Lucene search
+L
PtsecurityRecent

187410 matches found

ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.18 views

PT-2026-50204

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A race condition in the Safe Browsing component of Google Chrome on Mac allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escap...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References42
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.18 views

PT-2026-50198

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description An inappropriate implementation in the WebView component allows a remote attacker to perform privilege escalation by using a crafted HTML page. Recommendations Update Google...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References39
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.12 views

PT-2026-50195

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in Extensions allows an attacker who convinces a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Use...

9.6CVSS5.8AI score0.00601EPSS
Exploits0References40
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.22 views

PT-2026-50600

Name of the Vulnerable Software and Affected Versions org.hl7.fhir.utilities versions 6.9.8 and earlier Description The org.hl7.fhir.utilities library contains an XML External Entity XXE injection flaw. The saxonTransform function overloads instantiate a bare net.sf.saxon.TransformerFactoryImpl...

9.2CVSS6AI score0.00309EPSS
Exploits1References8
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.21 views

PT-2026-50470

Name of the Vulnerable Software and Affected Versions undici version 8.1.0 Description The undici WebSocket client enforces maxPayloadSize on a per-frame basis but fails to enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream numerous small...

7.5CVSS5.8AI score0.00426EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.19 views

PT-2026-50373

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7...

4.3CVSS5.2AI score0.00208EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.17 views

PT-2026-50276

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

7.7CVSS5.2AI score0.0045EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.21 views

PT-2026-50263

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

5.3AI score0.00312EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.19 views

PT-2026-50309

Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...

9.3CVSS5.8AI score0.00372EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.22 views

PT-2026-50256

Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network attacker can obtain privileged information without requiring registration. This information disclosure occurs by using the Version command through the endpoint...

6.9CVSS5.9AI score0.00394EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.14 views

PT-2026-50372

Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5...

6.5CVSS5.2AI score0.00269EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.9 views

PT-2026-54556

Уязвимость класса DefaultLdapRealm фреймворка Apache Shiro связана с непринятием мер по нейтрализации специальных элементов в запросе LDAP. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти ограничения безопасности и осуществить подмену данных...

9.4CVSS5.8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.17 views

PT-2026-50267

Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...

9.9CVSS5.2AI score0.00471EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.24 views

PT-2026-50461

Name of the Vulnerable Software and Affected Versions Cisco Umbrella Virtual Appliance affected versions not specified Description An issue in the vmadmin CLI of Cisco Umbrella Virtual Appliance allows an authenticated, local attacker to elevate privileges. This is caused by insufficient validati...

6.2CVSS5.9AI score0.00104EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.23 views

PT-2026-50281

Subscriber Arbitrary File Upload in Restaurt = 1.0.4 versions...

9.9CVSS5.2AI score0.00465EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.26 views

PT-2026-50280

Unauthenticated Local File Inclusion in Reprizo = 1.0.8 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.23 views

PT-2026-50348

Unauthenticated SQL Injection in JobSearch = 3.2.9 versions...

9.3CVSS5.8AI score0.00297EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.16 views

PT-2026-50293

Unauthenticated Broken Access Control in WordPress Dating Theme = 11.2.0 versions...

8.6CVSS5.2AI score0.00261EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.17 views

PT-2026-50316

Unauthenticated PHP Object Injection in Reina = 2.1 versions...

8.1CVSS5.4AI score0.00395EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.22 views

PT-2026-50305

Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...

8.1CVSS5.4AI score0.00395EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.20 views

PT-2026-50306

Unauthenticated Local File Inclusion in Hitek 1.8.3 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.19 views

PT-2026-50243

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks...

5.2AI score0.0014EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.16 views

PT-2026-50434

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description Improper Access Control allows a low privileged attacker with remote access to potentially cause a denial of service, a condition where the system becomes unavailable to its...

7.1CVSS5.8AI score0.00183EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.25 views

PT-2026-50545

Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile with an empty folder...

7.1CVSS5.4AI score0.00343EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.14 views

PT-2026-50540

Impact Having the Topic and User operators to watch different namespaces than the one where the Kafka cluster is deployed, is a fully documented feature. When the watchedNamespace field is used within the Topic or User operator as part of the Kafka.spec.entityOperator field, the Cluster Operator...

8CVSS5.4AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.18 views

PT-2026-50419

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.109...

8.1CVSS5.3AI score0.00337EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.25 views

PT-2026-50526

Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description Improper access controls exist within the Student Self-Registration Endpoint in the /index.php file. This flaw allows for remote exploitation,...

