Lucene search
K
PtsecurityRecent

184462 matches found

Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-55904

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection issue exists in the Apache Camel IRC component due to improper input validation and...

6.5CVSS6.2AI score0.00428EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55906

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection and authorization bypass issue exists in the Apache Camel Salesforce component. The...

5.3CVSS6.2AI score0.00341EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55913

Name of the Vulnerable Software and Affected Versions Red Hat Advanced Cluster Security for Kubernetes affected versions not specified Description Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send...

7.7CVSS6AI score0.00319EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55902

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel JIRA component allows for authorization bypass. The...

5.3CVSS6.1AI score0.00349EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-55905

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection issue exists in the Apache Camel Kafka component due to improper input validation and...

5.3CVSS6.2AI score0.00385EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55941

Name of the Vulnerable Software and Affected Versions Anti-Virus for ownCloud versions prior to 1.2.3 ownCloud 10 versions prior to 10.15.3 Description Anti-Virus for ownCloud is an anti-virus application used for file storage, synchronization, and sharing. The application is susceptible to...

9.1CVSS6.1AI score0.00257EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55863

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...

6.2AI score0.00318EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55895

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.18.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description Deserialization of untrusted data in the Apache Camel PQC component occurs when HashicorpVaultKeyLifecycleManager,...

8.8CVSS6.7AI score0.00485EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55881

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.18.2 Description An argument injection issue exists in the Apache Camel Docling component. The component uses java.lang.ProcessBuilder to execute the external docling command-line tool. When custom CLI...

9.1CVSS6AI score0.01569EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55894

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel Lucene Component allows for authorization bypass throu...

7.5CVSS6.2AI score0.00399EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-55891

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel AWS2-SQS component allows an attacker to inject...

9.8CVSS6.1AI score0.00472EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-55901

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel DNS component leads to Server-Side Request Forgery SSR...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55890

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.18.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description Insufficient session expiration in the Apache Camel Keycloak Component occurs because the KeycloakSecurityHelper.parseAndVerifyAccessToken...

9.8CVSS6.1AI score0.00411EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55893

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

6AI score0.00378EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-55888

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.3.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the camel-elasticsearch-rest-client component allows for authorization...

5.3CVSS6.1AI score0.00451EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-55907

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description The camel-netty-http server consumer in Apache Camel contains an issue where the muteException optio...

5.3CVSS6.1AI score0.00363EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-55971

Name of the Vulnerable Software and Affected Versions OpenAI Codex for macOS affected versions not specified Description The desktop application renders remote images from Markdown within model responses. An attacker can use indirect prompt injection—a technique where malicious instructions are...

6.5CVSS6AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-55878

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description An uncontrolled resource consumption issue exists where certain interfaces do not impose reasonable limits on the time span and aggregation interval of queries. An attacker can send a reque...

7.5CVSS5.9AI score0.00546EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56018

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in its mount method, allowing non-admin users to access the Updates settings page and potentially...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55911

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false,...

5.8AI score0.00363EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56059

Summary The fix for CVE-2026-40882 addressed only the Velbus asset import handler. The KNX asset import handler KNXProtocol processes user-uploaded ETS project ZIP files through Saxon XSLT and XMLInputFactory.newInstance with no XXE protection, allowing any authenticated user to read arbitrary...

7.6CVSS6AI score0.00249EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55947

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.4 pnpm versions prior to 11.8.0 Description pnpm accepts package names from the configDependencies section of the env lockfile and uses them directly when creating config dependency symlinks under node...

8.2CVSS6AI score0.00257EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55997

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.24.0 Description A flaw in the rejection sampler during multi-request speculative decoding workloads allows the production of a recovered token equal to the model vocabulary size boundary value. This value is converted...

7.5CVSS5.9AI score0.00343EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55898

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...

6AI score0.00536EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-55896

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.10.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description An issue exists in the Apache Camel Neo4J component where the producer builds the Cypher WHERE clau...

8.2CVSS6AI score0.00329EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-55903

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...

