Lucene search
K
PtsecurityRecent

184508 matches found

Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-56060

Summary A realm admin of tenant B can read the profile, client roles, and realm roles of any user in any other realm including the master realm by supplying the target user's UUID in the REST API path. Three read endpoints in UserResourceImpl check whether the caller holds the read:admin role but...

7.7CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-56061

Summary An open redirect vulnerability in the account confirmation endpoint allows an unauthenticated attacker to craft a URL hosted on a legitimate Kiwi TCMS instance that redirects victims to an arbitrary external domain. The attack surface is particularly relevant for phishing campaigns...

6.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.19 views

PT-2026-56009

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS6.1AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55934

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8 to unicode.cc produces wrong output on i386 architecture because snprintf uses sizeof on a...

5.8CVSS5.9AI score0.00438EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55948

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted node modules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is...

7.1CVSS5.9AI score0.00262EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55990

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs during the validation of input batch size and buffer plane count when these values exceed the maximum allowed limits. Recommendations At...

5.3CVSS6.1AI score0.0006EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-56169

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying trac...

8.1CVSS7.2AI score0.00348EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.14 views

PT-2026-55912

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation exists in the camel-aws2-sns component. The Sns2HeaderFilterStrategy...

9.8CVSS5.9AI score0.00427EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55891

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel AWS2-SQS component allows an attacker to inject...

9.8CVSS6.1AI score0.00472EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55871

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS6.7AI score0.01324EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56011

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.51 Traefik versions prior to 3.6.22 Traefik versions prior to 3.7.6 Description Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares fail to account for underscore-variant header names when stripping...

10CVSS5.9AI score0.00256EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55850

Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description A use after free issue exists in the r core bin load function within the libr/core/cfile.c file. This flaw allows a local attacker to trigger the condition through specific manipulation. Us...

7.8CVSS6.2AI score0.00135EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-56008

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.469 Description An authenticated remote command injection issue exists in the application deployment handling. Users with application write permissions can achieve remote code execution and exfiltrate...

9.9CVSS6.5AI score0.02539EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55998

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.51 Traefik versions prior to 3.6.22 Traefik versions prior to 3.7.6 Description The ForwardAuth middleware in this HTTP reverse proxy and load balancer incorrectly derives the X-Forwarded-Port header sent to the...

6.9CVSS6AI score0.0029EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55873

Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password...

9.8CVSS6AI score0.00507EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55969

Name of the Vulnerable Software and Affected Versions Tenda firmware versions US FH1201V1.0BR V1.2.0.14408 EN TD Tenda firmware versions US W15EV1.0br V15.11.0.51068 1567 841 EN TDE Tenda firmware versions US AC10V1.0re V15.03.06.46 multi TDE01 Tenda firmware versions US AC5V1.0RTL V15.03.06.48...

9.8CVSS7.2AI score0.00668EPSS
Exploits1References44
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55915

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authenticated user can perform a cross-tenant authorization bypass by manipulating a company ID parameter in a POST request to the backend. The application...

9.3CVSS5.9AI score0.00309EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-56068

Name of the Vulnerable Software and Affected Versions Coder versions 2.17.0 through 2.29.6 Coder versions 2.32.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The POST /api/v2/files endpoint converts zip uploads to tar in memory using the...

6.5CVSS6.4AI score0.00602EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55885

Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists in the Apache Camel JMS component where the JmsBinding.extractBodyFromJms function i...

7.3CVSS6.2AI score0.00504EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55883

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.14.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists where the default ObjectInputFilter pattern used for deserialization filtering in...

8.1CVSS6.1AI score0.00546EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56023

Name of the Vulnerable Software and Affected Versions ajenti versions prior to 2.2.14 Description The browser-facing login and administrative UI contains a clickjacking weakness. This occurs because the core HTTP response path in ajenti-core/aj/http.py initializes an empty header list and finaliz...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56076

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.7 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The CreateSubAgent RPC does not validate the requested app sharing level against the template's...

5.4CVSS6AI score0.00315EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55903

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...

6AI score0.00426EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55916

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service conditio...

8.6CVSS6AI score0.00339EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55995

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Memory corruption occurs when processing asynchronous input parameters. This is caused by a Time-of-Check to Time-of-Use TOCTOU race condition, where values are...

7.8CVSS6.1AI score0.00052EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56035

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.6 through 0.7.2 Description When the Require Email Confirmation setting is enabled, a logged-in client with an unverified email address, indicated by the variable email approved = 0, can bypass page-side enforcement...

