score0.0008EPSS
Exploits0References3
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•32 views

PT-2026-50374

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6...

7.1CVSS8.3AI score0.00146EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•13 views

PT-2026-50287

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50340

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

9.8CVSS5.2AI score0.00548EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50327

Unauthenticated Cross Site Scripting XSS in Profile Builder Pro = 3.15.0 versions...

7.1CVSS5.2AI score0.0023EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50241

In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.4AI score0.00115EPSS
Exploits0References3
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50239

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in the transfer function of the PackageInstaller.Session class within frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java allows for a memory...

10CVSS6AI score0.00125EPSS
Exploits0References4
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50350

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•17 views

PT-2026-50424

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...

9.3CVSS5.5AI score0.00236EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•17 views

PT-2026-50387

Deserialization of Untrusted Data vulnerability in EMV The Hospital nrghospital allows Object Injection. This issue affects The Hospital: from n/a through 1.8.1...

9.8CVSS5.2AI score0.00313EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•27 views

PT-2026-50400

Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50457

Name of the Vulnerable Software and Affected Versions Katello of Red Hat Satellite affected versions not specified Description Insufficient authorization checks in the ContentUploadsController within the content upload functionality allow authenticated users with the edit products permission to...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References11
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•14 views

PT-2026-50379

Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or...

5.1CVSS5.4AI score0.0042EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50254

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

6.6CVSS6AI score0.00535EPSS
Exploits0References6
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•14 views

PT-2026-50279

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

8.1CVSS5.2AI score0.00363EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50390

Unauthenticated Cross Site Scripting XSS in Avante 3.0.5 versions...

7.1CVSS5.1AI score0.0023EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50299

Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...

6.5CVSS5.2AI score0.00252EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50568

Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Encryption versions 4.0.0 through 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where configuring the encrypt:rsa:algorithm variable with...

1.9CVSS5.9AI score0.00046EPSS
Exploits0References8
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50356

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

9.8CVSS5.2AI score0.0045EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50381

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITYSYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...

8.4CVSS5.5AI score0.00126EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•12 views

PT-2026-50270

Unauthenticated Local File Inclusion in Joly = 1.22.0 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50311

Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...

7.5CVSS5.2AI score0.004EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50273

Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...

8.8CVSS5.2AI score0.00378EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50317

Subscriber Arbitrary File Upload in Restaurant Zone = 0.7.8 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50534

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.7.2 Description The MCP SSE server allows unauthenticated cross-origin MCP tool invocation because the server defaults to an empty secret and the isAuthorized function returns true when the secret is empty. While...

9.1CVSS5.2AI score0.00297EPSS
Exploits0References8
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50605

Name of the Vulnerable Software and Affected Versions handlebars versions prior to 4.5.2 Description Applications that pass user-controlled input to the Handlebars.compile function using a FileTemplateLoader or ClassPathTemplateLoader are susceptible to arbitrary file read. This occurs when web...

7.5CVSS6.1AI score0.00414EPSS
Exploits0References11
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50330

Name of the Vulnerable Software and Affected Versions JetSmartFilters versions prior to 3.8.2 Description An unauthenticated SQL Injection allows an attacker to interfere with the queries that an application makes to its database. This occurs in the JetSmartFilters WordPress plugin. Recommendatio...

9.3CVSS6AI score0.00372EPSS
Exploits0References3
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•22 views

PT-2026-50240

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.9AI score0.00148EPSS
Exploits0References3
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50566

Name of the Vulnerable Software and Affected Versions Steeltoe.Security.Authentication.CloudFoundryBase versions prior to 3.4.0 Steeltoe.Security.Authentication.JwtBearer versions prior to 4.2.0 Steeltoe.Security.Authentication.OpenIdConnect versions prior to 4.2.0 Description The JWT signing key...

5.9CVSS5.8AI score0.0029EPSS
Exploits0References9
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50433

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description A missing authentication for critical function issue exists. An unauthenticated attacker with adjacent network access could exploit this to achieve code execution, denial of...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•44 views

PT-2026-50223

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS5.6AI score0.00094EPSS
Exploits0References3
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•24 views

PT-2026-50292

Unauthenticated Cross Site Request Forgery CSRF in WordPress Dating Theme = 11.2.0 versions...

8.8CVSS5.2AI score0.00184EPSS
Exploits0References1
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50544

Name of the Vulnerable Software and Affected Versions PHP Standard Library PSL versions 6.1.0 through 6.1.1 PHP Standard Library PSL version 6.2.0 Description The PslH2ServerConnection function does not validate that the total bytes received in DATA frames match the content-length header declared...

7.5CVSS5.9AI score0.00267EPSS
Exploits0References10
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50551

Name of the Vulnerable Software and Affected Versions joserfc versions 1.3.4 through 1.6.5 Description joserfc is a Python library implementing JSON Object Signing and Encryption JOSE standards. The library fails to apply the JWSRegistry.max payload length limit when processing RFC7797 b64=false...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References19
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•26 views

PT-2026-50535

Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.2 Description A stored Cross-Site Scripting XSS issue exists in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside ...

5.8CVSS5.3AI score0.0012EPSS
Exploits0References4
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•27 views

PT-2026-50539

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.4 Description Tinyproxy fails to reject requests containing multiple Content-Length headers with differing values. The software forwards all duplicate headers to the backend but uses only the first value to...

9.3CVSS6.1AI score0.00439EPSS
Exploits0References11
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50538

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to commit ff45d3b Description Tinyproxy fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine the number o...

9.3CVSS6.1AI score0.00439EPSS
Exploits0References11
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50530

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.3 commit 09312a1 Description Improper validation of the Host header during stathost detection allows unauthenticated attackers to access the statistics page by injecting a matching Host header or bypassing...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References11
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50448

Name of the Vulnerable Software and Affected Versions OpenStack Horizon versions prior to 25.7.4 Description OpenStack Horizon produces scripts for OpenStack RC file downloading that may contain a crafted project name with shell metacharacters. Shell metacharacters are special characters...

6CVSS6.2AI score0.0019EPSS
Exploits0References14
ptsecurity
ptsecurity
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50442

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A heap buffer over-read exists in the ngx http charset module module. This occurs when content is served or proxied through a location blo...

6.3CVSS6AI score0.00398EPSS
Exploits0References12
Total number of security vulnerabilities187392