Lucene search
K
PtsecurityRecent

184569 matches found

Positive Technologies
Positive Technologies
•added 11 hours ago•5 views

PT-2026-57607

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompress R2004 section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The...

5.3CVSS6.1AI score
Exploits0References11
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57650

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...

9.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57645

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57652

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion...

8.8CVSS6.2AI score
Exploits1References2
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57649

A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has be...

9CVSS7.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57651

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS...

8.7CVSS6.1AI score
Exploits1References2
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57647

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS6.6AI score
Exploits0References8
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57658

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub 2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available...

6.5CVSS6.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 11 hours ago•5 views

PT-2026-57656

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The message confirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, t...

9.6CVSS6.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57662

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token...

5.9CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57664

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...

4.9CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57654

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing...

4.3CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57653

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict the group constrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation...

5.4CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57659

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57661

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload tha...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57657

A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub 2D568 of the component start jffs2. Performing a manipulation of the argument jffs2 exec results in os command injection. Remote exploitation of the attack is possible. The exploit has...

6.5CVSS6.3AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57655

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify that the channel referenced in an action cookie matches the channel of the target post, which allows an authenticated user without access to a private channel to trigger interactive post actions on posts in th...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•8 views

PT-2026-57581

A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulation leads to uncontrolled search path. The attack must be carried out locally. The attack is...

7.3CVSS6.3AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 11 hours ago•8 views

PT-2026-57583

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 11 hours ago•8 views

PT-2026-57582

A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The manipulation results in authorization bypass. The attack may be launched remotely. The attack requires a...

6.3CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 11 hours ago•6 views

PT-2026-57610

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This manipulation of the argument Name causes sql injection. The attack can be initiated remotely. The...

6.5CVSS6.5AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57615

A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. This issue affects some unknown processing of the file kicad mcp/utils/path validator.py. Performing a manipulation of the argument project path/schematic path results in protection mechanism failure. Attacking locally is a...

4.8CVSS5.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 11 hours ago•5 views

PT-2026-57609

A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component run project. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement...

5.3CVSS5.9AI score
Exploits0References9
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57606

A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file system prompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...

5.1CVSS5.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57586

A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php of the component Media Library Insert Page. Such manipulation of the argument qqfilename leads to...

5.8CVSS5.7AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57613

A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scan project deps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be...

4.8CVSS5.6AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 11 hours ago•5 views

PT-2026-57611

A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal. Local access is required to approach this attack. The...

4.8CVSS5.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57608

A vulnerability was identified in makafeli n8n-workflow-builder up to 0.11.0. Affected is an unknown function of the file build/server.cjs of the component update node from file. The manipulation of the argument filePath leads to path traversal. An attack has to be approached locally. The exploit...

5.3CVSS5.7AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57621

Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for users to download...

6.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 11 hours ago•5 views

PT-2026-57612

A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validate urls of the file src/adloop/ads/write.py. Performing a manipulation of the argument final url results in server-side request forgery. The attack may be initiated remotely. The exploit is now...

6.5CVSS6.4AI score
Exploits0References9
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57624

A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. Th...

6.9CVSS5.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57620

Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

6.1CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57623

The MBStorage DRAM lighting control module within Gigabyte Control Center GCC developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send specific IOCTL commands through the driver MyPortIO x64.sys bundled with the module, thereby...

8.5CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57622

Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...

7.8CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 11 hours ago•5 views

PT-2026-57585

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be...

7.5CVSS6.7AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57660

A Server-Side Request Forgery SSRF protection bypass existed in the html to markdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges...

8.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57648

A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this iss...

7.5CVSS6.5AI score
Exploits0References8
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57646

A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...

5.3CVSS5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57640

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...

6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57642

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...

7.5CVSS6.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57641

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and mig...

6.5CVSS6.5AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57637

The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...

6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57638

The WP Job Portal WordPress plugin before 2.5.5 does not perform capability or ownership checks before allowing job moderation actions, allowing authenticated users with a subscriber-level self-registerable account to approve, feature, or reject arbitrary jobs, including those owned by other user...

6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57633

The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing unauthenticated users to inject arbitrary PHP objects that are instantiated when an administrator...

6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57632

The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated attackers to forge a payment-approved event and activate a paid membership subscription without...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57644

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS5.7AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57631

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57636

The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-leve...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•4 views

PT-2026-57635

The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...

6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 11 hours ago•3 views

PT-2026-57663

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation...

5.4CVSS6.1AI score
Exploits0References2
Total number of security vulnerabilities184569