Lucene search
+L
PtsecurityRecent

187424 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.32 views

PT-2026-50260

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

5.3AI score0.00337EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50291

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

9.3CVSS5.8AI score0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.11 views

PT-2026-50398

Unauthenticated PHP Object Injection in Konsept = 1.9 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50228

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...

8.6CVSS5.7AI score0.01786EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50277

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

10CVSS5.2AI score0.00432EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.6 views

PT-2026-53080

Root has patched GHSA-wjpw-4j6x-6rwh in the io.root.org.eclipse.jetty:jetty-http package for Root:Maven. Multiple fixed versions available...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.8 views

PT-2026-53075

This update for helm rebuilds it against the current go security release...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50269

Unauthenticated Local File Inclusion in Neuronet 1.14.0 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.29 views

PT-2026-50288

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

8.5CVSS5.8AI score0.00347EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50343

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...

7.4CVSS5.2AI score0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50473

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'spreadsheet-fetch' endpoint, specifically within the axiosRequestMake function, improperly validated URLs. It accepted paths containing permitted extensions anywhere in the string and utilize...

5.1CVSS5.9AI score0.00282EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50283

Unauthenticated Cross Site Scripting XSS in Skillate = 1.2.10 versions...

7.1CVSS5.1AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50417

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10...

9.3CVSS5.5AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50524

Name of the Vulnerable Software and Affected Versions Devolutions UniGetUI versions prior to 2026.2.1 Description The pinget backend contains an issue where names or references are incorrectly resolved. This allows a WinGet community catalog contributor to correlate an installed application with ...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50377

Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising...

5.1CVSS5.4AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.12 views

PT-2026-50548

REDMOND, WA -- In a bold move to streamline its communications and bypass the traditional tech press altogether, Microsoft announced Tuesday that all future Windows updates and software features will be unveiled exclusively via their corresponding Common Vulnerabilities and Exposures CVE numbers...

6.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50529

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the download dir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...

7.4CVSS5.4AI score0.00304EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50366

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8...

7.5CVSS5.2AI score0.0043EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50554

Name of the Vulnerable Software and Affected Versions Steeltoe versions 3.2.2 through 3.3.0 Steeltoe version 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where management endpoints, when configured to listen on an...

8.2CVSS6AI score0.00238EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50583

Name of the Vulnerable Software and Affected Versions Gitea version 1.23 Description An authorization inconsistency exists between the web UI and the API regarding repository forking. The API endpoint POST /api/v1/repos/owner/repo/forks fails to verify the CanCreateOrgRepo permission, checking on...

8.1CVSS5.9AI score0.00304EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.44 views

PT-2026-52216

Name of the Vulnerable Software and Affected Versions Gitea Docker image versions prior to 1.26.3 Description A critical authentication bypass exists in the official Gitea Docker image due to an insecure default configuration in the app.ini file. The variable REVERSE PROXY TRUSTED PROXIES is set ...

10CVSS7.2AI score0.00783EPSS
Exploits5References98
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.28 views

PT-2026-50289

Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50540

Impact Having the Topic and User operators to watch different namespaces than the one where the Kafka cluster is deployed, is a fully documented feature. When the watchedNamespace field is used within the Topic or User operator as part of the Kafka.spec.entityOperator field, the Cluster Operator...

8CVSS5.4AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.27 views

PT-2026-50494

Name of the Vulnerable Software and Affected Versions @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 @mariozechner/pi-coding-agent versions 0.50.0 through 0.73.1 Description Pi is a minimal terminal coding harness that used predictable paths under the operating system temporary...

7.3CVSS6.2AI score0.00115EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50585

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An open redirect exists due to improper validation within the urlIsRelative function in modules/httplib/url.go. An attacker can bypass this validation by using directory traversal sequences...

6.1CVSS5.9AI score0.00248EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.26 views

PT-2026-50502

Name of the Vulnerable Software and Affected Versions Splunk AI Toolkit versions prior to 5.7.4 Description A user with the "admin" Splunk role can execute arbitrary OS commands on the host running the Splunk Enterprise instance. This is caused by an unsafe shell execution pattern in the btool...

