Lucene search
K
PtsecurityRecent

185026 matches found

Positive Technologies
Positive Technologies
added 18 hours ago4 views

PT-2026-57959

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 18 hours ago8 views

PT-2026-57987

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago7 views

PT-2026-57938

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 18 hours ago7 views

PT-2026-57931

A weakness has been identified in mosaxiv clawlet up to 0.2.10. The impacted element is the function web fetch of the file tools/tool web fetch.go of the component IPv4 Handler. This manipulation of the argument url causes server-side request forgery. The attack can be initiated remotely. The...

7.5CVSS6.4AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 18 hours ago7 views

PT-2026-57934

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function read file/write file/edit file of the file tools/fs ops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue...

5.3CVSS5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57958

A weakness has been identified in louisho5 picobot up to 0.2.0. Impacted is the function CreateSkill/GetSkill of the file internal/agent/tools/filesystem.go of the component Workspace Handler. Executing a manipulation can lead to link following. It is possible to launch the attack remotely. The...

6.5CVSS6.3AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57986

In Eclipse Vert.x versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, DefaultRedirectHandler vertx-core propagates all request headers as-is across cross-origin HTTP 30x redirects. Only Content-Length is stripped; no origin comparison scheme, host, port is performed before copyin...

8.2CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57967

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57964

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced variable/hidden payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-58023

A security vulnerability has been detected in Tenda BE12 Pro 16.03.66.23. This issue affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit ha...

9CVSS7.4AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57952

A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/create video byteplus.go of the component invoke Endpoint. The manipulation of the argument output.video url leads to server-sid...

6.5CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 18 hours ago7 views

PT-2026-58021

A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the linker.exe Siman component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute...

7CVSS6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57999

The fix for CVE-2026-0716 commit 6ff7ef0, libsoup 3.6.6 placed the integer overflow guard inside the if masked block, leaving unmasked server-to-client frames unprotected. A malicious WebSocket server can send a crafted unmasked frame with a payload length near UINT64 MAX to trigger an OOB read i...

4.8CVSS6.1AI score0.00257EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57963

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57956

A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This vulnerability affects the function handleNavigate of the file pkg/browser/tool.go. Such manipulation of the argument args.targetUrl leads to information disclosure. The attack may be performed from remote. The...

5.3CVSS5.9AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57953

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/exec approval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...

6.5CVSS5.8AI score
Exploits0References13
Positive Technologies
Positive Technologies
added 18 hours ago7 views

PT-2026-57945

SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...

5.5CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 18 hours ago7 views

PT-2026-57935

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57939

SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...

3.7CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57992

Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57998

A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...

8.5CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-58001

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the is matched method, = was evaluated using Perl's le operator...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57962

The Ultimate Before After Image Slider & Gallery WordPress plugin before 4.7.1 does not escape the value of the BEAF Slider widget's shortcode field before outputting it on the front end the value is passed through do shortcode, which echoes non-shortcode content verbatim, allowing users with...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57969

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS6.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57941

Due to a Cross-Site Scripting XSS vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions...

4.7CVSS6.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 18 hours ago7 views

PT-2026-57933

A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool web fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

6.5CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 18 hours ago7 views

PT-2026-57940

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...

6.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 18 hours ago8 views

PT-2026-57937

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 18 hours ago7 views

PT-2026-57936

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...

8.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 18 hours ago7 views

PT-2026-57942

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57974

🔴 NukeViet, Path Traversal to Arbitrary File Deletion, CVE-2026-54065 High -DC-Jul2026-955 https://t.co/yASozOdaJS...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57976

🔴 DIRAC FileCatalog DatasetManager Remote Code Execution RCE via SQL Injection + eval — CVE-2026-61667 Critical -DC-Jul2026-956 https://t.co/bT2K4jS01F...

6.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57991

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decode headers/5 and Mint.HTTP1.decode trailer headers/4 functions in lib/mint/http1.ex accumulate every parsed...

8.2CVSS6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57997

Eclipse Kura versions prior to 5.6.2 trust the client-supplied X-Forwarded-For HTTP header as the authoritative source of the client IP address in audit log entries. The org.eclipse.kura.web2 Web Console and org.eclipse.kura.rest.provider REST API components use this header as the primary IP sour...

8.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago7 views

PT-2026-57961

A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...

5.3CVSS5.8AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57966

The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, via a property-oriented gadget chain bundled with the Newsletters WordPress plugin before 4.15, wri...

6.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57950

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.2AI score
Exploits0References10
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57951

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wp ajax nopriv registration action AJAX action, lacks any nonce verification or capability check,...

5.3CVSS6AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57949

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function get workspace file of the file executor manager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument user id can lead to authorization bypass. The attack may be launched...

6.9CVSS5.9AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57995

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57984

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57993

Insufficient Technical Documentation vulnerability in Apache Tomcat since the requirements to securely configure the EncryptInterceptor were not clearly documented. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.13 through 9.0.119, from...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57971

A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to t...

7.5CVSS6.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57970

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS6.7AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57996

In Eclipse Jetty, an HTTP URI of this form: /public;/../admin/secret.txt results in an unresolved path of: /public/../admin/secret.txt instead of the expected: /admin/secret.txt Jetty itself is not affected, as it will not serve the secret.txt file because it will not pass the alias checker only...

5.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago7 views

PT-2026-57954

The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the customer-area-protected-content shortcode in all versions up to, and including, 8.3.5. This is due to insufficient input sanitization and output escaping on the shortcode...

6.4CVSS6.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 18 hours ago5 views

PT-2026-57955

A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/tool bridge.go of the component ACP ToolBridge Workspace Handler. This manipulation causes path traversal. The attack is possible to be carried out...

6.5CVSS6.3AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57968

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/add judges.php. This manipulation of the argument fname causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and...

6.5CVSS6.5AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57980

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 18 hours ago6 views

PT-2026-57972

A security vulnerability has been detected in code-projects Online Job Portal 1.0. This impacts an unknown function of the file /Admin/DetailJob.php. The manipulation leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may ...

5.1CVSS4.6AI score
Exploits0References7
Total number of security vulnerabilities185026