6AI score0.00426EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55910

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

6AI score0.00396EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55919

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...

5.9AI score0.00399EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-55897

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...

6AI score0.00396EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55920

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

6.1AI score0.01058EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55918

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

5.9AI score0.00399EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-55917

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

5.9AI score0.00399EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55936

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw exists in the PNM file format parser where the pnmscanner gettoken function contains an off-by-one error in its loop boundary check. When processing a specially crafted PNM file, the...

7.3CVSS6.6AI score0.00216EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55871

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS6.7AI score0.01324EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55872

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56055

Summary The SQLite databases are created at predictable static paths in /tmp. Any user can therefore create a symlink at these paths in /tmp pointing to arbitrary files. The monitoring scripts then follows these symlinks and then creates their database at the symlink target. This becomes really...

5.1CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56070

Summary When a check plugin places user provided input inside a command which is passed to shell exec, an attacker can abuse this to run arbitrary commands. This is mainly dangerous for plugins which are listed in the sudoers file, because this allows an attacker controlling the nagios user to ge...

7.8CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56088

Summary flyto-core's SSRF protection validate url ssrf / is private ip in src/core/utils.py blocks private and metadata destinations by resolving the host and testing the resulting IP for membership in a hardcoded PRIVATE IP RANGES list. That list contains only the native RFC 1918 / loopback /...

7.5CVSS6.9AI score0.01034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56087

Unauthenticated Command Execution via HTTP MCP execute module Summary The HTTP MCP endpoint POST /mcp in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modules, including sandbox.execute shell, which passes attacker-controlled input...

8.4CVSS6.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-56060

Summary A realm admin of tenant B can read the profile, client roles, and realm roles of any user in any other realm including the master realm by supplying the target user's UUID in the REST API path. Three read endpoints in UserResourceImpl check whether the caller holds the read:admin role but...

7.7CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56061

Summary An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns...

6.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-55923

Recent FreeBSD security advisories detail severe flaws like CVE-2026-49420, CVE-2026-49429, and CVE-2026-49422. Patch immediately to stop attacks. FreeBSD Vulnerability CyberSecurity CVE202649420 https://t.co/WU1wVjaCN3...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55922

Recent FreeBSD security advisories detail severe flaws like CVE-2026-49420, CVE-2026-49429, and CVE-2026-49422. Patch immediately to stop attacks. FreeBSD Vulnerability CyberSecurity CVE202649420 https://t.co/WU1wVjaCN3...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55855

Name of the Vulnerable Software and Affected Versions Formbricks version 5.0.0 Description Improper access controls exist within the Survey Handler component, specifically affecting a function in the apps/web/modules/survey/link/actions.ts file. This flaw allows for remote exploitation...

6.9CVSS6.7AI score0.00366EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56032

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The PayPalEmail payment adapter fails to validate the amount supplied via PayPal IPN Instant Payment Notification callbacks, specifically the mc gross variable, against the actual invoice total...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56081

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The AgentLogLine dashboard component uses the ansi-to-html library without the escapeXML: true setting and...

5.4CVSS6AI score0.00316EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56082

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The subdomain-based workspace app proxy allows a bypass of the same-owner Cross-Origin Resource Sharing CO...

5.8CVSS6AI score0.00222EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-55993

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon affected versions not specified Description Memory corruption occurs when updating prepared commands using invalid port indices derived from user space input that exceed the supported read client limits. Recommendations At...

5.3CVSS6.1AI score0.00056EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-55994

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon affected versions not specified Description Memory corruption occurs when processing invalid HT40 channel layouts during dynamic channel switching operations. HT40 refers to a High Throughput mode in wireless networking tha...

8.8CVSS6.1AI score0.00072EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-55974

Name of the Vulnerable Software and Affected Versions OP-TEE versions 4.5.0 through 4.10.x Description The RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver uses a non-constant-time memcmp function for label hash verification and contains multiple distinguishable error...

3.3CVSS6.1AI score0.00099EPSS
Exploits1References6
Total number of security vulnerabilities184462