Lucene search
+L
PtsecurityRecent

187506 matches found

Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-49648

Unauthenticated Sensitive Data Exposure in GetGenie = 4.4.1 versions...

6.5CVSS5.2AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50089

Unauthenticated Local File Inclusion in Thegov Core 2.0.23 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50079

Unauthenticated Local File Inclusion in Learnify = 1.15.0 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49739

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.4.6 Description The spreadAttributes function in the server-side rendering pipeline iterates over object keys and passes them to the addAttribute function, which interpolates the key into the HTML output without...

6.1CVSS5.9AI score0.0016EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49784

Name of the Vulnerable Software and Affected Versions vpu ioctl.c affected versions not specified Description A race condition in multiple functions of vpu ioctl.c can lead to a use after free, which is a scenario where a program continues to use a pointer after it has been freed. This issue may...

7CVSS5.9AI score0.00067EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49731

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.3.3 Description When a component utilizes a client: directive, the software inserts named slot content into a data-astro-template attribute without performing HTML escaping on the slot name. This allows an attacker to...

7.1CVSS6AI score0.00177EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49633

Name of the Vulnerable Software and Affected Versions WooCommerce Stripe Payment Gateway versions prior to 10.7.1 Description The plugin is subject to unauthorized data modification because the ajax pay for order function lacks a capability check. Specifically, the wc stripe pay for order WC-AJAX...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49651

The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfb hide review and wprp save review admin AJAX handlers combined with insufficient path validation in the wpfb...

8.1CVSS6.4AI score0.00501EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50103

Unauthenticated PHP Object Injection in NeoBeat = 1.7 versions...

8.1CVSS5.4AI score0.00395EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.4 views

PT-2026-52879

This update for container-suseconnect rebuilds it against the current go security release...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49743

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.0 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that triggers an infinite loop. This occurs when merging a file containing outlines into a writer. Recommendations Update to...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50105

Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-50082

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

7.5CVSS5.2AI score0.00467EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50072

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the Core component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Successful...

7.5CVSS5.8AI score0.0014EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-50175

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description When @n8n/mcp-browser is operated in HTTP transport mode using the --transport http flag, the MCP endpoint allows session initialization and tool invocation requests without...

10CVSS5.9AI score0.00403EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-50073

Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Public...

7.2CVSS5.2AI score0.00339EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49908

Name of the Vulnerable Software and Affected Versions Oracle Unified Directory version 12.2.1.4.0 Oracle Unified Directory version 14.1.2.1.0 Description An issue exists in the OUD Core component of the Oracle Unified Directory product of Oracle Fusion Middleware. An unauthenticated attacker with...

9.8CVSS5.8AI score0.00518EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50015

Name of the Vulnerable Software and Affected Versions Oracle JD Edwards EnterpriseOne Accounts Payable version 9.2 Description A flaw in the Accounts Payable component allows a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation can lead to a ful...

9.9CVSS5.8AI score0.00411EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50117

Unauthenticated PHP Object Injection in Behold = 1.5 versions...

8.1CVSS5.4AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-49727

Name of the Vulnerable Software and Affected Versions Perry versions prior to 0.5.1166 Description An issue in the JWT validation process allows remote attackers to bypass token expiration. This occurs because the verify decode helper within the stdlib JWT verification path unconditionally sets...

9.3CVSS5.3AI score0.00357EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50041

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Cost Management versions 12.2.3 through 12.2.15 Description An issue exists in the Cost Planning component of the Oracle Cost Management product. A high privileged attacker with network access via HTTP can exploi...

7.2CVSS5.8AI score0.00453EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-49828

Name of the Vulnerable Software and Affected Versions OpenStack Nova versions prior to 33.0.2 Description The server create API does not strip certain hint data, which results in the created instance having no Placement allocation. Recommendations Update to version 33.0.2...

8.5CVSS6.1AI score0.00272EPSS
Exploits1References25
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.6 views

PT-2026-53034

Impact An authenticated user with permission to create or modify workflows containing a Python Code node could bypass the AST security validator and access the task executor module namespace. On self-hosted instances where N8N BLOCK RUNNER ENV ACCESS=false is set, this extended to disclosure of...

5CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.5 views

PT-2026-52687

This update for containerized-data-importer rebuilds the current sources against latest go security release and the images against the latest released updates...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.4 views

PT-2026-52878

This update for buildah rebuilds it against the current go security release...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.5 views

PT-2026-52868

Summary Bleach 6.3.0 exposes a documented email-linkification path through bleach.linkify..., parse email=True. The implementation scans attacker-controlled text with EMAIL RE.finditer over the full character token and has no length, timeout, or linear prefilter before applying the dot-atom email...

