Lucene search
K
PtsecurityRecent

184484 matches found

Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-56016

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, mutating API validation endpoints are guarded by read ability, allowing read-scoped API tokens to perform state-changing operations such as validating cloud tokens and...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-55909

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Atmosphere WebSocket component allows an unauthenticated remote...

7.5CVSS6.1AI score0.00536EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 6 days ago•10 views

PT-2026-56007

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.0 through 0.7.2 Description A SQL injection issue exists in the Massmailer module filter functionality. An authenticated administrator can provide crafted filter values during the update of a mass email message, which...

6.9CVSS6.1AI score0.00218EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-56068

Name of the Vulnerable Software and Affected Versions Coder versions 2.17.0 through 2.29.6 Coder versions 2.32.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The POST /api/v2/files endpoint converts zip uploads to tar in memory using the...

6.5CVSS6.4AI score0.00602EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-56218

These are all security issues fixed in the json-c-devel-0.19-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 6 days ago•11 views

PT-2026-55874

The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a parameter before passing it to a shell command when processing image operation...

6AI score0.00902EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55877

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS6.2AI score0.00437EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 6 days ago•12 views

PT-2026-56004

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.9.0 Description The Docker API server fails to apply Server-Side Request Forgery SSRF destination checks on the streaming path. A remote unauthenticated client can exploit this by calling the 'POST /crawl/stream'...

8.6CVSS6AI score0.00262EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-56026

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description PostgreSQL healthcheck command generation uses attacker-controlled database settings in shell-form commands. This allows an authenticated user to perform command injection executed within th...

8.8CVSS5.9AI score0.00359EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55867

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...

6.3AI score0.00435EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 6 days ago•6 views

PT-2026-55933

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.5.0 through 2.5.11 OpenVPN versions 2.6.0 through 2.6.20 OpenVPN versions 2.7 alpha1 through 2.7.4 Description A memory leak exists that allows remote attackers possessing a valid tls-crypt-v2 client key to potentially trigg...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55876

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-56036

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description Low-privileged staff accounts can perform unauthorized actions through admin API endpoints. This issue stems from the can always access module flag, which grants all staff access to specific...

8.7CVSS6AI score0.00226EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-55866

The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web...

6.1AI score0.00301EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-56057

Summary A soundness vulnerability in the variable-base scalar multiplication gadget of halo2 gadgets allowed a malicious prover to produce a valid proof for an Orchard Action with an under-constrained base point. Because this gadget enforces the diversified-address-integrity condition of the...

9.3CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 6 days ago•4 views

PT-2026-55977

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the...

3.8CVSS6AI score0.00149EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55858

A vulnerability has been found in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/action-visitor.php. Such manipulation of the argument remark leads to sql injection. The attack may be performed from remote. Th...

6.5CVSS6.4AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•6 views

PT-2026-55982

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description The PlayStation TIM loader, which handles PlayStation image files, contains an integer overflow when calculating the size of the Color Look-Up Table CLUT. This occurs during the multiplication o...

5.5CVSS6.1AI score0.00208EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 6 days ago•6 views

PT-2026-55935

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS6AI score0.00143EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-56043

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as md5 under the uploads...

5.1CVSS5.9AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 6 days ago•5 views

PT-2026-56017

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did not fully validate shell metacharacters, allowing a highly privileged attacker who can configur...

3.3CVSS6AI score0.00195EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-56039

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.6 through 0.7.2 Description When a ClientPasswordReset record already exists for a client from a previous unexpired request, subsequent calls to the reset password guest API endpoint reuse the existing token instead of...

7.7CVSS6AI score0.00215EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 6 days ago•6 views

PT-2026-56038

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A low-privileged staff account can grant arbitrary module permissions to itself, leading to persistent privilege escalation. A user possessing the staff.create and edit staff permission can call...

8.5CVSS6AI score0.0024EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 6 days ago•6 views

PT-2026-56035

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.6 through 0.7.2 Description When the Require Email Confirmation setting is enabled, a logged-in client with an unverified email address, indicated by the variable email approved = 0, can bypass page-side enforcement...

5.3CVSS5.9AI score0.00226EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 6 days ago•4 views

PT-2026-56037

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.3 through 0.7.2 Description Authenticated clients can read and reset API key service secrets for orders that are not in an active state, such as suspended or canceled. This occurs due to missing order-state validation ...

8.6CVSS6AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-56051

Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.1 Cilium versions 1.18.0 through 1.18.7 Cilium versions prior to 1.17.14 Description When L7 functionality is enabled, the Envoy instance creates a world-accessible socket on cluster nodes. A local attacker...

9.2CVSS5.9AI score0.00017EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 6 days ago•5 views

PT-2026-56050

Summary The predicted datapoint write endpoint allows users with only read:assets privileges to write predicted datapoints. The endpoint: text PUT /api/realm/asset/predicted/assetId/attributeName accepts write requests from users lacking write:assets. The implementation appears to check READ ASSE...

4.3CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-55960

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS6.1AI score0.00294EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55908

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper authentication and a failure to fail securely in the Apache Camel Keycloak component allow unauthenticated access to protected routes...

