Lucene search
K
PtsecurityRecent

184569 matches found

Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•9 views

PT-2026-55969

Name of the Vulnerable Software and Affected Versions Tenda firmware versions US FH1201V1.0BR V1.2.0.14408 EN TD Tenda firmware versions US W15EV1.0br V15.11.0.51068 1567 841 EN TDE Tenda firmware versions US AC10V1.0re V15.03.06.46 multi TDE01 Tenda firmware versions US AC5V1.0RTL V15.03.06.48...

9.8CVSS7.2AI score0.00668EPSS
Exploits1References44
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•8 views

PT-2026-55915

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authenticated user can perform a cross-tenant authorization bypass by manipulating a company ID parameter in a POST request to the backend. The application...

9.3CVSS5.9AI score0.00309EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•10 views

PT-2026-56068

Name of the Vulnerable Software and Affected Versions Coder versions 2.17.0 through 2.29.6 Coder versions 2.32.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The POST /api/v2/files endpoint converts zip uploads to tar in memory using the...

6.5CVSS6.4AI score0.00602EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•10 views

PT-2026-55883

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.14.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists where the default ObjectInputFilter pattern used for deserialization filtering in...

8.1CVSS6.1AI score0.00546EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•7 views

PT-2026-56023

Name of the Vulnerable Software and Affected Versions ajenti versions prior to 2.2.14 Description The browser-facing login and administrative UI contains a clickjacking weakness. This occurs because the core HTTP response path in ajenti-core/aj/http.py initializes an empty header list and finaliz...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•8 views

PT-2026-56043

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as md5 under the uploads...

5.1CVSS5.9AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•5 views

PT-2026-56017

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did not fully validate shell metacharacters, allowing a highly privileged attacker who can configur...

3.3CVSS6AI score0.00195EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•8 views

PT-2026-56039

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.6 through 0.7.2 Description When a ClientPasswordReset record already exists for a client from a previous unexpired request, subsequent calls to the reset password guest API endpoint reuse the existing token instead of...

7.7CVSS6AI score0.00215EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•6 views

PT-2026-56038

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A low-privileged staff account can grant arbitrary module permissions to itself, leading to persistent privilege escalation. A user possessing the staff.create and edit staff permission can call...

8.5CVSS6AI score0.0024EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•4 views

PT-2026-56037

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.3 through 0.7.2 Description Authenticated clients can read and reset API key service secrets for orders that are not in an active state, such as suspended or canceled. This occurs due to missing order-state validation ...

8.6CVSS6AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•9 views

PT-2026-56051

Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.1 Cilium versions 1.18.0 through 1.18.7 Cilium versions prior to 1.17.14 Description When L7 functionality is enabled, the Envoy instance creates a world-accessible socket on cluster nodes. A local attacker...

9.2CVSS5.9AI score0.00017EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•5 views

PT-2026-56050

Summary The predicted datapoint write endpoint allows users with only read:assets privileges to write predicted datapoints. The endpoint: text PUT /api/realm/asset/predicted/assetId/attributeName accepts write requests from users lacking write:assets. The implementation appears to check READ ASSE...

4.3CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•13 views

PT-2026-55889

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel Cometd component allows unauthenticated users to injec...

9.8CVSS6.1AI score0.00487EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•14 views

PT-2026-55984

Over the past months, six additional vulnerabilities I reported on @Hacker0x01 have been assigned CVE identifiers, bringing my personal total to 19 CVEs. New CVEs: CVE-2026-4260 CVE-2026-13374 CVE-2026-13375 CVE-2026-13376 CVE-2026-13377 CVE-2026-13378 These issues have been addressed by...

4.8CVSS5.9AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•16 views

PT-2026-55887

A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...

7CVSS6AI score0.00119EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•9 views

PT-2026-55960

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS6.1AI score0.0033EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•9 views

PT-2026-55989

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto affected versions not specified Description Memory corruption occurs when handling flash commands. This issue is caused by the use of outdated LED count values following modifications made in userspace. Recommendations...

5.3CVSS6.1AI score0.0006EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•11 views

PT-2026-55988

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when parsing jpeg commands. This is caused by unaccounted extra writes to the buffer during validation checks. Recommendations At the...

5.3CVSS6.1AI score0.0006EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•11 views

PT-2026-56063

Name of the Vulnerable Software and Affected Versions Langroid affected versions not specified Description A sandbox escape exists in the TableChatAgent and VectorStore components that allows for Remote Code Execution RCE. The issue occurs when agents evaluate LLM-generated tool messages with ful...

10CVSS6.4AI score0.00912EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•10 views

PT-2026-55983

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

7.2CVSS6.2AI score0.00259EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•11 views

PT-2026-56029

Name of the Vulnerable Software and Affected Versions showdown affected versions not specified Description A stored cross-site scripting issue exists in the parseHeaders function within src/subParsers/makehtml/tables.js. The software fails to properly escape table header ID attributes, allowing...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•7 views

PT-2026-55880

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description The internal RPC interface of the Apache IoTDB DataNode used for creating Trigger instances fails to sufficiently validate the name of the uploaded Trigger JAR when constructing a file path...

9.8CVSS6AI score0.00509EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•8 views

PT-2026-56022

Name of the Vulnerable Software and Affected Versions mrubyc versions prior to 3.4.2 Description A NULL pointer dereference occurs in the src/vm.c file within the op super function OP SUPER. This issue is caused by a missing runtime guard for top-level super. Recommendations Update to version 3.4...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•13 views

PT-2026-55882

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.19.9 Description The camel-vertx-http component deserializes HTTP response bodies with the...

8.1CVSS6.5AI score0.00724EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•7 views

PT-2026-55992

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description A cryptographic issue exists when using a static initialization vector IV for AES-GCM key wrapping. AES-GCM requires a unique IV for every call to maintain...

