Lucene search
K
PtsecurityRecent

184508 matches found

Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•15 views

PT-2026-55693

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v ftp user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in...

8.5CVSS6.7AI score0.00656EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•13 views

PT-2026-55740

Name of the Vulnerable Software and Affected Versions code-projects Online Job Portal version 1.0 Description A remote SQL injection exists in the login.php file. This occurs when the txtUser and txtPass arguments are manipulated, allowing an attacker to interfere with the database queries...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•9 views

PT-2026-55733

Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An issue exists in the /admin/mensproductdeletequery.php file where improper handling of the user id variable allows for SQL injection. This allows a remote attacker t...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•13 views

PT-2026-55737

Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description An SQL injection flaw exists in the Database Query Handler component due to improper processing of the /lecturer/marking-scheme.php endpoint. A remote attacker can exploit this by...

6.5CVSS6.7AI score0.00319EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•14 views

PT-2026-55699

In the Linux kernel, the following vulnerability has been resolved: af unix: Set gc in progress to true in unix gc. Igor Ushakov reported that unix gc could run with gc in progress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -------- -------- -------- unix...

5.8AI score0.00171EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•14 views

PT-2026-55678

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•12 views

PT-2026-55720

Name of the Vulnerable Software and Affected Versions kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7 Description A remote attack can be initiated through the manipulation of the shopping cart argument in the getCartItems function within the...

8.8CVSS7.1AI score0.00598EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•11 views

PT-2026-55707

Name of the Vulnerable Software and Affected Versions ForceInjection AI-fundermentals versions 2.0 through 3.0 Description The Memory Recall Handler component contains an issue within the get conversation history function located in the 08 agentic system/memory/langchain/code/smart customer...

3.1CVSS5.8AI score0.0016EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•13 views

PT-2026-55736

Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description Cross site scripting occurs due to the manipulation of the ID argument within the '/admin/remove-user.php' endpoint. This issue allows a remote attacker to execute malicious scripts i...

5.3CVSS5.8AI score0.00443EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•13 views

PT-2026-55725

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description Remote SQL injection is possible due to improper handling of the ID argument within the /edit class2.php endpoint. SQL injection is a technique where an attacker inserts...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•13 views

PT-2026-55674

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•10 views

PT-2026-55689

Name of the Vulnerable Software and Affected Versions jairiidriss restaurant-website-php-mysql versions up to 521428b5b612449df0cf4a5d15ee40cba67f3d35 Description A missing authentication flaw exists in the AJAX Endpoint component. A remote attacker can manipulate the '/admin/ajax files' endpoint...

7.5CVSS7.1AI score0.00517EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•13 views

PT-2026-55698

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM SEV implementation where the software scratch area is not required to reside in the GHCB shared buffer when GHCB v2+ is used. This allows a malicious SNP guest...

6.2AI score0.00267EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•9 views

PT-2026-55739

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A remote SQL injection exists in the /patientappointment.php file. This occurs when the patiente argument is manipulated, allowing an attacker to execute arbitrary SQL commands on...

6.5CVSS6.9AI score0.00319EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•14 views

PT-2026-55705

Name of the Vulnerable Software and Affected Versions Trail of Bits fickling versions prior to 0.1.12 Description An issue exists where the UnsafeImportsML analysis pass unconditionally calls the AnalysisContext.shorten codenode function on every import node. This action populates a shared...

8.8CVSS6.2AI score0.00321EPSS
Exploits1References14
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•14 views

PT-2026-55684

A vulnerability was detected in Open5GS up to 2.7.7. Affected by this vulnerability is the function amf nnrf handle nf discover of the file src/amf/nnrf-handler.c of the component AMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public an...

5.3CVSS5.5AI score0.00316EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•16 views

PT-2026-55727

A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test input of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible t...

7.5CVSS6.8AI score0.00347EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•12 views

PT-2026-55694

A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui gateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released t...

6.5CVSS6.2AI score0.00224EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•12 views

PT-2026-55687

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...

3.1CVSS5.1AI score0.00299EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•12 views

PT-2026-55745

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.07.04 Description Improper sanitization of output when using the --write-link option allows for downstream command injection. This occurs because shortcut file data is not properly validated and sanitized before...

7.5CVSS6AI score0.00554EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•11 views

PT-2026-55710

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MY Controller.php of the component Subscribed Emails Admin Page. Such manipulatio...

5.3CVSS4.1AI score0.00288EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•13 views

PT-2026-55708

A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MY Controller.php of the component Trusted Backend Interface. The manipulation of the argument...

5.3CVSS5.5AI score0.00273EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•12 views

PT-2026-55728

Name of the Vulnerable Software and Affected Versions code-projects Online Voting System version 1.0 Description A remote SQL injection is possible through the manipulation of the voterName, voterEmail, voterID, or selectedCandidate variables within the test input function of the '/saveVote.php'...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•14 views

PT-2026-55711

A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Multi-Image Endpoint. Performing ...

