Lucene search
+L
PtsecurityRecent

187518 matches found

Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•15 views

PT-2026-50817

CVE-2026-12412 - Rejected reason: loading template... CVE ID :CVE-2026-12412 Published : June 16, 2026, 5:16 p.m. | 43 minutes ago Description :Rejected reason: loading template... Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•16 views

PT-2026-49656

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

9.9CVSS5.2AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•20 views

PT-2026-49825

Name of the Vulnerable Software and Affected Versions PowerSchool Employee Access Center version 23.10 Description Improper Neutralization of Input During Web Page Generation allows Cross-Site Scripting XSS, a flaw where malicious scripts are injected into otherwise trusted websites. An attacker...

7.4CVSS5.9AI score0.00149EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•22 views

PT-2026-49980

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Install. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle...

9CVSS5.1AI score0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•21 views

PT-2026-50119

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

6.5CVSS5.4AI score0.00399EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•18 views

PT-2026-49738

Name of the Vulnerable Software and Affected Versions NLTK versions prior to 3.10.0-rc1 Description The nltk.data.load function is subject to path traversal when using the nltk: URL scheme. The issue arises because the UNSAFE NO PROTOCOL RE regex check is performed on the raw resource string befo...

7.5CVSS6AI score0.00378EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•20 views

PT-2026-49960

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Metadata Plugin component of the Oracle Enterprise Manager Base Platform. A low privileged attacker wi...

9.9CVSS5.8AI score0.00432EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•12 views

PT-2026-50025

Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel CRM Cloud Applications versions 17.0 through 26.5 Description An issue exists in the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications. An unauthenticated attacker with network access via HTTP can...

9.8CVSS5.8AI score0.00362EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•13 views

PT-2026-49706

A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions...

8.3CVSS5.4AI score0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•15 views

PT-2026-50166

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.9 Description The Docker API server fails to apply Server-Side Request Forgery SSRF destination checks to proxy addresses, only validating the crawl target URL. Because the Docker API is unauthenticated by defaul...

8.6CVSS5.8AI score0.00289EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•20 views

PT-2026-49925

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Generic Unix Connector. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

9.9CVSS5.3AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•20 views

PT-2026-49838

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Oracle Fusion Middleware WebLogic Server versions 15.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. An unauthenticated attacker with network...

8.8CVSS5.8AI score0.00416EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•17 views

PT-2026-50179

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An authenticated user with workflow edit access can provide a malicious filter value within the MongoDB node's Find And Replace operation. Because the value is not validated before being used as a query...

7.7CVSS5.8AI score0.0026EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•18 views

PT-2026-49736

Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...

4.8CVSS5.4AI score0.00114EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•14 views

PT-2026-50157

Name of the Vulnerable Software and Affected Versions Hugo versions 0.91.0 through 0.161.1 Description The resources.GetRemote function enforces the security.http.urls policy on the initial URL provided, but it fails to re-validate intermediate URLs during HTTP 3xx redirects. This allows a truste...

6.3CVSS6AI score0.00249EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•11 views

PT-2026-53026

Unknown description...

5.8AI score
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•13 views

PT-2026-50161

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description An issue exists where forward auth copy headers deletes client-supplied identity headers before copying trusted values from an authentication gateway. However, when requests are processed via php...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•14 views

PT-2026-50162

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description Caddy is an extensible server platform that uses TLS by default. The stripHTML template function, specifically within the funcStripHTML function, cannot reliably remove all HTML tags from input string...

4.2CVSS6AI score0.00153EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•28 views

PT-2026-50074

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...

3.2CVSS5.8AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•16 views

PT-2026-49984

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

6CVSS5.1AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•17 views

PT-2026-49949

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...

6CVSS5.8AI score0.00159EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•12 views

PT-2026-49982

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue in the Core component of Oracle VM VirtualBox allows a high-privileged attacker with logon access to the infrastructure where the software executes to compromise the system. Successful...

3.2CVSS5.8AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•13 views

PT-2026-49729

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.2 Description An attacker can craft a PDF file that results in long runtimes. This occurs when accessing a stream that utilizes the /FlateDecode filter with a PNG predictor. Recommendations Update to version 6.12.2...

5.1CVSS5.9AI score0.00117EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•15 views

PT-2026-49724

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description On Windows, Python uses the VPATH variable to locate landmarks, such as 'Modules/setup.local', to determine if it is running in a source tree and adjust the default sys.path. In certain...

