Lucene search
K
PtsecurityRecent

184508 matches found

Positive Technologies
Positive Technologies
•added 3 hours ago•6 views

PT-2026-57581

A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulation leads to uncontrolled search path. The attack must be carried out locally. The attack is...

7.3CVSS6.3AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 3 hours ago•6 views

PT-2026-57582

A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The manipulation results in authorization bypass. The attack may be launched remotely. The attack requires a...

6.3CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 3 hours ago•7 views

PT-2026-57583

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57551

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output path parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any locatio...

9.1CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57552

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'auth token', 'refresh token' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware...

9.8CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57545

A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get online plugins of the file astrbot/dashboard/routes/plugin.py of the component market list Endpoint. Executing a manipulation of the argument custom registry can lead to...

6.5CVSS6.4AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57558

filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose ne...

3.1CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57549

Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...

5.4CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57548

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super admin users retain access to delete non compliant bundles and count non compliant bundles RPCs due to stale org users.user right column not being cleared during role binding deletion. Attackers can exploit thi...

8.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57550

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by...

8.8CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57553

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/admin stats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform...

5.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57544

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/cron tools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS6.3AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57543

A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This...

7.5CVSS6.7AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57556

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal org id and provider id values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider...

6.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57547

Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote attackers can query the /rest/v1/global stats...

8.7CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57559

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...

8.8CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57572

A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. This manipulation of the argument p metaData causes cross site scripting. The attack may be initiated remotely. The vend...

5.1CVSS4.7AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57560

LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN containing script tags that execute in the administrator's browser when viewing DHCP lease pages...

9.4CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•12 views

PT-2026-57563

We have just added an important vulnerability affecting Comfast CF-WR631AX V3 CVE-2026-15511 https://t.co/vjkHzT9i6C...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57567

In Zephyr's WireGuard subsystem subsys/net/lib/wireguard, wg process data message in wg crypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIG WIREGUARD BUF LEN bytes before decryption. The call net buf linearizebuf-data, data len, pkt-buffer, ..., data len passe...

7.4CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57557

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process,...

8.8CVSS6.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•8 views

PT-2026-57528

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub 41EC14 of the file /goform/tools nslookup of the component ssi. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The vendor explains: "We are unable to...

9CVSS7.2AI score0.00419EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57575

A flaw has been found in Helicone ai-gateway up to 0.2.0-beta.30. This affects the function build target url of the file ai-gateway/src/dispatcher/service.rs of the component AWS Metadata Service. Executing a manipulation of the argument extracted path and query can lead to server-side request...

6.5CVSS6.3AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57576

A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON-RPC Endpoint. The manipulation of the argument role leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

6.5CVSS6.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57535

A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The manipulation of the argument kode produk/kd cs results in sql injection. The attack can be executed...

7.5CVSS6.7AI score0.00494EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57533

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit...

7.5CVSS6.7AI score0.00291EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57523

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS5.9AI score0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57554

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57542

A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/ExchangeController.java of the component JWT Authentication Filter. This manipulation causes code...

7.5CVSS6.6AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57530

One of my responsible security disclosures has been assigned CVE-2026-59959. The vulnerability has been fixed, and the advisory is now public: https://t.co/8v5PsiHSCO...

6AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57541

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...

6.5CVSS6.3AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57539

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published an...

5.8CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•9 views

PT-2026-57537

A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The...

5.3CVSS4.6AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57538

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument export date results in cross site scripting. It is possible to initiate...

5.1CVSS4.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57540

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...

6.5CVSS6.3AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added yesterday•6 views

PT-2026-57555

Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.update settings permission and an active SSO provider can call...

8.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57562

A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument item number results in sql injection. The attack may be performed from remote. The vendor was contact...

6.5CVSS6.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•5 views

PT-2026-57566

The nRF70 Wi-Fi driver's power-save event handler nrf wifi event proc get power save info in drivers/wifi/nrf wifi/src/wifi mgmt.c copied TWT Target Wake Time flow entries from an nrf wifi umac event power save info event into the fixed-size twt flowsWIFI MAX TWT FLOWS 8-element array of a...

5CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57570

The Nuvoton NuMaker HSUSBD USB device-controller driver drivers/usb/udc/udc numaker.c armed the control Data IN stage unconditionally base-CEPTXCNT = len in numaker hsusbd ep trigger. Because the HSUSBD hardware cannot disarm a control Data IN already armed for a previous transfer, a USB host tha...

2.4CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57569

Zephyr's dynamic kernel-object tracking kernel/userspace/userspace.c, formerly kernel/userspace.c maintains a doubly-linked list obj list of dynamically allocated kernel objects. Iteration over this list in k object wordlist foreach was performed under lists lock using the SAFE iterator which...

7.8CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•4 views

PT-2026-57565

In Zephyr's experimental USB host stack CONFIG USB HOST STACK, usbh device disconnect subsys/usb/host/usbh device.c freed the root usb device slab object without clearing the cached pointer ctx-root. The bus removal handler dev removed handler subsys/usb/host/usbh core.c decides what to tear down...

6.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added yesterday•8 views

PT-2026-57532

A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub 41FBD0 of the file /goform/system ntp of the component Firmware Update Handler. Performing a manipulation of the argument Hostname results in os command injection. The attack may be initiated remotely. The...

6.5CVSS6.5AI score0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57531

A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub 42026C of the file /goform/tools ddns of the component Firmware Update Handler. Such manipulation of the argument hostname/username/password leads to os command injection. The attack can be launched...

6.5CVSS6.4AI score0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•9 views

PT-2026-57534

A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack i...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57524

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change passwd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be...

7.5CVSS6.6AI score0.00278EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57522

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

6.5CVSS5.9AI score0.00396EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57521

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...

5.3CVSS5.7AI score0.00103EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57515

A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci dss status.jsp. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•9 views

PT-2026-57525

A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoa ipaddr results in command injection. The attack is possible t...

9CVSS6.7AI score0.00429EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added yesterday•7 views

PT-2026-57516

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been publicly disclosed and...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References6
Total number of security vulnerabilities184508