Lucene search
K
PtsecurityRecent

184462 matches found

Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55837

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55854

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...

5.1CVSS4.1AI score0.00203EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55860

A vulnerability was determined in CodeAstro Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /apartment-visitor/edit-apartment.php. Executing a manipulation of the argument editid can lead to sql injection. It is possible to launch the attack remotely...

6.5CVSS6.6AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-56053

Name of the Vulnerable Software and Affected Versions @xhmikosr/decompress versions prior to 10.2.1 @xhmikosr/decompress versions prior to 11.1.3 decompress versions prior to 4.3.0 Description When extracting archives to a directory, a crafted archive can read or write files outside that director...

9.1CVSS6AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•11 views

PT-2026-55879

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description An authentication bypass issue exists due to insufficient validation of the sessionId parameter within certain Thrift RPC query handlers. An attacker can forge the sessionId to bypass the...

9.1CVSS6AI score0.00471EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55886

☕ Apache Camel critical alert: CVE-2026-43867 hits the camel-pqc component. Post-quantum key metadata deserialized via ObjectInputStream with zero ObjectInputFilter — unauthenticated RCE risk at CVSS 9.8. Check your Camel builds now. AppSec Apache https://t.co/iaMBNrOfI0 https://t.co/mkIJ19Sd5Y...

9.8CVSS6AI score0.00691EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-55899

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection and Server-Side Request Forgery SSRF issue exists in the Apache Camel Solr component. T...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-56212

Name of the Vulnerable Software and Affected Versions xWiki versions prior to 17.10.5 xWiki versions prior to 18.2.0 Description When used with Jetty 12+, a user can craft a URL to access any resource the Jetty instance is permitted to access. This allows for the unauthorized download of sensitiv...

8.2CVSS5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-56058

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to v2.4.4-rc.2 Description The scheduler's v1 gRPC service is vulnerable to an unauthenticated Server-Side Request Forgery SSRF. A remote attacker can force the scheduler to make HTTP GET requests to arbitrary internal...

6.9CVSS6.1AI score
Exploits0References13
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-56078

Name of the Vulnerable Software and Affected Versions Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description AI Bridge provider handlers read request bodies using io.ReadAll without enforcing a maximum size. An authenticated user with AI Bridge access can send an...

6.5CVSS6AI score0.00552EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 6 days ago•11 views

PT-2026-55988

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when parsing jpeg commands. This is caused by unaccounted extra writes to the buffer during validation checks. Recommendations At the...

5.3CVSS6.1AI score0.00059EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55987

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon CCW affected versions not specified Description Memory corruption occurs when processing multiple IOCTL Input/Output Control calls that utilize the same buffer file descriptor input. IOCTL is a system call used by...

7.3CVSS6.2AI score0.00065EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55953

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

9.9CVSS6AI score0.00478EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55952

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score0.00561EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55951

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support affected versions not specified Description A critical pre-authentication flaw exists in the authentication subsystem. Improper processing of authentication requests allows an unauthenticated remote attacker to bypas...

9.8CVSS6.2AI score0.00653EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 6 days ago•10 views

PT-2026-55954

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one erro...

5.5CVSS6AI score0.00109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 6 days ago•18 views

PT-2026-56006

Name of the Vulnerable Software and Affected Versions Amazon mcp-gateway-registry versions prior to 1.0.13 Description The metrics-service retention policy management component fails to properly neutralize special elements. This allows an authenticated remote user to execute arbitrary SQL queries...

8.6CVSS6.3AI score0.00325EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•15 views

PT-2026-56001

Name of the Vulnerable Software and Affected Versions Genetec Security Center versions 5.14.0.0 through 5.14.178.17 Description A flaw in the authentication mechanism for video stream requests may allow an unauthenticated attacker to access live video streams. Recommendations Update Genetec...

7.5CVSS6.1AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 6 days ago•10 views

PT-2026-55870

A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtin probe duration of the file src/filters/load text.c of the component TeXML File Handler. Such manipulation of the argument txml timescale leads to divide by zero. An...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 6 days ago•11 views

PT-2026-55853

A flaw has been found in GPAC 26.02.0. This affects the function nhmldump send frame of the file src/filters/write nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...

4.8CVSS5.5AI score0.00115EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-56076

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.7 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The CreateSubAgent RPC does not validate the requested app sharing level against the template's...

5.4CVSS6AI score0.00315EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-56074

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The workspace app proxy resolves the target app using the httpapi.RequestHost function, which prioritizes...

5.8CVSS5.9AI score0.00208EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-56041

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3...

6AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 6 days ago•14 views

PT-2026-55887

A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...

7CVSS6AI score0.00119EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 6 days ago•6 views

PT-2026-56025

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description The buildHelperImage function in app/Livewire/Settings/Index.php constructs a Docker build command using the dev helper version field without proper shell escaping. This allows an attacker w...

3.8CVSS6.2AI score0.00121EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•10 views

PT-2026-56028

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.10 through 0.7.2 Description An issue exists in the Config::prettyPrintArrayToPHP method where string values are written into the config.php file without escaping single quotes during configuration updates. Since...