5.3CVSS5.2AI score0.00136EPSS
Exploits0References25
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•17 views

PT-2026-49657

A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes DoS. All versions are believed to be vulnerable. This project is unmaintained at...

4.8CVSS5.6AI score0.0014EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•14 views

PT-2026-49685

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description A mitigation bypass exists within the DOM security component...

9.1CVSS5.2AI score0.00245EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•20 views

PT-2026-49769

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description A scope containment bypass exists in the device re-pairing process. Authenticated operators can restore or retain broader scopes than intended by submitting re-pairing requests with empty scope...

5.4CVSS5.2AI score0.00206EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•27 views

PT-2026-50055

Vulnerability in the Oracle Property Manager product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Property...

7.2CVSS5.2AI score0.00453EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•23 views

PT-2026-50172

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description A prototype pollution issue allows a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. Prototype polluti...

6.4CVSS5.9AI score0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•20 views

PT-2026-49845

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

7.5CVSS5.1AI score0.00354EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•19 views

PT-2026-49826

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands e.g. system reboot...

8.6CVSS5.4AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•21 views

PT-2026-49946

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description An issue exists in the Security Framework component of the Oracle WebCenter Portal product of Oracle Fusion Middleware. A low privileged attacker...

9.9CVSS5.9AI score0.00402EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•13 views

PT-2026-49763

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.29 Description A path traversal issue exists in the install helper where workspace .env files can override the npm execpath configuration used for bundled runtime dependency installation. This allows an attack...

7.1CVSS5.4AI score0.00118EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•8 views

PT-2026-49624

Happy to share that I recently discovered and responsibly reported security vulnerabilities in OpenKM Document Management System v6.3.12. These issues have now been assigned the following CVE IDs: CVE-2026-30502 CVE-2026-30503 CyberSecurity CVE SecurityResearch dharmstm https://t.co/Zge3oCAHeT...

5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•11 views

PT-2026-49631

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

7.5CVSS5.2AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•15 views

PT-2026-49608

The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...

5.3CVSS5.3AI score0.00323EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•12 views

PT-2026-49632

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot...

7.1CVSS5.3AI score0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•22 views

PT-2026-49759

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where workspace .env files can influence the Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can manipulate...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•19 views

PT-2026-49873

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 Oracle Fusion Middleware WebLogic Server versions 14.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. This flaw allows an unauthenticated attacker...

8.3CVSS5.9AI score0.00301EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•12 views

PT-2026-49815

In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS5.6AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•14 views

PT-2026-49751

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...

5.5CVSS5.2AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•21 views

PT-2026-49775

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where the STATE DIRECTORY variable in a workspace .env file can influence bundled runtime dependency roots. This allows attackers to manipulate STATE...

7.1CVSS5.6AI score0.00124EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•13 views

PT-2026-49779

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description A bootstrap token replay issue allows callers with access to a pending bootstrap token to reuse it before approval with a broader requested scope. This can lead to the escalation of pairing...

5.4CVSS5.2AI score0.00088EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•20 views

PT-2026-49776

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.26 Description An issue exists in hostname validation where trailing-dot notation in model or workspace-derived URLs can be used to bypass blocklist comparisons. This occurs because hostname checks treat hosts...

6.5CVSS5.2AI score0.0021EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•21 views

PT-2026-49868

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.8CVSS5.3AI score0.00483EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•19 views

PT-2026-49793

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A logic error in the PostWipeData function of recovery ui.cpp may cause data persistence after a factory reset. This issue allows for local information disclosur...

3.3CVSS6AI score0.00072EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•19 views

PT-2026-49907

Name of the Vulnerable Software and Affected Versions Oracle Unified Directory versions 12.2.1.4.0 Oracle Unified Directory versions 14.1.2.1.0 Description An issue in the OUD Core component of Oracle Fusion Middleware allows an unauthenticated attacker with network access via LDAP Lightweight...

9.8CVSS5.8AI score0.00518EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•21 views

PT-2026-49894

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. A low privileged...

9.9CVSS5.9AI score0.00411EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•13 views

PT-2026-52875

This update for distribution rebuilds it against the current go security release...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•22 views

PT-2026-50176

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with permissions to create or modify workflows can provide crafted parameters to the TimescaleDB and legacy Postgres v1 nodes. This allows arbitrary SQ...

9.9CVSS6.2AI score0.00394EPSS
Exploits0References6
Total number of security vulnerabilities187518