Lucene search
K
PtsecurityRecent

184873 matches found

Positive Technologies
Positive Technologies
added 4 hours ago4 views

PT-2026-57941

Due to a Cross-Site Scripting XSS vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions...

4.7CVSS6.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57940

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...

6.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago4 views

PT-2026-57944

SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy CSP configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application...

4.1CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago4 views

PT-2026-57945

SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...

5.5CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago2 views

PT-2026-57951

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wp ajax nopriv registration action AJAX action, lacks any nonce verification or capability check,...

5.3CVSS6AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 4 hours ago2 views

PT-2026-57953

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/exec approval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...

6.5CVSS5.8AI score
Exploits0References13
Positive Technologies
Positive Technologies
added 4 hours ago2 views

PT-2026-57952

A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/create video byteplus.go of the component invoke Endpoint. The manipulation of the argument output.video url leads to server-sid...

6.5CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 4 hours ago3 views

PT-2026-57954

The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the customer-area-protected-content shortcode in all versions up to, and including, 8.3.5. This is due to insufficient input sanitization and output escaping on the shortcode...

6.4CVSS6.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 4 hours ago2 views

PT-2026-57949

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function get workspace file of the file executor manager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument user id can lead to authorization bypass. The attack may be launched...

6.9CVSS5.9AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57938

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57937

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57934

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read file/write file/edit file of the file tools/fs ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue...

5.3CVSS5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57942

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57943

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57946

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57931

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web fetch of the file tools/tool web fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The...

7.5CVSS6.4AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57936

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...

8.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago3 views

PT-2026-57939

SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...

3.7CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago3 views

PT-2026-57948

SAP Change and Transport System Attach Tool ctsattach allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application�s library, can trigger insecure deserialization and lead to remote code execution RCE on the system. Successful exploitation...

7.6CVSS6.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago3 views

PT-2026-57950

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.2AI score
Exploits0References10
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57947

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...

4.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57932

SAProuter on Microsoft Windows allows an unauthenticated attacker to load library DLL files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impac...

8.4CVSS6.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57935

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 hours ago5 views

PT-2026-57933

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool web fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

6.5CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57627

A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit...

5.8CVSS5.9AI score0.00248EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57614

A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scan project icons/sync icon. Such manipulation of the argument icons file leads to path traversal. An attack has to be approached locally. The exploit has been disclos...

5.3CVSS5.6AI score0.0014EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57670

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS6.1AI score0.00203EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57672

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...

9.3CVSS6.1AI score0.00422EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57675

The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL...

8.7CVSS6.1AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57678

The NPC start endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS6.1AI score0.0131EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57680

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

6.1AI score0.00204EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday10 views

PT-2026-57692

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through = 2.15.3...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 5.1...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57697

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in appsbd Vitepos vitepos-lite allows Blind SQL Injection.This issue affects Vitepos: from n/a through = 3.4.2...

8.5CVSS6.1AI score0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57698

Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through 2.9.1...

8.8CVSS6.1AI score0.00417EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57666

A vulnerability in Thales CERT "Suspicious" application = 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent...

9.2CVSS6.4AI score0.00704EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57668

In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the...

4.5CVSS6.1AI score0.0033EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57671

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS6.1AI score0.00976EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57673

The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution...

9.3CVSS6.2AI score0.0027EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57674

Various sensitive information such as passwords and charging card UIDs are written to log files...

9.2CVSS6.1AI score0.00332EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57677

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...

9.3CVSS6.3AI score0.00431EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57681

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud ChatBot chatbot allows Stored XSS.This issue affects ChatBot: from n/a through = 8.3.7...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57682

Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment – Instant Payments,...

6.5CVSS6.1AI score0.00351EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Builder themify-builder allows Reflected XSS.This issue affects Themify Builder: from n/a through = 7.7.4...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57687

Server-Side Request Forgery SSRF vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through = 7.0...

7.2CVSS6.1AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57689

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.3...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57690

Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through = 1.6.8...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57691

Missing Authorization vulnerability in Phil Kurth Advanced Forms advanced-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Forms: from n/a through = 1.9.3.7...

7.5CVSS6.1AI score0.00346EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows Reflected XSS.This issue affects PropertyHive: from n/a through = 2.2.3...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57695

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mitchell Bennis Simple File List simple-file-list allows Reflected XSS.This issue affects Simple File List: from n/a through = 6.3.8...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References2
Total number of security vulnerabilities184873