7.1CVSS6.1AI score0.00069EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•5 views

PT-2026-55996

Name of the Vulnerable Software and Affected Versions DNG SDK versions 1.7.1 2536 and earlier Description A NULL Pointer Dereference occurs when the software attempts to read from a memory address that is NULL, causing the application to crash. This issue can lead to a denial-of-service condition...

5.5CVSS6.1AI score0.00139EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•8 views

PT-2026-56069

Name of the Vulnerable Software and Affected Versions coder versions prior to 2.34.2 coder versions prior to 2.33.8 coder versions prior to 2.32.7 coder versions prior to 2.29.17 Description An authenticated user can trigger a denial of service by sending a small message with an excessively large...

4.9CVSS6AI score0.00611EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•8 views

PT-2026-55884

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description The camel-hazelcast component manages Hazelcast instances using a default configuration that lacks a...

8.1CVSS6.5AI score0.00804EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•7 views

PT-2026-56054

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.4.0 Description The helmet middleware in the Fiber web framework fails to set the Strict-Transport-Security HSTS response header, even when HSTSMaxAge is configured. This occurs because the logic in...

4.8CVSS6AI score0.00207EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•9 views

PT-2026-55930

A vulnerability was identified in GPAC up to b40ce70f5. This issue affects the function sgpd del entry of the file src/isomedia/box code base.c of the component MP4Box. Such manipulation of the argument data leads to heap-based buffer overflow. Local access is required to approach this attack. Th...

4.8CVSS6.1AI score0.00124EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•9 views

PT-2026-56033

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description Low-privileged staff accounts can read sensitive data through admin API endpoints that lack proper permission checks. Although write endpoints enforce fine-grained permissions, the corresponding...

2.3CVSS6AI score0.00226EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•18 views

PT-2026-56086

Summary In Kiwi TCMS the fields TestCase.extra link and TestPlan.extra link were meant to represent URLs to external resources however in versions prior to 16.1 user input was not being sanitized and values were rendered verbatim which represents an opportunity for cross-site scripting...

5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•13 views

PT-2026-56083

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.80 Description The /api/settings/database endpoint allows for full database export and import without sufficient authentication. The export function returns the complete database, including plaintext API keys in t...

9.9CVSS6.1AI score0.00685EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•12 views

PT-2026-56084

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.80 Description The dashboard login rate limiter derives client identity from the X-Forwarded-For HTTP header, which is controlled by the user. When the application is directly exposed or deployed behind a reverse...

7.3CVSS6.2AI score0.00515EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•6 views

PT-2026-55958

The Reviews Widgets for Google, Yelp & TripAdvisor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page id' shortcode attribute of the fbrev shortcode in versions up to and including 2.7.3. This is due to insufficient input sanitization and output escaping in the Feed...

6.4CVSS6AI score0.00193EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•9 views

PT-2026-55898

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...

6AI score0.00536EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•11 views

PT-2026-56007

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.0 through 0.7.2 Description A SQL injection issue exists in the Massmailer module filter functionality. An authenticated administrator can provide crafted filter values during the update of a mass email message, which...

6.9CVSS6.1AI score0.00218EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•9 views

PT-2026-56026

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description PostgreSQL healthcheck command generation uses attacker-controlled database settings in shell-form commands. This allows an authenticated user to perform command injection executed within th...

8.8CVSS5.9AI score0.00359EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•7 views

PT-2026-55935

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS6AI score0.00143EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•8 views

PT-2026-55923

Recent FreeBSD security advisories detail severe flaws like CVE-2026-49420, CVE-2026-49429, and CVE-2026-49422. Patch immediately to stop attacks. FreeBSD Vulnerability CyberSecurity CVE202649420 https://t.co/WU1wVjaCN3...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•10 views

PT-2026-55947

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.4 pnpm versions prior to 11.8.0 Description pnpm accepts package names from the configDependencies section of the env lockfile and uses them directly when creating config dependency symlinks under node...

8.2CVSS6AI score0.00257EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•14 views

PT-2026-55875

CVE-2026-12184: Remote DoS in PHP, 8.2 rating šŸ”„ Failure to setup TLS handshake with a remote server can lead to DoS. Search at Netlas.io: šŸ‘‰ Link: https://nt.ls/pjJC5 šŸ‘‰ Dork: tag.name:php Vendor's advisory: https://github.com/php/php-src/security/advisories/GHSA-mhmq-mmqj-2v39...

6AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•7 views

PT-2026-56067

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists where the PUT /api/v2/users/user/password endpoint only authorized the ActionUpdatePersona...

7.2CVSS6AI score0.00615EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•5 views

PT-2026-55970

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.9.0 Description Improper enforcement of a mandatory multi-factor authentication policy allows an attacker with valid user credentials to bypass the MFA Required policy and authenticate without completing...

8.8CVSS6.1AI score0.00231EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•13 views

PT-2026-56060

Summary A realm admin of tenant B can read the profile, client roles, and realm roles of any user in any other realm including the master realm by supplying the target user's UUID in the REST API path. Three read endpoints in UserResourceImpl check whether the caller holds the read:admin role but...

7.7CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•10 views

PT-2026-56061

Summary An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns...

6.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•19 views

PT-2026-56009

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS6.1AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•9 views

PT-2026-55934

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8 to unicode.cc produces wrong output on i386 architecture because snprintf uses sizeof on a...

5.8CVSS5.9AI score0.00438EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•9 views

PT-2026-55928

Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/07/06 12:0 a.m.•15 views

PT-2026-55912

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation exists in the camel-aws2-sns component. The Sns2HeaderFilterStrategy...

9.8CVSS5.9AI score0.00427EPSS
Exploits0References4
Total number of security vulnerabilities184569