8.9CVSS6.1AI score0.00274EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•11 views

PT-2026-56020

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated command injection exists in the GetLogs Livewire component. Users with team membership, including those with the lowest privilege role, can execute arbitrary commands as roo...

8.8CVSS6.1AI score0.01385EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 6 days ago•5 views

PT-2026-56024

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description The application lacks authentication, rate limiting, and input validation at the 'POST /api/feedback' endpoint. This allows arbitrary content to be forwarded directly to a Discord webhook,...

6.5CVSS6AI score0.003EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•10 views

PT-2026-56031

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A race condition in the cart checkout flow allows an authenticated client to apply a promo code more times than its configured maximum limit. By sending concurrent checkout requests before the...

6.9CVSS6AI score0.0022EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 6 days ago•6 views

PT-2026-56030

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description An unauthenticated mass assignment issue exists in the client self-registration endpoint. This allows a visitor to assign themselves to an arbitrary client group during the sign-up process. Since...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-56027

Name of the Vulnerable Software and Affected Versions Coolify versions 4.0.0-beta.471 through 4.0.0-beta.473 Description A regression in the SHELL SAFE COMMAND PATTERN allows ampersands to be used in custom Docker Compose build, start, and pre/post-deployment command fields. This enables an...

8.8CVSS6.2AI score0.00359EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 6 days ago•10 views

PT-2026-56008

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution...

9.9CVSS6.6AI score0.02539EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55914

The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an attacker to inject malicious script content into pages served by the application. By leveraging this weakness, an attacker can...

6.1CVSS6AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-56066

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists in the OIDC callback where the email verified claim is checked using a direct Go bool type...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 6 days ago•10 views

PT-2026-56073

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists where the UpsertWorkspaceApp function overwrites an existing application's agent id during...

8.7CVSS5.9AI score0.00508EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-56065

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description Two flaws in the OIDC login process allow for account takeover. The first issue occurs when email-based us...

7.4CVSS6AI score0.00479EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-56067

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists where the PUT /api/v2/users/user/password endpoint only authorized the ActionUpdatePersona...

7.2CVSS6AI score0.00615EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 6 days ago•10 views

PT-2026-56080

Name of the Vulnerable Software and Affected Versions Coder versions 2.30.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The AI Bridge Proxy aibridgeproxyd creates a goproxy server that, by default, sets InsecureSkipVerify: true. In...

7.4CVSS5.9AI score0.00258EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-56071

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description The coder config-ssh command writes server-supplied SSH settings into the user's /.ssh/config file without...

8.3CVSS6.6AI score0.00466EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-56072

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description The tailnet coordinator fails to validate that an agent's AllowedIPs derive from its authenticated UUID,...

8.2CVSS6AI score0.00405EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-56075

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The coder open app command opens external workspace-app URLs without validating the scheme or host. If an...

7.7CVSS6AI score0.00336EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-55869

A weakness has been identified in imhamzaazam ecommerceFlask up to cb7d9e24c30a99379651b7493b32048126ef402b. The affected element is an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been made available to the public an...

5.3CVSS5.5AI score0.00159EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55991

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when the system attempts to allocate memory with sizes that exceed the maximum allowed value. Recommendations At the moment, there is no...

7.8CVSS6.1AI score0.0007EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55976

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.20.0 through 4.10.x Description OP-TEE is a Trusted Execution Environment TEE designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. A flaw in the subkey rollback...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 6 days ago•10 views

PT-2026-55990

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs during the validation of input batch size and buffer plane count when these values exceed the maximum allowed limits. Recommendations At...

5.3CVSS6.1AI score0.0006EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55921

Recent FreeBSD security advisories detail severe flaws like CVE-2026-49420, CVE-2026-49429, and CVE-2026-49422. Patch immediately to stop attacks. FreeBSD Vulnerability CyberSecurity CVE202649420 https://t.co/WU1wVjaCN3...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55968

Name of the Vulnerable Software and Affected Versions ArcGIS Server versions prior to 12.0 Description An unrestricted file upload issue exists where an unauthenticated attacker can upload a crafted file to the affected endpoint. This could allow for arbitrary file upload, potentially enabling...

9.8CVSS6.2AI score0.00352EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55938

Name of the Vulnerable Software and Affected Versions ownCloud Core versions prior to 10.15.3 Description The Updater component of the server-side file storage, synchronization, and sharing application contains an exposed dangerous method or function. Attackers with administrative privileges can...

9.1CVSS6.3AI score0.00342EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55939

Name of the Vulnerable Software and Affected Versions SharePoint for ownCloud versions prior to 0.4.1 ownCloud 10 versions prior to 10.15.3 Description An attacker with administrative privileges can exploit a Server-Side Request Forgery SSRF in the SharePoint app to execute arbitrary code on the...

8.5CVSS6.4AI score0.00232EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-55940

Name of the Vulnerable Software and Affected Versions ownCloud versions prior to 10.15.3 Description An attacker with administrative privileges can exploit a path traversal issue to execute arbitrary code. Path traversal is a flaw that allows an attacker to access files and directories that are...

8CVSS6.3AI score0.00335EPSS
Exploits0References7
Total number of security vulnerabilities184462