Lucene search
K
PtsecurityRecent

184462 matches found

Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56254

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The ShareSecretManage component uses a hardcoded default share link signature key. An attacker who obtains a passwordless share for a resource and user can use the known key link-pwd-fit2cloud to...

8.3CVSS6AI score0.00289EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56250

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record. When the record is subsequently deleted, the backend concatenates this store...

7.2CVSS6.2AI score0.00313EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-56246

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description Authenticated users can perform unauthorized actions on export tasks belonging to other users by manipulating the task ID parameter. Affected actions include downloading files via the...

8.7CVSS6.1AI score0.00391EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56245

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description A share mode chart data interface fails to validate whether the tableId and field IDs provided in the request body belong to the shared resource. It only verifies that the sceneId matches the...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56206

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS6.2AI score0.00381EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56173

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS5.9AI score0.00092EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56189

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.2CVSS6.2AI score0.01196EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56275

Name of the Vulnerable Software and Affected Versions String::Util versions prior to 1.36 Description String::Util for Perl is susceptible to a regular expression denial of service. The trim and rtrim functions use a regular expression to strip trailing whitespace. Because the s pattern matches...

6AI score0.00392EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-56176

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description The Bulk Variables API fails to pass the variable's key to the redactor. This prevents the should hide value for key function from identifying secret-suffixed key names, such as password, toke...

6.5CVSS5.9AI score0.00664EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56153

MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56192

This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...

5.9CVSS6AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago4 views

PT-2026-56304

Summary RaTeX’s recursive-descent parser recurses one or more native stack frame per nesting level at , left, sqrt, ^, etc, with no maximum depth limit. A short, 10 KB input of nested groups overflows the 8 MB main-thread stack and aborts the process. With panic = "abort" Cargo.toml:48, and becau...

6.9CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-56147

The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...

5.9AI score0.00231EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56234

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS6.3AI score0.01372EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56140

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...

3.1CVSS6AI score0.00188EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56209

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS6AI score0.0017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56260

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0 Description An issue exists where the endpoint "/api/core/ai/record/getRecord" authenticates the caller but fails to implement team scoping when loading LLM request and response traces. By providing a known...

7.1CVSS6AI score0.00227EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56186

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

9.8CVSS6.1AI score0.00632EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56299

Am I affected? Users are affected if all of the following are true: - Their application uses better-auth with the organization plugin import organization from "better-auth/plugins/organization". - Their application enables a sign-up surface that allows arbitrary unverified email registration. Mos...

7.7CVSS6AI score0.00016EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56150

The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users...

5.9AI score0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56148

Name of the Vulnerable Software and Affected Versions uncanny-automator-pro WordPress plugin versions prior to 7.3.0.6 Description The software was distributed with malicious code following a compromise of the vendor's update and distribution infrastructure. This supply chain compromise introduce...

9.8CVSS6AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56183

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS5.9AI score0.00185EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56280

Name of the Vulnerable Software and Affected Versions mem0 openmemory/api affected versions not specified Description The openmemory/api component allows unauthenticated access to API routers that lack authentication middleware. This enables attackers to read, write, and delete arbitrary user...

9.8CVSS6AI score0.00498EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56279

Name of the Vulnerable Software and Affected Versions Cap affected versions not specified Description The 'GET /api/video/ai' endpoint fails to validate user ownership or membership. This allows authenticated attackers to provide arbitrary video IDs to access private AI metadata, such as titles,...

7.1CVSS6AI score0.00216EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56191

Name of the Vulnerable Software and Affected Versions AMP for WP versions prior to 1.1.13 Description An Arbitrary File Write issue exists due to unsafe ZIP file extraction within the ampforwp save local font function, coupled with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56232

Name of the Vulnerable Software and Affected Versions HTTP::Tiny versions prior to 0.095 Description When a server returns a 3xx redirect, the maybe redirect function follows the Location: header and the prepare headers and cb function re-merges the caller's headers argument into the new request...

7.1CVSS6AI score0.0026EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56235

An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system...

6.5CVSS5.9AI score0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56157

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56137

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source tool for managing servers, applications, and databases. An authenticated member can execute commands as root on managed servers by injecting shell metacharacters in...

8.8CVSS6AI score0.00435EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56136

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. An authenticated user can execute commands on managed servers when a resource is deleted...

8.8CVSS6AI score0.00403EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56300

Am I affected? Users are affected if all of the following are true: - Their application uses better-auth at a version 1.6.11 on the stable line, or any current next pre-release. - emailAndPassword.enabled: true is set in their application's betterAuth ... configuration. - At least one OAuth or SS...

