Lucene search
K
PtsecurityRecent

184253 matches found

Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57124

The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'htmltagtitle' parameter in all versions up to, and including, 12.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.2AI score0.00296EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57150

The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS6.1AI score0.00473EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57329

OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries by inserting user input into the query string, including two positions that took input without escaping, allowing an...

5.4CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57308

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57263

Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.1 Description GNU Wget fails to validate the IP address provided by an FTP PASV response when operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit th...

5.9CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57250

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The is secure string filter that protects the STUN protocol path is not...

7.2CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57173

Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview...

6.4CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57180

phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...

6.9CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57060

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS6.2AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57273

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...

8.8CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•3 views

PT-2026-57270

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/maintenance id checks access to the current maintenance record and asset but then fills attacker-controlled fields including asset id without re-authorizing the newly supplied asset, allowing an...

7.7CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57267

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary...

7.1CVSS6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57268

Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/itemType/itemId/cancel by admin?/requestingUser? accepts cancel by admin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel...

5.3CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57174

Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57154

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files...

6.5CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57066

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevart id’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

5.9CVSS6.1AI score0.00346EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57328

OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the...

7.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57327

OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran their SQL without the ownership predicate that their sibling read and edit functions use: notes.delete filtered only on note id and project id, while dashboards.update widget a...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57324

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist contained two cross-site scripting vulnerabilities where an attacker-controlled value reached a link's href without scheme validation, so a javascript URL could run in a victim's Grist origin on a single...

8.5CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57330

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password TOTP authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If...

7.4CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57331

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery SSRF vulnerability in URL preview functionality in UrlPreviewService. Due to missing network restrictions before establishing outbound connections, a remote attacker can...

6.9CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57311

Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3...

7.1CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57312

Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal via download backups was possible due to lack of hardening. This issue is fixed in versions 16.19.0 and 15.109.0...

6.9CVSS6.1AI score
Exploits0References10
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57323

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not check that the requested section was actually a form. A user with only partial read access, includin...

4.3CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57316

Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in reportview lacked appropriate permission checks and that has since been fixed. This vulnerability is fixed in 15.107.5 and 16.18.2...

5.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57292

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into...

8.5CVSS6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57272

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectl get, kubectl describe, kubectl delete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers...

9.8CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57269

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kit id/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should...

5.4CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57262

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the search by full text method without escaping or parameterization. Attackers can inject malicious SQL...

8.8CVSS6.3AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•3 views

PT-2026-57177

ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...

6.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57112

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57062

The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated Contributor+ Stored Cross-Site Scripting via the Button widget's custom attributes setting in versions up to and including 6.4.11. The render function in modules/widgets/tp button.php passed the raw custom attribut...

6.4CVSS6AI score0.00261EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57320

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, PhalconEncryptionCrypt::decrypt compares the attacker-supplied HMAC tag against the freshly computed HMAC using PHP/Zephir identity comparison, which lowers to a byte-wise comparison that returns early on the first differin...

8.2CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•3 views

PT-2026-57264

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.edit but without users.delete can directly POST to /users/bulksave with delete user=1 because BulkUsersController::destroy authorizes only update, allowing the user to...

7.1CVSS6.1AI score
Exploits1References4
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57274

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57266

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope locations fmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57265

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScrip...

5.4CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57251

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57167

In @capgo/capacitor-updater Cap-go/capgo before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo...

8.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57176

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion...

4.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57169

Capgo before 12.128.2 contains an information disclosure vulnerability in the get orgs v7userid RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, role...

8.7CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57181

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57171

Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitrary attachments using upload-scoped API keys that bypass plan checks, persist outside normal bund...

5.4CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57182

In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...

3.5CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added yesterday•8 views

PT-2026-57072

The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo formely Sendinblue plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS6.2AI score0.00256EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57334

Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the reset password endpoint. This issue is fixed in versions 16.16.0 and 15.106.0...

6.9CVSS6.1AI score
Exploits0References8
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57341

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. ...

8.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57344

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials, including Cloudflare API tokens, TencentCloud...

6.9CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57160

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

5.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57170

Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change endpoint that allows attackers to change user passwords without requiring current password confirmation. Attackers with temporary session access can exploit this flaw to permanently lock out legitimate...

8.7CVSS6.1AI score
Exploits0References2
Total number of security vulnerabilities184253