7.5CVSS7.2AI score0.00284EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.25 views

PT-2026-50502

Name of the Vulnerable Software and Affected Versions Splunk AI Toolkit versions prior to 5.7.4 Description A user with the "admin" Splunk role can execute arbitrary OS commands on the host running the Splunk Enterprise instance. This is caused by an unsafe shell execution pattern in the btool...

9.1CVSS5.9AI score0.00469EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.21 views

PT-2026-50459

Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Cisco ISE-PIC affected versions not specified Description Improper authorization checks when accessing a resource could allow an unauthenticated, remote attacker to view sensitive information on an...

7.5CVSS5.8AI score0.00407EPSS
Exploits0References17
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.19 views

PT-2026-50594

Name of the Vulnerable Software and Affected Versions Claude Code versions 0.2.54 through 2.1.162 Description The WebFetch tool pre-approved the hostname 'huggingface.co' as a bare hostname, allowing any path on that domain to be auto-approved without a permission prompt or restrictions from...

6CVSS5.9AI score0.00403EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.18 views

PT-2026-50321

Unauthenticated PHP Object Injection in EasyMeals = 1.5.1 versions...

8.1CVSS5.4AI score0.00308EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.16 views

PT-2026-50357

Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...

7.6CVSS5.2AI score0.00282EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.13 views

PT-2026-50226

In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5AI score0.00065EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.18 views

PT-2026-50297

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

9.9CVSS5.2AI score0.00319EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.18 views

PT-2026-50247

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...

5.2AI score0.00146EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.19 views

PT-2026-50282

Unauthenticated Cross Site Scripting XSS in Auto Repair = 22.6 versions...

7.1CVSS5.1AI score0.00244EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.20 views

PT-2026-50420

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

9.3CVSS5.5AI score0.00236EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.20 views

PT-2026-50443

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description Improper Authentication allows an unauthenticated attacker with adjacent network access to potentially gain unauthorized access, leading to information disclosure and informati...

8.1CVSS5.8AI score0.0021EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.23 views

PT-2026-50507

Name of the Vulnerable Software and Affected Versions RTI Connext Micro versions 4.0.0 through 4.2.x Description An out-of-bounds read issue in the Core Libraries allows for overread buffers, which occurs when the software reads data past the end of the intended buffer. Recommendations Update to...

8.8CVSS6.1AI score0.00249EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.14 views

PT-2026-50446

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

9.3CVSS5.5AI score0.00291EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.22 views

PT-2026-50511

Name of the Vulnerable Software and Affected Versions NVIDIA Spatial Intelligence Lab's SIL GEN3C affected versions not specified Description The inference API server contains an unauthenticated remote code execution flaw. The endpoints '/request-inference' and '/seed-model' deserialize raw HTTP...

9.8CVSS6.8AI score0.00685EPSS
Exploits1References9
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.24 views

PT-2026-50385

Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection. This issue affects Lagom: from n/a through 2.0...

9.8CVSS5.2AI score0.00426EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.16 views

PT-2026-50556

Name of the Vulnerable Software and Affected Versions Steeltoe.Management.Endpoint versions prior to 4.2.0 Steeltoe.Management.EndpointCore versions prior to 3.4.0 Description The Sanitizer component in the Environment actuator redacts configuration values by matching key names against a suffix...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.27 views

PT-2026-50367

Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8...

8.3CVSS5.2AI score0.00293EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.21 views

PT-2026-50369

Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1...

5.3CVSS5.2AI score0.00249EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.20 views

PT-2026-50584

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.2 Description Authenticated self routes under the /api/v1/user/... group do not properly enforce the public-only token restriction. This allows a token or OAuth grant marked as public-only to access or modify priva...

8.1CVSS5.9AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.22 views

PT-2026-50244

Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.7 Description An information disclosure issue exists where the edit context on a REST endpoint is not properly restricted by the edit users capability. This allows unauthenticated visitors to retrieve sensitive...

5.3CVSS5.8AI score0.00424EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.16 views

PT-2026-50559

In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash...

5.5AI score0.00278EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.25 views

PT-2026-50363

Name of the Vulnerable Software and Affected Versions WP Media folder Addon versions prior to 4.0.2 Description An unauthenticated arbitrary file download issue exists in the software, allowing an attacker to download files without providing credentials. Recommendations Update to version 4.0.2 or...

7.5CVSS6AI score0.00467EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.24 views

PT-2026-50370

Cross-Site request forgery CSRF vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0...

4.3CVSS5.2AI score0.00127EPSS
Exploits0References1
Total number of security vulnerabilities187410