8.3CVSS5.9AI score0.00019EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56301

Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0. - At least one OAuth client served by their application's authorization server requests the offline access scope, so refresh toke...

8.1CVSS5.9AI score0.00029EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago4 views

PT-2026-56297

Name of the Vulnerable Software and Affected Versions better-auth versions prior to 1.6.11 Description The legacy oidcProvider and mcp plugins expose an OAuth 2.0 token endpoint that fails to authenticate confidential clients during the refresh token grant. The system authenticates requests based...

9.1CVSS5.9AI score0.00013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago4 views

PT-2026-56298

Name of the Vulnerable Software and Affected Versions @better-auth/sso versions 0.1.0 through 1.6.10 @better-auth/sso versions 1.7.0-beta.x Description An SSRF flaw exists in the provider registration flow where OpenID Connect OIDC endpoint URLs are accepted without proper validation. When...

9.6CVSS6AI score0.00025EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56302

Am I affected? Users are affected if all of the following are true: - Their project depends on @better-auth/oauth-provider at a version = 1.6.0, = 1.4.8-beta.7, 1.6.0, or enables the legacy oidc-provider or mcp plugins from better-auth/plugins. - Their application exposes /api/auth/oauth2/token o...

8.1CVSS6AI score0.00029EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56145

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redis password, keydb password, dragonfly password, clickhouse admin user, clickhouse admin password, postgres user, mysql user are validated onl...

3.3CVSS5.9AI score0.00195EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56210

Summary A critical vulnerability has been identified in EGroupware that may lead to Remote Code Execution RCE. The issue allows an authenticated attacker to execute arbitrary commands on the server. If user self-registration is enabled, the vulnerability may be exploitable without prior...

9.3CVSS6.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56217

Summary The function processes image URLs embedded in an HTML email body without validating or restricting URI schemes. The check !str starts with$myUrl, 'http' evaluates to true for file:// URIs, causing file get contents$basedir . urldecode$myUrl to read arbitrary files from the server filesyst...

6.5CVSS6.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56213

Summary An authenticated administrator can achieve OS-level Remote Code Execution RCE by uploading a malicious eTemplate XML file .xet to the VFS /etemplates mount. The Widget::expand name method passes template widget attribute values directly into a PHP eval call with only double-quote escaping...

8.6CVSS6.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56284

An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component...

6AI score0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56179

Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.3.0 Description An authorization bypass occurs when a user with permission to read a specific Dag can disclose the source code of other Dags located within the same source file. This issue affects deployments...

6.5CVSS5.9AI score0.00601EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56175

Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.3.0 Description A bug in the BaseSerialization.deserialize function allows unrestricted import string of attacker-controlled class paths when the Scheduler or API Server loads a serialized DAG. A DAG author c...

9.8CVSS6.6AI score0.01649EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56203

Name of the Vulnerable Software and Affected Versions Jastow affected versions not specified Description Jastow is susceptible to Cross-Site Scripting XSS, a flaw where malicious scripts are injected into trusted websites. This occurs due to improper input handling of unsanitized URIs when a...

6.5CVSS6.1AI score0.00246EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56190

A stored XPATH injection vulnerability exists in opnsense's trust module. Any user if given just System: CA Manager permissions can use a bool side channel/oracle to slowly leak any secret in config.xml character by character. the injection point is in the refid field of a ca object. Write-up for...

6AI score
Exploits1References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56307

Summary pkg/scalers/postgresql scaler.go builds libpq-style connection strings by concatenating key=value pairs separated by spaces. Each tenant-controllable field host, port, userName, dbName, sslmode is passed through escapePostgreConnectionParameter: go func escapePostgreConnectionParameterstr...

5.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56158

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS6.1AI score0.00524EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago2 views

PT-2026-56242

Name of the Vulnerable Software and Affected Versions Serena versions prior to 1.5.2 Description The built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port. This API lacks authentication, Cross-Site Request Forgery CSRF protection, and Host header validation. A D...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56283

Name of the Vulnerable Software and Affected Versions FreeType versions prior to commit 5a280ecde6f324de0d226261036e736e0cb49a71 Description An out-of-bounds read occurs in the TT Get Var Design implementation, which is utilized by FT Get Var Design Coordinates. This issue is located within the...

6.5CVSS6.1AI score0.00278EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56243

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.7.0 Description A missing authorization issue allows a shared user with user access on a budget file to perform file management actions reserved for the owner or an administrator. This occurs because the...

7.2CVSS6.1AI score0.00246EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56164

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Reflected XSS. This issue affects Access Control System GKS: before Version 2...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References2
Total number of security vulnerabilities184462