Lucene search
K
PtsecurityRecent

184481 matches found

Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56227

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56231

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

6.4CVSS6AI score0.00262EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago13 views

PT-2026-56178

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOW SECRETS BACKEND KWARG SECRET ID and AIRFLOW WORKERS SECRETS BACKEND KWARG SECRET ID as synthetic config options whose option names were not in sensitive config values, so the masker did...

6AI score0.00664EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56224

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56223

Lack of escaping leads to an XSS vulnerability in the file management view of com templates...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56127

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56155

Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

5.3CVSS6AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-56132

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS6AI score0.00347EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56134

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, DatabaseBackupJob interpolates user-controlled database credentials and MongoDB collection exclusion names into backup shell commands without adequate escaping, allowing an...

3.3CVSS6AI score0.00221EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56139

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...

4.9CVSS5.9AI score0.00255EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56184

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection. This issue affects Liman MYS: before release.Master.1107...

8.8CVSS5.9AI score0.00355EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56263

Koodo Reader is an ebook reader. In version 2.3.0 and earlier, Koodo Reader is vulnerable to remote code execution through malicious EPUB files because the open-book IPC handler enables nodeIntegrationInSubFrames and EPUB chapter content is rendered with unsanitized innerHTML. An attacker can cra...

8.4CVSS6.8AI score0.00188EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56269

Name of the Vulnerable Software and Affected Versions Labcenter Proteus version 9 Description An out-of-bounds write issue exists where an attacker can cause the program to write data beyond the end of an allocated memory buffer, potentially leading to arbitrary code execution. Recommendations...

8.4CVSS6.2AI score0.0014EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56193

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56181

Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107...

8.3CVSS5.9AI score0.00195EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56249

Name of the Vulnerable Software and Affected Versions Dashy versions prior to 4.3.7 Description The workspace view fails to validate the scheme of the URL query parameter before assigning it to an iframe source. This allows an attacker to execute JavaScript on the Dashy origin by tricking a...

3.9CVSS6.3AI score0.00255EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56247

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The '/de2api/datasetData/previewSql' endpoint lacks the mandatory @DePermit permission validation annotation. This allows any authenticated user to set the datasourceId variable to -1, granting...

8.7CVSS6.3AI score0.00235EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56253

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description Dashboard text components render stored content using Vue v-html without server-side HTML sanitization. This allows an authenticated user with permissions to edit dashboard component data to injec...

5.1CVSS6.2AI score0.00269EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56251

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated attacker can bypass previous fixes for the H2 zip protocol and file dropper. By uploading a zip archive disguised with a .ttf extension via the FontManage.saveFile function, the...

8.7CVSS6.2AI score0.00501EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56254

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The ShareSecretManage component uses a hardcoded default share link signature key. An attacker who obtains a passwordless share for a resource and user can use the known key link-pwd-fit2cloud to...

8.3CVSS6AI score0.00289EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56250

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record. When the record is subsequently deleted, the backend concatenates this store...

7.2CVSS6.2AI score0.00313EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-56246

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description Authenticated users can perform unauthorized actions on export tasks belonging to other users by manipulating the task ID parameter. Affected actions include downloading files via the...

8.7CVSS6.1AI score0.00391EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56245

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description A share mode chart data interface fails to validate whether the tableId and field IDs provided in the request body belong to the shared resource. It only verifies that the sceneId matches the...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56206

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS6.2AI score0.00381EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56173

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS5.9AI score0.00092EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56189

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.2CVSS6.2AI score0.01196EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56275

Name of the Vulnerable Software and Affected Versions String::Util versions prior to 1.36 Description String::Util for Perl is susceptible to a regular expression denial of service. The trim and rtrim functions use a regular expression to strip trailing whitespace. Because the s pattern matches...

6AI score0.00392EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-56176

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description The Bulk Variables API fails to pass the variable's key to the redactor. This prevents the should hide value for key function from identifying secret-suffixed key names, such as password, toke...

6.5CVSS5.9AI score0.00664EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56153

MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56192

This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...

5.9CVSS6AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago4 views

PT-2026-56304

Summary RaTeX’s recursive-descent parser recurses one or more native stack frame per nesting level at , left, sqrt, ^, etc, with no maximum depth limit. A short, 10 KB input of nested groups overflows the 8 MB main-thread stack and aborts the process. With panic = "abort" Cargo.toml:48, and becau...

6.9CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-56147

The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...

5.9AI score0.00231EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56234

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS6.3AI score0.01372EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56140

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...

3.1CVSS6AI score0.00188EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56209

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS6AI score0.0017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56260

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0 Description An issue exists where the endpoint "/api/core/ai/record/getRecord" authenticates the caller but fails to implement team scoping when loading LLM request and response traces. By providing a known...

7.1CVSS6AI score0.00227EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56186

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

9.8CVSS6.1AI score0.00632EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56299

Am I affected? Users are affected if all of the following are true: - Their application uses better-auth with the organization plugin import organization from "better-auth/plugins/organization". - Their application enables a sign-up surface that allows arbitrary unverified email registration. Mos...

7.7CVSS6AI score0.00016EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56150

The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users...

5.9AI score0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56148

Name of the Vulnerable Software and Affected Versions uncanny-automator-pro WordPress plugin versions prior to 7.3.0.6 Description The software was distributed with malicious code following a compromise of the vendor's update and distribution infrastructure. This supply chain compromise introduce...

9.8CVSS6AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56183

Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows Fake the Source of Data. This issue affects Liman MYS: before release.Master.1107...

8.1CVSS5.9AI score0.00185EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56280

Name of the Vulnerable Software and Affected Versions mem0 openmemory/api affected versions not specified Description The openmemory/api component allows unauthenticated access to API routers that lack authentication middleware. This enables attackers to read, write, and delete arbitrary user...

9.8CVSS6AI score0.00498EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56279

Name of the Vulnerable Software and Affected Versions Cap affected versions not specified Description The 'GET /api/video/ai' endpoint fails to validate user ownership or membership. This allows authenticated attackers to provide arbitrary video IDs to access private AI metadata, such as titles,...

7.1CVSS6AI score0.00216EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56191

Name of the Vulnerable Software and Affected Versions AMP for WP versions prior to 1.1.13 Description An Arbitrary File Write issue exists due to unsafe ZIP file extraction within the ampforwp save local font function, coupled with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56232

Name of the Vulnerable Software and Affected Versions HTTP::Tiny versions prior to 0.095 Description When a server returns a 3xx redirect, the maybe redirect function follows the Location: header and the prepare headers and cb function re-merges the caller's headers argument into the new request...

7.1CVSS6AI score0.0026EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56235

An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system...

6.5CVSS5.9AI score0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56157

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56137

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source tool for managing servers, applications, and databases. An authenticated member can execute commands as root on managed servers by injecting shell metacharacters in...

8.8CVSS6AI score0.00435EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56136

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. An authenticated user can execute commands on managed servers when a resource is deleted...

8.8CVSS6AI score0.00403EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56300

Am I affected? Users are affected if all of the following are true: - Their application uses better-auth at a version 1.6.11 on the stable line, or any current next pre-release. - emailAndPassword.enabled: true is set in their application's betterAuth ... configuration. - At least one OAuth or SS...

8.3CVSS5.9AI score0.00019EPSS
Exploits0References4
Total number of security vulnerabilities184481