Lucene search
K
PtsecurityRecent

184424 matches found

Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56581

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal...

7.7CVSS6AI score0.0056EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56561

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...

7.1CVSS6AI score0.00439EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56536

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as huge arr...

8.2CVSS6AI score0.00384EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56490

Name of the Vulnerable Software and Affected Versions js-yaml versions 3.0.0 through 3.14.x js-yaml versions 4.0.0 through 4.2.x Description js-yaml can consume quadratic CPU time when parsing a document that grows linearly in size. This occurs when a chain of mappings utilizes merge keys, where...

7.5CVSS6AI score0.0035EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56487

Name of the Vulnerable Software and Affected Versions Socket.IO versions 6.5.0 through 6.6.6 Description Engine.IO servers with WebTransport enabled are susceptible to a denial of service. During WebTransport upgrade handling, the server can resolve a crafted session ID, such as proto , through a...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56489

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

5.3CVSS6AI score0.00291EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56504

Name of the Vulnerable Software and Affected Versions @opentelemetry/propagator-jaeger versions prior to 2.9.0 Description The @opentelemetry/propagator-jaeger component decodes incoming uber-trace-id and uberctx- HTTP header values using the decodeURIComponent function without proper error...

7.5CVSS6AI score0.00436EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56505

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS6.1AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56442

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...

7.4CVSS6.1AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56448

n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated ... expression values directly into the raw SQL string without parameterization. When a workflow uses...

5.3CVSS6.3AI score0.00314EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56447

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-56625

Name of the Vulnerable Software and Affected Versions Cline versions prior to 3.0.30 Description The Cline Hub dashboard server, initiated via the cline dashboard command, fails to validate the Origin header for WebSocket connections on the /browser endpoint. When the ROOM SECRET is unset for loc...

8.8CVSS6.2AI score0.00145EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-56342

During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...

6.1CVSS6AI score0.00107EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56570

IBM WebSphere Application Server is affected by a cross-site request forgery vulnerability CVE-2026-8408 https://t.co/dB0G7EZZaG...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56483

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS5.9AI score0.00094EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56418

Name of the Vulnerable Software and Affected Versions Tanium Server affected versions not specified Description A denial of service issue exists in Tanium Server that can be exploited over the network without authentication, potentially leading to service disruption. Recommendations At the moment...

7.5CVSS6.1AI score0.00324EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56607

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.13 and 8.6.83, a LiveQuery subscriber could receive object field values they were not authorized to read when a single save changed both an object field and the subscriber'...

2.3CVSS6AI score0.00386EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56285

Name of the Vulnerable Software and Affected Versions WebPros Plesk versions prior to 18.0.78.4 Description Incorrect authorization in the XML-RPC API allows a low-privileged authenticated customer to look up domains they do not own. This occurs because ownership is enforced only for specific...

9.9CVSS6AI score0.00336EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56397

Name of the Vulnerable Software and Affected Versions Imager versions prior to 1.033 Description Imager for Perl incorrectly treats unsigned EXIF IFD Image File Directory entry counts as signed. When processing large entry count values, the software interprets them as negative numbers, which can...

9.8CVSS6.1AI score0.00394EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56454

In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...

5.9AI score0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56535

A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...

6AI score0.00237EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56573

Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

2.7CVSS5.9AI score0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56571

Relative path traversal vulnerability in Progress MOVEit Transfer Admin Settings module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

4.5CVSS5.9AI score0.00365EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56572

Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer HTTPS module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

3.7CVSS5.9AI score0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56599

pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

4.7CVSS5.9AI score0.00089EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56595

UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score0.00218EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56586

Name of the Vulnerable Software and Affected Versions PAN-OS versions prior to 12.1.8 PAN-OS versions prior to 11.2.13 PAN-OS versions prior to 11.1.16 PAN-OS versions prior to 10.2.18-h8 Description A command injection issue exists in the management plane of the software, specifically within the...

8.5CVSS6.2AI score0.01101EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56597

SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6AI score0.00097EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56585

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

3.5CVSS6AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56538

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid external is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is...

5.9CVSS6AI score0.00252EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56529

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...

8.4CVSS5.9AI score0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56590

Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service...

5.5CVSS5.9AI score0.00187EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56588

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper...

2.7CVSS6AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56525

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changeset apply v3 applies a corrupt changes...

6AI score0.00112EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56468

SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by CopyObject and UploadPartCopy, allowing an authenticated identity scoped to one bucket to read objects from other buckets through server-side...

7.7CVSS6AI score0.00327EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-56467

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...

4.3CVSS5.9AI score0.00199EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56466

File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create...

6.3CVSS6AI score0.00269EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56457

A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/list all.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed...

5.3CVSS5.6AI score0.00396EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56460

Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration...

8.8CVSS6.2AI score0.00371EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56500

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...

4.2CVSS6AI score0.00186EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56423

Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.5 Description Dgraph Alpha exposes privileged RPCs used for external snapshot import on the public gRPC port :9080 without authentication or authorization. An unauthenticated network client can access the...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56617

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS6AI score0.00243EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56615

Name of the Vulnerable Software and Affected Versions GitLab EE versions 13.11 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description An issue exists where improper sanitization of user-supplied input could allow an authenticated user with...

8.7CVSS6AI score0.00282EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56668

Name of the Vulnerable Software and Affected Versions Drupal Commerce guest registration affected versions not specified Description A security issue exists in the guest registration process of Drupal Commerce. Recommendations At the moment, there is no information about a newer version that...

6.1AI score0.00236EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56659

Name of the Vulnerable Software and Affected Versions Drupal Login Disable versions 0.0.0 through 2.1.4 Description The Login Disable module, which restricts site access by requiring a secret key on the login form, does not sufficiently protect the form from brute force attacks. An attacker could...

6AI score0.00213EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56666

Name of the Vulnerable Software and Affected Versions Drupal Raw Formatter Meta Tag Formatter affected versions not specified Description A security issue exists in the Drupal Raw Formatter Meta Tag Formatter module. Recommendations At the moment, there is no information about a newer version tha...

6.1AI score0.00236EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56660

Name of the Vulnerable Software and Affected Versions Ray Enterprise Translation versions 0.0.0 through 4.0.4 Ray Enterprise Translation versions 4.1.0 through 4.1.4 Ray Enterprise Translation versions 11.0.0 through 11.0.4 Description Cross-Site Request Forgery CSRF occurs when a module fails to...

6.1AI score0.00119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56662

Name of the Vulnerable Software and Affected Versions Drupal Siteimprove Analytics versions 0.0.0 through 2.0.1 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS. The module fails to sufficiently sanitize the Siteimprove Analytics identificati...

6.1AI score0.00186EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56667

Name of the Vulnerable Software and Affected Versions Drupal Clean RESTful versions . Description A security issue exists in Drupal Clean RESTful. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

6.1AI score0.00236EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56661

Name of the Vulnerable Software and Affected Versions Location Selector versions 0.0.0 through 1.3.0 Description An SQL injection issue exists in the Location Selector module, which provides a Views filter for selecting location values. A specific Views filter fails to sufficiently sanitize value...

6.1AI score0.00194EPSS
Exploits0References3
Total number of security vulnerabilities184424