Lucene search
+L
PtsecurityRecent

187518 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50347

Subscriber SQL Injection in Cornerstone 7.8.8 versions...

8.5CVSS5.8AI score0.00342EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50304

Unauthenticated Local File Inclusion in Malmö = 2.2 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50409

Unauthenticated PHP Object Injection in Moderno 1.43 versions...

9.8CVSS5.3AI score0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.30 views

PT-2026-50431

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 4.8 Description An unauthenticated attacker with remote access can exploit the inclusion of functionality from an untrusted control sphere, which may lead to information disclosure. Recommendations Upda...

7.5CVSS5.3AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50331

Name of the Vulnerable Software and Affected Versions Geo Mashup versions prior to 1.13.20 Description An SQL injection flaw exists in the Geo Mashup plugin, which allows users with subscriber privileges to execute unauthorized SQL commands. Recommendations Update to version 1.13.20 or later...

8.5CVSS6AI score0.00332EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50189

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in Digital Credentials allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use after free is a condition where a program...

9.6CVSS5.8AI score0.00601EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50219

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description An uninitialized use in the GPU allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version 149.0.7827.155 o...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References38
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50426

Cross-site request forgery CSRF in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection...

8.3CVSS5.3AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50418

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0...

8.5CVSS5.5AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50376

Name of the Vulnerable Software and Affected Versions HCL iControl affected versions not specified Description HCL iControl is affected by an inadequate session timeout issue. This occurs when a web application fails to automatically terminate user sessions after a period of inactivity, potential...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50248

Three NVIDIA NeMo vulnerabilities CVE-2026-24155, CVE-2026-24252, CVE-2026-24228 enable code execution. Update NeMo Framework to v2.7.3 now. NVIDIA NeMo CVE202624155 AISecurity InfoSec https://t.co/VykvC24Ed4 https://t.co/93wJfksSbS...

7.8CVSS5.4AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50553

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize image, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS5.3AI score0.00747EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50271

Unauthenticated Local File Inclusion in HomeRoofer = 2.11.0 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50389

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account...

8.8CVSS5.2AI score0.00383EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50441

DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed accoun...

6.8CVSS5.3AI score0.00184EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.12 views

PT-2026-50290

Unauthenticated Cross Site Scripting XSS in WPJobster = 6.3.5 versions...

7.1CVSS5.1AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50514

Name of the Vulnerable Software and Affected Versions RTI Connext Professional Web Integration Service versions 6.1.2 through 6.1.x RTI Connext Professional Web Integration Service versions 7.0.0 through 7.3.1.2 RTI Connext Professional Web Integration Service versions 7.4.0 through 7.x Descripti...

8.8CVSS6.2AI score0.00251EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50572

TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...

8.2CVSS5.4AI score0.00271EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50603

Name of the Vulnerable Software and Affected Versions CakePHP Authentication versions prior to 2.11.1 CakePHP Authentication versions prior to 3.3.6 CakePHP Authentication versions prior to 4.1.1 Description The getLoginRedirect function contains a weakness to backslash bypasses. This allows...

6.1CVSS5.9AI score0.0028EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50266

Unauthenticated Cross Site Scripting XSS in my flatonica = 0.0.8 versions...

7.1CVSS5.1AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50405

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.32 views

PT-2026-50258

Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network attacker with registration access can introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the Hostname field of the configuration fil...

4.8CVSS6.2AI score0.00293EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50465

Name of the Vulnerable Software and Affected Versions JimuReport versions prior to 2.3.5 Description Remote code execution is possible due to improper handling of Aviator expressions. The '/jmreport/executeSelectApi' endpoint passes user-supplied input directly to the Aviator expression engine...

9.1CVSS6.5AI score0.00471EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50319

Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50336

Contributor PHP Object Injection in JetEngine = 3.8.9.1 versions...

9.8CVSS5.3AI score0.00375EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50245

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.5AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50329

Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...

6.5CVSS5.2AI score0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50274

Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...

9.8CVSS5.4AI score0.00525EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50307

Subscriber Arbitrary File Upload in Webenvo = 0.0.6 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50342

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50315

Unauthenticated Local File Inclusion in ChapterOne = 1.7 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50353

Unauthenticated Cross Site Scripting XSS in JetFormBuilder = 3.6.0.1 versions...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50501

Name of the Vulnerable Software and Affected Versions Splunk AI Toolkit versions prior to 5.7.4 Description A low-privileged user without "admin" or "power" Splunk roles can force the application to make outbound HTTP requests to an attacker-controlled server, potentially leading to data...

4.3CVSS5.9AI score0.00217EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50265

Cross-Site request forgery CSRF vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10...

4.3CVSS5.2AI score0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.11 views

PT-2026-50365

: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6...

4.3CVSS5.1AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50364

Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11...

4.3CVSS8.4AI score0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50362

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Packaged Air Conditione...

7.2CVSS5.3AI score0.00151EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50573

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.17.0 Description An unauthenticated issue exists in the chatbot builder tool where the endpoint "/api/blocks/file-input/v3/generate-upload-url" uses unsanitized fileName input to construct public S3 object keys. The...

9.3CVSS6AI score0.00268EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50375

Name of the Vulnerable Software and Affected Versions HCL ZIE for Web affected versions not specified Description HCL ZIE for Web is affected by an unrestricted file upload issue. If the server is configured to execute code, an attacker can upload a web shell—a script used to manage a system...

9.8CVSS6.3AI score0.00454EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50285

Unauthenticated Local File Inclusion in AutoParts = 1.5.8 versions...

8.1CVSS5.2AI score0.00363EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50191

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.155 Description A use after free issue in File Input allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use after free is a memory corruption flaw that...

9.6CVSS5.8AI score0.00601EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50474

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A stolen refresh token persists after a password-forgot flow, allowing it to be used to generate new JSON Web Tokens JWTs even after a user resets their password. While the passwordChange and...

6.3CVSS5.8AI score0.00242EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50490

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.23.1rc0 Description Temperature validation gates use comparison operators that silently evaluate to False when encountering NaN Not a Number or positive Infinity due to Python's IEEE 754 float semantics. These values...

6.9CVSS5.9AI score0.00261EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50525

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.93.0 Description An authorization bypass exists in the proxy repository configuration. This issue allows a delegated repository administrator to disclose stored upstream proxy credentials...

5.9CVSS5.2AI score0.0026EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50492

Name of the Vulnerable Software and Affected Versions Pi versions prior to 0.79.0 Description Pi loaded project-local configuration and resources from a repository's .pi directory, including executable TypeScript or JavaScript modules known as project-local extensions, without requiring the user ...

4.4CVSS6.3AI score0.00118EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50471

Name of the Vulnerable Software and Affected Versions chrome-devtools-mcp affected versions not specified Description On POSIX systems, specifically macOS and Linux sessions where the XDG RUNTIME DIR environment variable is unset, the daemon writes its PID file to a deterministic path in /tmp usi...

6.1CVSS5.4AI score0.00077EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50531

Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed and checkPropertyAllowed implementations in the custom Twig SecurityPolicy. Attackers can...

8.6CVSS6.7AI score0.00623EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50338

Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50408

Unauthenticated PHP Object Injection in Château = 1.2.1 versions...

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50476

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'base-migration' endpoint accepts a caller-supplied URL that the migration worker dereferences without enforcing the protocol or destination. This allows for scheme abuse, such as using file: ...

5.1CVSS5.9AI score0.00288EPSS
Exploits0References7
Total number of security vulnerabilities187518