Lucene search
K
PtsecurityRecent

184462 matches found

Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57516

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been publicly disclosed and...

5.3CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57521

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...

5.3CVSS5.7AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57529

A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub 43F2C4 of the file /goform/tools nslookup of the component DNS Lookup Handler. This manipulation of the argument nslookup target/dns server causes os command injection. The attack can be initiated...

6.5CVSS6.5AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57524

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change passwd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS6.6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57530

One of my responsible security disclosures has been assigned CVE-2026-59959. The vulnerability has been fixed, and the advisory is now public: https://t.co/8v5PsiHSCO...

6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57523

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57528

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub 41EC14 of the file /goform/tools nslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: "We are unable to...

9CVSS7.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57518

A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. T...

6.5CVSS6.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57520

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS5.7AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57522

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

6.5CVSS5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57515

A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci dss status.jsp. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used...

5.3CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago7 views

PT-2026-57527

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub 41EC14 of the file /goform/tools nslookup of the component ssi. The manipulation of the argument nslookup target leads to buffer overflow. It is possible to initiate the attack remotely. The...

9CVSS7.3AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57525

A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoa ipaddr results in command injection. The attack is possible t...

9CVSS6.7AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57519

A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation of the argument callId results in improper authorization. The attack may be performed from remote...

5.3CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago5 views

PT-2026-57531

A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub 42026C of the file /goform/tools ddns of the component Firmware Update Handler. Such manipulation of the argument hostname/username/password leads to os command injection. The attack can be launched...

6.5CVSS6.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago6 views

PT-2026-57526

A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/adm/gestao loja/sis.php?t=consultar of the component HTTP Handler. Executing a manipulation of the argument nome/perfil/status can lead to sql injection. The attack may be...

7.5CVSS6.7AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 11 hours ago2 views

PT-2026-57536

A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain...

7.5CVSS
Exploits0References5
Positive Technologies
Positive Technologies
added 11 hours ago0 views

PT-2026-57538

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument export date results in cross site scripting. It is possible to initiate...

5.1CVSS
Exploits0References4
Positive Technologies
Positive Technologies
added 11 hours ago4 views

PT-2026-57537

A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The...

5.3CVSS
Exploits0References5
Positive Technologies
Positive Technologies
added 11 hours ago2 views

PT-2026-57539

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published an...

5.8CVSS
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago2 views

PT-2026-57535

A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The manipulation of the argument kode produk/kd cs results in sql injection. The attack can be executed...

7.5CVSS
Exploits0References5
Positive Technologies
Positive Technologies
added 11 hours ago2 views

PT-2026-57541

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago4 views

PT-2026-57532

A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub 41FBD0 of the file /goform/system ntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. The attack may be initiated remotely. The...

6.5CVSS
Exploits0References6
Positive Technologies
Positive Technologies
added 11 hours ago2 views

PT-2026-57533

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit...

7.5CVSS
Exploits0References8
Positive Technologies
Positive Technologies
added 11 hours ago2 views

PT-2026-57540

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...

6.5CVSS
Exploits0References7
Positive Technologies
Positive Technologies
added 11 hours ago4 views

PT-2026-57534

A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack i...

7.5CVSS
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57431

Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...

6.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57460

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57449

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57423

The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the genolve setOpt function in all versions up to, and including, 5.0.5. This makes it possible for authenticated attackers, with Contributor-lev...

8.8CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57453

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday11 views

PT-2026-57409

The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS6.2AI score0.00246EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57473

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57470

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57452

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57459

A heads up that there are a ton of CVEs being patched for July 2026 June was also high. So many that they released the "hot fix" patches in June and still have not updated the Android Patch notes. Could just be 4th of July holiday, but they are an international firm. No previous delays as long...

8.4CVSS7.4AI score0.00585EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57430

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...

4.8CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-57374

The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS6.2AI score0.00264EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57391

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'b width map' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57381

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the get type template function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...

7.5CVSS6.5AI score0.00324EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-57405

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated...

8.8CVSS6.3AI score0.00312EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday10 views

PT-2026-57394

The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedesk clear cache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated...

4.3CVSS6.1AI score0.00204EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57406

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfm product archive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS6.2AI score0.0025EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57407

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...

5.3CVSS6.1AI score0.00329EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57417

The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter in all versions up to, and including, 2.2.2. This is due to insufficient escaping of user-supplied column names in the ajaxCheck method...

7.5CVSS6.1AI score0.00292EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-57385

The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

4.3CVSS6.2AI score0.00213EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-57401

The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS6AI score0.0025EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57419

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approval code' parameter in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS6.3AI score0.00273EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57422

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS6.2AI score0.00401EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-57383

The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the pgc sgb render...

6.4CVSS6.2AI score0.00241EPSS
Exploits0References11
Total number of security vulnerabilities184462