Lucene search
K
PtsecurityRecent

187039 matches found

Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60245

Dell ThinOS 10, versions prior to 2605 10.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthorized access to encrypted data...

6.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60234

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the edit local apps and install apps capabilities could cause a legitimate app...

7.2CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60130

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS6.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60147

Grav v2.0.0 contains a cross-site scripting vulnerability fixed in 2.0.1. The XSS blueprint validator Security::detectXss runs on raw page content before Twig processing. When Twig content processing is enabled twig content.process enabled: true, an attacker with page-write API permission can use...

6.1CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60127

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.1CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60223

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60170

Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.8CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60197

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. Prior to 2.0.0, Stirling-PDF's /get-info-on-pdf endpoint rendered PDF Title and Author metadata fields without proper HTML encoding or sanitization, allowing a crafted PDF to execute...

6.1CVSS6.2AI score0.0006EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60179

When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane...

7.1CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58930

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure...

7.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60155

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs...

2.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60121

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60140

PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor. exec inline python due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system calls that bypass sandb...

7.3CVSS6.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60144

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPMInstaller. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding system.gpm.archive.max...

7.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60182

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPrefix in pkg/webdav/webdav.go joins the decoded request suffix to the account root with...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60194

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, the SSRF protection on Directus's file-import-from-URL feature can be bypassed using the address 0.0.0.0 because api/src/request/is-denied-ip.ts treats 0.0.0.0 as a keyword for local interfaces but...

7.7CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58886

Notepad++ vulnerabilities now have public PoC exploit code. CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233 are fixed in v8.9.7. Update now. NotepadPlusPlus PathTraversal ZipSlip CVE InfoSec https://t.co/OYi5XPXTS9...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-60199

Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot's remote image import passed the user-controlled url from frontend/src/app/main/data/workspace/media.cljs into the backend RPC method :create-file-media-object-from-url in...

7.7CVSS6.2AI score0.00032EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-60209

Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection can read arbitrary files from the Metabase server's filesystem by adding unsafe JDBC parameters t...

7.6CVSS6.2AI score0.00037EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-58931

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM company id-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60159

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the MIFF encoder that occurs when a memory allocation fails during MIFF image processing, which can lead to denial of service...

2.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60141

PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to...

7.1CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60152

ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...

2.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60117

n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth a non-default configuration. In affected releases — before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0 — the authentication check on the Chat Trigger webhook endpoint can be circumvented,...

6.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60116

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58887

Notepad++ vulnerabilities now have public PoC exploit code. CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233 are fixed in v8.9.7. Update now. NotepadPlusPlus PathTraversal ZipSlip CVE InfoSec https://t.co/OYi5XPXTS9...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60157

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memory exhaustion and denial of service...

2.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60129

Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability...

6.6CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60153

ImageMagick before 7.1.2-26 and 6.x before 6.9.13-51 contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak...

2.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60125

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60214

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....evil.sh into the...

6.8CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60156

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion...

2.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60122

Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing...

6.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60151

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already freed. This can be triggered during image processing and may lead to a denial of service...

6.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-60175

Linux Mint 23 fully supports Wayland and has fixed a serious security vulnerability in mintupdate CVE-2026-59159. Users are advised to update their systems as soon as possible to ensure their security. https://t.co/p55m3tpDPq...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58888

Notepad++ vulnerabilities now have public PoC exploit code. CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233 are fixed in v8.9.7. Update now. NotepadPlusPlus PathTraversal ZipSlip CVE InfoSec https://t.co/OYi5XPXTS9...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60161

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memory not to be released, which can lead to increased memory consumption...

2.5CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60154

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released...

2.9CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60108

Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...

6.9CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60132

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60198

Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teams invitations.clj invitation tokens from create-team-invitations, embedded an existing profile id in auth.clj prepare-register-profile, and had auth.clj register-profile issue a session bas...

9.9CVSS6.1AI score0.00083EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60206

NGINX Plus and NGINX Open Source have a vulnerability in the ngx http slice module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the...

8.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60210

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the user's norm...

8.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60120

open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with allow origins= and authenticated requests to the /api/v1/functions endpoint. Attackers can execute arbitrary code on the openwebui instance by crafting malicious cross-site requests...

9CVSS6.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60207

Nixpkgs is a collection of software packages that can be installed with the Nix package manager. Prior to the 25.11 and 26.05 channel fixes, the NixOS module for MySQL services.mysql initializes the MySQL database in a way that allows local users, such as unprivileged web or CGI processes on the...

8.5CVSS6.1AI score
Exploits0References8
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60134

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...

6.9CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60126

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.1CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60200

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.234, Tabby inserts dropped file paths from tabby-electron/src/pathDrop.ts into the active shell without neutralizing command substitution metacharacters such as $… and …, so the incomplete CVE-2026-45038 fix for...

7.8CVSS6.4AI score0.00025EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60114

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST SECURITY DEFINER RPC function public.rescind invitation that allows unauthenticated attackers to enumerate organization existence. The function returns distinct error messages NO ORG vs N...

8.7CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-60158

ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion denial of service...

6.3CVSS6.1AI score
Exploits0References3
Total number of security vulnerabilities187039