Lucene search
K
PtsecurityRecent

184419 matches found

Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57454

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57431

Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...

6.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57462

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57478

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57479

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.6AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57460

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57437

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57449

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57469

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57448

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57466

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57451

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57455

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57438

PraisonAI Platform praisonai-platform before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign lead id to their o...

7.1CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57465

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57472

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57463

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57428

Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer app RPC function that returns distinct error messages for existing versus non-existing app IDs. Unauthenticated attackers can enumerate valid app IDs by observing error message differences when calling...

6.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57458

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57468

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57471

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57475

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57461

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57474

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57423

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve setOpt function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.8CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57432

PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outside secret.txt or absolute paths in project command files to exfiltrate process-readable...

6.8CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57453

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday11 views

PT-2026-57409

The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS6.2AI score0.00246EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57427

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan valid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path plan valid expression and th...

5.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday10 views

PT-2026-57377

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter in all versions up to, and including, 1.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

6.5CVSS6.1AI score0.00343EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57436

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...

8.5CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday10 views

PT-2026-57425

The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday10 views

PT-2026-57457

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57456

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57435

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...

7.3CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57473

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57470

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57452

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57459

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57480

The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap broadcast assistant.c reassembled remote Broadcast Receive State data into a single file-static net buf simple att buf, BT ATT MAX ATTRIBUTE LEN = 512 bytes shared by all connection instances, while the BUSY flag,...

6.4CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57485

A new vulnerability with increased severity was disclosed for Trendnet TEW-635BRM CVE-2026-15480 https://t.co/Jr8yZofWNZ...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57430

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...

4.8CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57445

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

4.8CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57447

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service...

2.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57443

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...

4.8CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57444

ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...

6.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57446

ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution...

6.3CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-57374

The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS6.2AI score0.00264EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57391

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'b width map' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57381

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the get type template function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...

7.5CVSS6.5AI score0.00324EPSS
Exploits0References8
Total number of security vulnerabilities184419