Lucene search
K
PtsecurityRecent

184728 matches found

Positive Technologies
Positive Technologies
added 13 hours ago3 views

PT-2026-57734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through = 1.6.3.8...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago3 views

PT-2026-57745

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan, Inc. Dokan dokan-lite allows Reflected XSS.This issue affects Dokan: from n/a through = 5.0.6...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago3 views

PT-2026-57715

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through = 2.6.9...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago3 views

PT-2026-57729

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.13...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago3 views

PT-2026-57794

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 3.1.2...

5.4CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago3 views

PT-2026-57798

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through = 1.5.0...

5.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago3 views

PT-2026-57802

A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Google Cloud Platform, allows an authenticated attacker to escalate privileges and perform cross-tena...

9.4CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago3 views

PT-2026-57724

Server-Side Request Forgery SSRF vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through = 2.1.4...

6.4CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago3 views

PT-2026-57725

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud ChatBot for eCommerce WoowBot woowbot-woocommerce-chatbot allows Stored XSS.This issue affects ChatBot for eCommerce WoowBot: from n/a through = 4.6.1...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago3 views

PT-2026-57679

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago3 views

PT-2026-57718

Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...

7.2CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57646

A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/requi...

5.3CVSS5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57645

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57637

The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...

6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57613

A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scan project deps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be...

4.8CVSS5.6AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57615

A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. This issue affects some unknown processing of the file kicad mcp/utils/path validator.py. Performing a manipulation of the argument project path/schematic path results in protection mechanism failure. Attacking locally is a...

4.8CVSS5.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57621

Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for users to download...

6.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 13 hours ago6 views

PT-2026-57611

A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal. Local access is required to approach this attack. The...

4.8CVSS5.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57719

Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through = 4.0.2...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57782

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issue affects Forminator: from n/a through = 1.55.0.1...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago9 views

PT-2026-57581

A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulation leads to uncontrolled search path. The attack must be carried out locally. The attack is...

7.3CVSS6.3AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 13 hours ago7 views

PT-2026-57656

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The message confirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, t...

9.6CVSS6.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57784

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows Reflected XSS.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.15.0.8...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57788

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...

7.2CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57739

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.13...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57736

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.2.2...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago5 views

PT-2026-57669

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS6.7AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57682

Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment – Instant Payments,...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago6 views

PT-2026-57635

The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...

6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago5 views

PT-2026-57651

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS...

8.7CVSS6.1AI score
Exploits1References2
Positive Technologies
Positive Technologies
added 13 hours ago5 views

PT-2026-57616

A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix thi...

6.5CVSS6.5AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57710

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Stored XSS.This issue affects Proxy & VPN Blocker: from n/a through = 3.5.8...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57727

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue affects SiteGround Email Marketing: from n/a through = 1.7.5...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago6 views

PT-2026-57607

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompress R2004 section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The...

5.3CVSS6.1AI score
Exploits0References11
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57748

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects Membership For WooCommerce: from n/a through = 3.1.0...

8.6CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57795

Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...

4.9CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago6 views

PT-2026-57644

A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. T...

5.8CVSS5.7AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57791

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through = 3.0.2...

7.6CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago5 views

PT-2026-57649

A vulnerability was determined in Shibby Tomato up to 1.28.0000. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has be...

9CVSS7.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 13 hours ago5 views

PT-2026-57620

Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

6.1CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 13 hours ago6 views

PT-2026-57638

The WP Job Portal WordPress plugin before 2.5.5 does not perform capability or ownership checks before allowing job moderation actions, allowing authenticated users with a subscriber-level self-registerable account to approve, feature, or reject arbitrary jobs, including those owned by other user...

6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago5 views

PT-2026-57650

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...

9.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago6 views

PT-2026-57642

A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the...

7.5CVSS6.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 13 hours ago5 views

PT-2026-57608

A vulnerability was identified in makafeli n8n-workflow-builder up to 0.11.0. Affected is an unknown function of the file build/server.cjs of the component update node from file. The manipulation of the argument filePath leads to path traversal. An attack has to be approached locally. The exploit...

5.3CVSS5.7AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57783

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through = 1.55.0.2...

7.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57747

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through = 1.5.2...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57720

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.1.0...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57806

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to check the manage shared channels permission in the /share-channel autocomplete handler, which allows an authenticated user without that permission to enumerate configured remote cluster connection metadata via slash...

4.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago6 views

PT-2026-57630

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the fina...

6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 13 hours ago4 views

PT-2026-57740

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Gallery: from n/a through = 5.1.0...

7.1CVSS6.1AI score
Exploits0References2
Total number of security vulnerabilities184728