4.3CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.5 views

PT-2026-52880

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.86 version of the Mozilla certificate authority bundle...

5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49686

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description A memory safety bug exists in the software, which could lead to unexpected behavior or crashes when handling memory operations. Recommendations Update to version 152...

7.5CVSS5.2AI score0.00288EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50149

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.8.1 Description The node:crypto.checkPrime and crypto.checkPrimeSync functions failed to perform Miller-Rabin rounds when the options.checks variable was left at its default value of 0. In this state, the software only...

7.4CVSS5.8AI score0.00149EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-50177

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with permissions to create or modify workflows can pollute the sandbox used by the Merge node's SQL Query mode. Since the sandbox context is cached and...

7.7CVSS6AI score0.00316EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-50057

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Subledger Accounting versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Subledger Accounting product. A low privileged attacker with network access via...

7.5CVSS5.9AI score0.00247EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.26 views

PT-2026-49922

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content within Oracle Fusion Middleware. An unauthenticated attacker with network access via HTTP can compromise the...

9.6CVSS5.8AI score0.00416EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49755

Name of the Vulnerable Software and Affected Versions LangGraph SQLite Checkpoint versions prior to 4.1.1 Description The JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. If an unauthorized party modifies checkpoint bytes at rest in the backing store, the...

6.8CVSS6.4AI score0.00232EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49654

Name of the Vulnerable Software and Affected Versions NPort W2150A-W4/W2250A-W4 Series versions prior to 1.5.1 Description A stack-based buffer overflow occurs due to insufficient input validation of user-supplied input in the Server location parameter on the Basic settings page. An authenticated...

8.6CVSS6.6AI score0.00472EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.23 views

PT-2026-50050

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.8CVSS5.3AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49635

Unauthenticated Broken Access Control in JupiterX Core = 4.14.1 versions...

7.5CVSS5.2AI score0.00305EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.8 views

PT-2026-57168

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The Docker API server contains a server-side request forgery SSRF issue where the server makes requests to internal services due to a lack of destination validation for webhook URLs. This can lead t...

9.2CVSS6.1AI score0.00371EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-49867

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

7.5CVSS5.3AI score0.00311EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49634

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

7.1CVSS5.2AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49951

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description An issue exists in the Security Framework component of the Oracle WebCenter Portal product of Oracle Fusion Middleware. A low privileged attacker...

9.9CVSS5.8AI score0.00411EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49986

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. An unauthenticated attacker with network access via JDENET can compromise th...

9.8CVSS5.8AI score0.00483EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.23 views

PT-2026-50064

Name of the Vulnerable Software and Affected Versions Oracle Universal Work Queue versions 12.2.3 through 12.2.15 Description An issue exists in the Work Provider Site Level Administration component of the Oracle Universal Work Queue product within Oracle E-Business Suite. A low privileged attack...

8.8CVSS5.8AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.33 views

PT-2026-49942

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.1CVSS5.1AI score0.00397EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.28 views

PT-2026-50060

Name of the Vulnerable Software and Affected Versions Oracle Project Portfolio Analysis versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Project Portfolio Analysis product within Oracle E-Business Suite. A low privileged attacker with...

8.8CVSS5.9AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.9 views

PT-2026-57550

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.8 Description The Docker API server contains credential exfiltration flaws due to improper input validation and insecure configuration handling. Unauthenticated attackers can redirect LLM API calls to external...

8.8CVSS6.2AI score0.00254EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49734

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into a single comma-separated value. According to RFC 6265, each cookie must be its own...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50101

Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.32 views

PT-2026-50147

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.12 Description When running in BYONM mode nodeModulesDir: "manual", the module resolver fails to validate that a package's resolved entrypoint remains within its node modules// directory. A malicious package.json...

5.5CVSS6AI score0.00135EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49620

Name of the Vulnerable Software and Affected Versions Abandoned Contact Form 7 versions prior to 2.3 Description The plugin allows unauthenticated attackers to permanently delete arbitrary posts, pages, or other content on a site. This occurs because the action remove abandoned function, register...

5.3CVSS6AI score0.00228EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49890

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content within Oracle Fusion Middleware. An unauthenticated attacker with...

9.8CVSS5.9AI score0.00483EPSS
Exploits0References5
Total number of security vulnerabilities187506