5.3CVSS5.9AI score0.00226EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55866

The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web...

6.1AI score0.00301EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55937

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS5.8AI score0.00292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55895

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.18.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description Deserialization of untrusted data in the Apache Camel PQC component occurs when HashicorpVaultKeyLifecycleManager,...

8.8CVSS6.7AI score0.00485EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55929

A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gf isom nalu sample rewrite of the file src/isomedia/avc ext.c of the component MP4Box. This manipulation of the argument nalu out bs causes double free. It is possible to launch the attack on the local...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55905

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection issue exists in the Apache Camel Kafka component due to improper input validation and...

5.3CVSS6.2AI score0.00385EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-56028

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.10 through 0.7.2 Description An issue exists in the Config::prettyPrintArrayToPHP method where string values are written into the config.php file without escaping single quotes during configuration updates. Since...

8.9CVSS6.1AI score0.00274EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55878

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description An uncontrolled resource consumption issue exists where certain interfaces do not impose reasonable limits on the time span and aggregation interval of queries. An attacker can send a reque...

7.5CVSS5.9AI score0.00546EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56053

Name of the Vulnerable Software and Affected Versions @xhmikosr/decompress versions prior to 10.2.1 @xhmikosr/decompress versions prior to 11.1.3 decompress versions prior to 4.3.0 Description When extracting archives to a directory, a crafted archive can read or write files outside that director...

9.1CVSS6AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55967

Name of the Vulnerable Software and Affected Versions ArcGIS Server versions prior to 12.1 Description An unauthenticated attacker can exploit a directory traversal issue by sending crafted path parameters. This allows the attacker to access sensitive files on the system. Directory traversal is a...

9.8CVSS6AI score0.00727EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56218

These are all security issues fixed in the json-c-devel-0.19-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55961

Name of the Vulnerable Software and Affected Versions HP Deskjet 2800 Series Printers versions prior to TBP1CN2612AR Description A missing authorization flaw exists in the embedded webserver. An unauthenticated attacker with network access can bypass administrative controls by sending GET request...

7.5CVSS6AI score0.00271EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55928

Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.16 views

PT-2026-55865

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, includin...

6AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55951

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support affected versions not specified Description A critical pre-authentication flaw exists in the authentication subsystem. Improper processing of authentication requests allows an unauthenticated remote attacker to bypas...

9.8CVSS6.2AI score0.00653EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55978

Name of the Vulnerable Software and Affected Versions vLLM versions 0.22.0 through 0.23.0 Description The software fails to validate the size of uploaded audio files before loading them into memory. Specifically, the endpoints '/v1/audio/transcriptions' and '/v1/audio/translations' execute the...

6.5CVSS6.2AI score0.00289EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-56074

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The workspace app proxy resolves the target app using the httpapi.RequestHost function, which prioritizes...

5.8CVSS5.9AI score0.00208EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-55879

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description An authentication bypass issue exists due to insufficient validation of the sessionId parameter within certain Thrift RPC query handlers. An attacker can forge the sessionId to bypass the...

9.1CVSS6AI score0.00471EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-56020

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated command injection exists in the GetLogs Livewire component. Users with team membership, including those with the lowest privilege role, can execute arbitrary commands as roo...

8.8CVSS6.1AI score0.01385EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55952

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score0.00561EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55852

Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description A stack-based buffer overflow exists in the Memory64ListStream Parser component within the file libr/bin/format/mdmp/mdmp.c. This issue can be triggered through local manipulation...

7.8CVSS6.2AI score0.00153EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.11 views

PT-2026-55753

A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save users of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made availab...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.15 views

PT-2026-55759

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. Impacted is an unknown function of the file upload files.php. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been...

6.5CVSS6.3AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.10 views

PT-2026-55787

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/ internal/ cache.py of the component Task Result Cache. This manipulation of the argument default cache key causes use of weak hash. The attack is...

3.1CVSS5AI score0.0016EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.11 views

PT-2026-55752

Name of the Vulnerable Software and Affected Versions CodeAstro Apartment Visitor Management System version 1.0 Description A security flaw allows remote attackers to perform SQL injection, a technique used to manipulate database queries. The issue exists within an unknown function in the...

6.5CVSS6.7AI score0.002EPSS
Exploits0References12
Total number of security vulnerabilities184508