Lucene search
+L
PtsecurityRecent

187421 matches found

Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50303

Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...

7.6CVSS5.2AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•17 views

PT-2026-50503

Name of the Vulnerable Software and Affected Versions Connext Professional versions 7.4.0 through 7.6.x Connext Professional versions 7.0.0 through 7.3.1.2 Connext Professional versions 6.1.0 through 6.1.x Connext Professional versions 6.0.0 through 6.0.x Connext Professional versions 5.3.0 throu...

9.2CVSS6.3AI score0.00189EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•7 views

PT-2026-53071

Impact Three mutating endpoints in the evaluation test runs controller authorized state-changing actions using workflow:read instead of the action-appropriate workflow:execute scope. An authenticated user with project:viewer role on a project could start new evaluation test runs, cancel in-flight...

5.4CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•25 views

PT-2026-50421

Improper Control of Generation of Code 'Code Injection' vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21...

7.5CVSS5.4AI score0.00292EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50436

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description Improper Access Control allows a low privileged attacker with remote access to potentially cause a denial of service, a condition where the system becomes unavailable to its...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•22 views

PT-2026-50318

Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50324

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.37 versions...

9.9CVSS5.5AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50445

Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexi XPay: from n/a through 8.3.1...

7.5CVSS5.2AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50313

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

6.5CVSS5.2AI score0.00412EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50347

Subscriber SQL Injection in Cornerstone 7.8.8 versions...

8.5CVSS5.8AI score0.00342EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•21 views

PT-2026-50463

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description An improper neutralization of special elements used in an SQL command, known as SQL Injection, allows a low privileged attacker with adjacent network access to potentially caus...

5.7CVSS5.8AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50304

Unauthenticated Local File Inclusion in Malmö = 2.2 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•14 views

PT-2026-50409

Unauthenticated PHP Object Injection in Moderno 1.43 versions...

9.8CVSS5.3AI score0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•30 views

PT-2026-50431

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 4.8 Description An unauthenticated attacker with remote access can exploit the inclusion of functionality from an untrusted control sphere, which may lead to information disclosure. Recommendations Upda...

7.5CVSS5.3AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50426

Cross-site request forgery CSRF in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection...

8.3CVSS5.3AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•14 views

PT-2026-50464

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager affected versions not specified Description An improper neutralization of special elements used in an SQL command allows a low privileged attacker with adjacent network access to perform SQL injection, which could...

8CVSS5.8AI score0.00229EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50418

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0...

8.5CVSS5.5AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50376

Name of the Vulnerable Software and Affected Versions HCL iControl affected versions not specified Description HCL iControl is affected by an inadequate session timeout issue. This occurs when a web application fails to automatically terminate user sessions after a period of inactivity, potential...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•22 views

PT-2026-50248

Three NVIDIA NeMo vulnerabilities CVE-2026-24155, CVE-2026-24252, CVE-2026-24228 enable code execution. Update NeMo Framework to v2.7.3 now. NVIDIA NeMo CVE202624155 AISecurity InfoSec https://t.co/VykvC24Ed4 https://t.co/93wJfksSbS...

7.8CVSS5.4AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•25 views

PT-2026-50440

Name of the Vulnerable Software and Affected Versions Python StateMachine versions 3.0.0 through 3.1.x Description An issue exists where the library evaluates expressions from SCXML documents unsafely. The SCXMLProcessor passes attacker-controlled expression strings from attributes through a call...

9.8CVSS6.2AI score0.01188EPSS
Exploits1References15
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•22 views

PT-2026-50553

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize image, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS5.3AI score0.00747EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50271

Unauthenticated Local File Inclusion in HomeRoofer = 2.11.0 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•11 views

PT-2026-50368

Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1...

4.3CVSS5.2AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50389

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account...

8.8CVSS5.2AI score0.00383EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50441

DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed accoun...

6.8CVSS5.3AI score0.00184EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•12 views

PT-2026-50290

Unauthenticated Cross Site Scripting XSS in WPJobster = 6.3.5 versions...

7.1CVSS5.1AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50514

Name of the Vulnerable Software and Affected Versions RTI Connext Professional Web Integration Service versions 6.1.2 through 6.1.x RTI Connext Professional Web Integration Service versions 7.0.0 through 7.3.1.2 RTI Connext Professional Web Integration Service versions 7.4.0 through 7.x Descripti...

8.8CVSS6.2AI score0.00251EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50586

Name of the Vulnerable Software and Affected Versions Gitea versions 1.25.0 and later Description Gitea is subject to stored cross-site scripting XSS through the built-in 3D file viewer, which utilizes the Online3DViewer library. The issue occurs when a .gltf file contains an unsupported extensio...

8.7CVSS6AI score0.00336EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•24 views

PT-2026-50572

TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...

8.2CVSS5.4AI score0.00271EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•26 views

PT-2026-50494

Name of the Vulnerable Software and Affected Versions @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 @mariozechner/pi-coding-agent versions 0.50.0 through 0.73.1 Description Pi is a minimal terminal coding harness that used predictable paths under the operating system temporary...

7.3CVSS6.2AI score0.00115EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•13 views

PT-2026-50603

Name of the Vulnerable Software and Affected Versions CakePHP Authentication versions prior to 2.11.1 CakePHP Authentication versions prior to 3.3.6 CakePHP Authentication versions prior to 4.1.1 Description The getLoginRedirect function contains a weakness to backslash bypasses. This allows...

6.1CVSS5.9AI score0.0028EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50266

Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...

7.1CVSS5.1AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50405

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•32 views

PT-2026-50258

Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network attacker with registration access can introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the Hostname field of the configuration fil...

4.8CVSS6.2AI score0.00293EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•17 views

PT-2026-50465

Name of the Vulnerable Software and Affected Versions JimuReport versions prior to 2.3.5 Description Remote code execution is possible due to improper handling of Aviator expressions. The '/jmreport/executeSelectApi' endpoint passes user-supplied input directly to the Aviator expression engine...

9.1CVSS6.5AI score0.00471EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•11 views

PT-2026-50397

Unauthenticated Local File Inclusion in Solene Core = 2.3.2 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50319

Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•17 views

PT-2026-50336

Contributor PHP Object Injection in JetEngine = 3.8.9.1 versions...

9.8CVSS5.3AI score0.00375EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50396

Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•14 views

PT-2026-50245

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.5AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50329

Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...

6.5CVSS5.2AI score0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•19 views

PT-2026-50274

Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...

9.8CVSS5.4AI score0.00525EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50307

Subscriber Arbitrary File Upload in Webenvo = 0.0.6 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•16 views

PT-2026-50342

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50315

Unauthenticated Local File Inclusion in ChapterOne = 1.7 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•13 views

PT-2026-50353

Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•20 views

PT-2026-50308

Author Broken Access Control in W3 Total Cache = 2.9.1 versions...

4.7CVSS5.2AI score0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•18 views

PT-2026-50501

Name of the Vulnerable Software and Affected Versions Splunk AI Toolkit versions prior to 5.7.4 Description A low-privileged user without "admin" or "power" Splunk roles can force the application to make outbound HTTP requests to an attacker-controlled server, potentially leading to data...

4.3CVSS5.9AI score0.00217EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•12 views

PT-2026-50542

Just landed my first CVE. CVE-2026-55675. A beautiful vulnerability, maybe the most beautiful. Many people are saying it. On to the next one. Thank you for your attention to this matter. 🫡 https://t.co/qko1fgRAVb...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•15 views

PT-2026-50265

Cross-Site request forgery CSRF vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10...

4.3CVSS5.2AI score0.00117EPSS
Exploits0References1
Total number of security vulnerabilities187421