9.1CVSS5.9AI score0.00469EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50395

Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.26 views

PT-2026-50610

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The JSON:API and REST modules allow image file uploads to image fields. The validation rules verify the file extension but fail to check the file MIME type Multipurpose Internet Mail...

4.8AI score0.00133EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.12 views

PT-2026-50378

Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited...

5.1CVSS5.3AI score0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50337

Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...

9.3CVSS5.7AI score0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.10 views

PT-2026-50382

Stored cross-site scripting XSS in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw...

6.2CVSS5.4AI score0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50286

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50510

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform': make att1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes...

4.8CVSS5AI score0.00133EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50383

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

5.3CVSS5.2AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50386

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS5.2AI score0.00426EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50462

Name of the Vulnerable Software and Affected Versions Dell AIOps Collector versions prior to 1.18.3 Description Fresh installations of the software contain an issue where default credentials are used. A low privileged attacker with console access could potentially exploit this to gain filesystem...

7.8CVSS5.9AI score0.00098EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.31 views

PT-2026-50401

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50532

Name of the Vulnerable Software and Affected Versions Punto Switcher affected versions not specified Description An unquoted-path flaw allows the execution of attacker-placed code at the user's privilege level. This issue occurs during a call made by a signed Windows binary at launch, enabling...

8.5CVSS6.5AI score0.00149EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50425

A stack-based buffer overflow exists in the raw to header function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width...

8.8CVSS6.2AI score0.00635EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50564

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Steeltoe affected versions not specified Description TypeBot contains an Insecure Direct Object Reference IDOR issue—a flaw where an application provides direct access to objects based on user-supplied...

7.1CVSS5.2AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50414

Name of the Vulnerable Software and Affected Versions Fusion Builder versions prior to 3.15.5 Description A path traversal issue allows users with the Contributor role to delete arbitrary files on the server. Recommendations Limit user roles as a temporary mitigation measure. At the moment, there...

7.7CVSS5.3AI score0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50558

In SignalRGB versions prior to 1.3.7.0, the .SignalIo device object is created without an explicit SDDL security descriptor and without FILE DEVICE SECURE OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and iss...

5.2AI score0.00087EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.27 views

PT-2026-50259

Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler versions prior to 3.4.2 Description A missing authorization check in the DataSource API allows unauthenticated users to expose arbitrary data source metadata. This occurs because the API does not require a login to acce...

9.8CVSS5.3AI score0.0039EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50295

Subscriber Broken Access Control in MetForm Pro = 3.9.1 versions...

4.3CVSS5.2AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50550

Name of the Vulnerable Software and Affected Versions CakePHP versions prior to 4.5.11 CakePHP versions 4.6.0 through 4.6.3 CakePHP versions 5.0.0 through 5.1.6 CakePHP versions 5.2.0 through 5.2.12 CakePHP versions 5.3.0 through 5.3.5 Description The getElementFileName function in the View class...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50495

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 3.6.21 Traefik versions prior to 3.7.5 Description An issue exists in the Kubernetes Gateway provider regarding the crossProviderNamespaces allowlist. When HTTPRoute rules declare multiple backendRefs Weighted Round...

7.1CVSS5.9AI score0.00318EPSS
Exploits2References17
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50597

Name of the Vulnerable Software and Affected Versions Filament versions 3.0.0 through 3.3.52 Description A disabled RichEditor field renders its raw state without sanitizing HTML. If the data stored in the field's state was not previously sanitized when the form state was filled, an attacker can...

7.6CVSS5.8AI score0.00168EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.12 views

PT-2026-50220

A path traversal in the SFTP provider SFTPHook.retrieve directory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is...

5.4AI score0.00626EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50328

Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...

8.8CVSS5.2AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.29 views

PT-2026-50458

Name of the Vulnerable Software and Affected Versions Autodesk Revit affected versions not specified Description A NULL Pointer Dereference occurs when the application attempts to read a memory address that is NULL, typically resulting in a crash. This issue is triggered when a maliciously crafte...

5.5CVSS5.8AI score0.00116EPSS
Exploits0References4
Total number of security vulnerabilities187424