7.5CVSS6.5AI score0.00437EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•13 views

PT-2026-55692

Name of the Vulnerable Software and Affected Versions omec-project amf versions 2.0.2 and 2.1.1 Description A remote manipulation of the NGSetupRequest Handler component within the file /go/src/amf/ngap/handler.go can lead to a denial of service. Recommendations For versions 2.0.2 and 2.1.1, depl...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•16 views

PT-2026-55680

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...

8.1CVSS6.3AI score0.00444EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•13 views

PT-2026-55696

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.31 Description A weakness in the HTTP API component allows a remote attacker to cause a denial of service. The issue exists within the AIAgent.run conversation function located in the run...

5.3CVSS6AI score0.00277EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•15 views

PT-2026-55666

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect malicious pickle files that utilize the runcode function within the idlelib.run.Executive class inside reduce methods. This allows attackers to embed hidden code in...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•12 views

PT-2026-55730

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation. When...

5.3CVSS5.9AI score0.00191EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•20 views

PT-2026-55668

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck. main .run autograd prof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•13 views

PT-2026-55701

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. This occurs when consent...

3.5CVSS5.9AI score0.00158EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•14 views

PT-2026-55672

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•15 views

PT-2026-55718

Name of the Vulnerable Software and Affected Versions Plack::Middleware::OAuth versions prior to 0.11 Description Plack::Middleware::OAuth for Perl fails to support the OAuth 2.0 state parameter. The RequestTokenV2 function builds the provider authorization redirect without issuing a state value,...

8.1CVSS5.9AI score0.00172EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•17 views

PT-2026-55683

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•15 views

PT-2026-55723

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit ha...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•14 views

PT-2026-55702

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter. is allowed user of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack ca...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•20 views

PT-2026-55741

Name of the Vulnerable Software and Affected Versions HdrHistogram versions prior to 2.2.3 Description An issue exists in the decodeFromCompressedByteBuffer function within the org.HdrHistogram.AbstractHistogram class. Local manipulation of the lengthOfCompressedContents argument can lead to...

4.8CVSS5.8AI score0.00118EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•18 views

PT-2026-55719

Name of the Vulnerable Software and Affected Versions Dancer2::Plugin::Auth::OAuth::Provider versions prior to 0.23 Description The software fails to support the OAuth 2.0 state parameter. The authentication url method creates a provider authorization redirect without a state value, and the...

8.1CVSS5.9AI score0.00186EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•12 views

PT-2026-55691

Name of the Vulnerable Software and Affected Versions omec-project amf versions prior to 2.1.2 Description A remote manipulation of the RRCInactiveTransitionReport function within the NGAP Message Handler component can lead to a denial of service. Recommendations Apply patch...

5.3CVSS5.9AI score0.00522EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•12 views

PT-2026-55685

PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations...

2.3CVSS6.1AI score0.00378EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•16 views

PT-2026-55724

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit course.php endpoint where manipulation of the ID variable allows for remote SQL injection. SQL injection is a technique where malicious SQL...

7.5CVSS7.1AI score0.00416EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•11 views

PT-2026-55738

Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description An issue exists in the /lecturer/marking-scheme.php file where improper handling of the smarksrange variable allows for remote SQL injection. SQL injection is a technique where an...

6.5CVSS6.8AI score0.00319EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•14 views

PT-2026-55686

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A flaw in the /medicine.php file allows for remote exploitation via SQL injection. This occurs when the editid variable is manipulated, potentially allowing an attacker to interfe...

6.5CVSS6.7AI score0.002EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•12 views

PT-2026-55742

A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory...

4.8CVSS5.4AI score0.0012EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•13 views

PT-2026-55688

3 CVEs in spice-vdagent macOS/BSD, session info create returns NULL without systemd-logind... so auth just gets skipped entirely. Any local process connects as trusted agent. The "if auth fails, don't auth" classic 😂 + heap overflow via integer wraparound + path traversal: malicious host writes...

5.1CVSS6AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•16 views

PT-2026-55703

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit i...

6.9CVSS5.8AI score0.00551EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•12 views

PT-2026-55732

Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An SQL injection issue exists in the Admin Login component within the /admin/login.php endpoint. The flaw allows remote attackers to manipulate the Username variable t...

7.5CVSS7.4AI score0.00412EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•18 views

PT-2026-55700

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ip6 append data function during the paged-allocation process triggered by MSG MORE, NETIF F SG, or large fragment lengths. When fraggap is non-zero and the...

7.8CVSS6.3AI score0.00184EPSS
Exploits4References372
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•12 views

PT-2026-55704

Name of the Vulnerable Software and Affected Versions Trail of Bits fickling versions 0.1.10 and earlier Description An improper input validation issue exists in the denylist logic used to analyze pickle opcode imports. The UNSAFE IMPORTS denylist in fickle.py fails to include critical Python...

8.8CVSS6.2AI score0.00342EPSS
Exploits1References12
Positive Technologies
Positive Technologies
•added 2026/07/03 12:0 a.m.•15 views

PT-2026-55513

Name of the Vulnerable Software and Affected Versions The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x versions prior to 2.2.15 Description Unauthenticated attackers can execute arbitrary shortcodes because the software fails to properly validate a value before running the...

5.4CVSS6.1AI score0.00255EPSS
Exploits0References8
Total number of security vulnerabilities184508