9.8CVSS6.3AI score0.00619EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 6 days ago•6 views

PT-2026-56056

Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.3 Cilium versions 1.18.2 through 1.18.9 Cilium versions prior to 1.17.16 Description Users capable of creating CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs using the addressMatcher parameter...

6.9CVSS6AI score0.00341EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 6 days ago•13 views

PT-2026-55889

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel Cometd component allows unauthenticated users to injec...

9.8CVSS6.1AI score0.00487EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 6 days ago•11 views

PT-2026-56029

Name of the Vulnerable Software and Affected Versions showdown affected versions not specified Description A stored cross-site scripting issue exists in the parseHeaders function within src/subParsers/makehtml/tables.js. The software fails to properly escape table header ID attributes, allowing...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55880

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description The internal RPC interface of the Apache IoTDB DataNode used for creating Trigger instances fails to sufficiently validate the name of the uploaded Trigger JAR when constructing a file path...

9.8CVSS6AI score0.00509EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-56022

Name of the Vulnerable Software and Affected Versions mrubyc versions prior to 3.4.2 Description A NULL pointer dereference occurs in the src/vm.c file within the op super function OP SUPER. This issue is caused by a missing runtime guard for top-level super. Recommendations Update to version 3.4...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 6 days ago•13 views

PT-2026-55882

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.19.9 Description The camel-vertx-http component deserializes HTTP response bodies with the...

8.1CVSS6.5AI score0.00724EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55992

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description A cryptographic issue exists when using a static initialization vector IV for AES-GCM key wrapping. AES-GCM requires a unique IV for every call to maintain...

7.1CVSS6.1AI score0.00069EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-55883

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.14.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists where the default ObjectInputFilter pattern used for deserialization filtering in...

8.1CVSS6.1AI score0.00546EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 6 days ago•10 views

PT-2026-55856

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 6 days ago•15 views

PT-2026-56012

Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0 through 3.7.5 Description Traefik's Kubernetes Gateway API provider may incorrectly resolve two accepted HTTPRoutes that target the same backend Service:port but use different backendRef filters for the same child servic...

8.5CVSS5.9AI score0.00346EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55998

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.51 Traefik versions prior to 3.6.22 Traefik versions prior to 3.7.6 Description The ForwardAuth middleware in this HTTP reverse proxy and load balancer incorrectly derives the X-Forwarded-Port header sent to the...

6.9CVSS6AI score0.0029EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 6 days ago•9 views

PT-2026-56079

Name of the Vulnerable Software and Affected Versions Coder versions 2.30.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description AI Bridge proxy endpoints authenticate via the Server.IsAuthorized function in coderd/aibridgedserver. This process...

5.4CVSS5.9AI score0.00315EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 6 days ago•5 views

PT-2026-55996

Name of the Vulnerable Software and Affected Versions DNG SDK versions 1.7.1 2536 and earlier Description A NULL Pointer Dereference occurs when the software attempts to read from a memory address that is NULL, causing the application to crash. This issue can lead to a denial-of-service condition...

5.5CVSS6.1AI score0.00139EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 6 days ago•7 views

PT-2026-55943

Name of the Vulnerable Software and Affected Versions Ciena products affected versions not specified Description An authentication bypass exists in the default SFTP server component. This allows a remote, unauthenticated attacker to circumvent security controls and gain unauthorized access to the...

9.1CVSS6.1AI score0.0042EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-56069

Name of the Vulnerable Software and Affected Versions coder versions prior to 2.34.2 coder versions prior to 2.33.8 coder versions prior to 2.32.7 coder versions prior to 2.29.17 Description An authenticated user can trigger a denial of service by sending a small message with an excessively large...

4.9CVSS6AI score0.00611EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55963

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description The FontFile.compile function in the PIL/FontFile.py module fails to call Image. decompression bomb check when assembling per-glyph images into a combined bitmap using Image.new"1", xsize, ysize. Thi...

7.5CVSS6AI score0.00361EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 6 days ago•10 views

PT-2026-55964

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description The bdf char function in PIL/BdfFontFile.py reads the BBX width and height fields from a BDF font file and passes these attacker-controlled dimensions to Image.new without invoking Image. decompressi...

7.5CVSS6AI score0.00364EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 6 days ago•6 views

PT-2026-55962

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description In the load bitmaps function within PIL/PcfFontFile.py, glyph dimensions are read from the PCF METRICS section and passed to Image.frombytes without invoking Image. decompression bomb check. This...

7.5CVSS6AI score0.00354EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 6 days ago•5 views

PT-2026-55966

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description The WindowsViewer.get command function constructs a cmd.exe shell command by embedding a file path into an f-string without proper escaping. This result is then passed to subprocess.Popen...,...

4.5CVSS6AI score0.00136EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 6 days ago•4 views

PT-2026-55965

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description In the Python imaging library, the GdImageFile. open function in PIL/GdImageFile.py reads image dimensions from the GD 2.x header and stores them in self. size without invoking Image. decompression...

7.5CVSS5.9AI score0.00361EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 6 days ago•8 views

PT-2026-55884

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description The camel-hazelcast component manages Hazelcast instances using a default configuration that lacks a...

8.1CVSS6.5AI score0.00804EPSS
Exploits1References5
Total number of security vulnerabilities184484