Lucene search
K
PtsecurityRecent

187114 matches found

Positive Technologies
Positive Technologies
added 7 hours ago6 views

PT-2026-60352

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 7 hours ago6 views

PT-2026-60402

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twitter message' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS6.2AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 7 hours ago4 views

PT-2026-60409

The SEO Booster plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

4.9CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 7 hours ago6 views

PT-2026-60410

The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sort field' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

4.9CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 7 hours ago7 views

PT-2026-60407

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because Mo SAML Utilities::mo saml cast key reads the SignatureMethod Algorithm attribute...

9.8CVSS6AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 7 hours ago6 views

PT-2026-60403

The Catch Themes Demo Import plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.3. This is due to the catch themes demo import activate plugin function, hooked on admin init when the activate plugin GET parameter is present, calling Plugin...

4.3CVSS6.1AI score
Exploits0References11
Positive Technologies
Positive Technologies
added 7 hours ago4 views

PT-2026-60397

The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.3.6. This is due to missing or incorrect nonce validation on the ulpb admin ajax function...

4.3CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 7 hours ago6 views

PT-2026-60405

Loki queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy...

7.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 7 hours ago4 views

PT-2026-60404

The Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'align' Block Attribute in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 7 hours ago7 views

PT-2026-60398

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitize status. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts...

4.3CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 7 hours ago5 views

PT-2026-60399

The Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 's' and 'match' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...

7.5CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 7 hours ago9 views

PT-2026-60350

A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument kd cs leads to authorization bypass. The attack is possible to be carried out remotely. This...

6.5CVSS6.3AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 7 hours ago7 views

PT-2026-60400

The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'order by' parameter in all versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 7 hours ago8 views

PT-2026-60351

A flaw was found in Keycloak. When the JSON Web Token JWT authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper...

8.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 7 hours ago5 views

PT-2026-60406

The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.2CVSS6.2AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 7 hours ago8 views

PT-2026-60401

The MxChat – AI Chatbot & Content Generation for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 7 hours ago6 views

PT-2026-60408

The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and including, 7.6.1 due to insufficient input sanitization and output escaping. This makes it possible...

6.1CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60287

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60291

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which...

6.3CVSS6.1AI score0.00032EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60245

Dell ThinOS 10, versions prior to 2605 10.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthorized access to encrypted data...

6.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60223

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60170

Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.8CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60179

When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane...

7.1CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58930

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure...

7.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58886

Notepad++ vulnerabilities now have public PoC exploit code. CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233 are fixed in v8.9.7. Update now. NotepadPlusPlus PathTraversal ZipSlip CVE InfoSec https://t.co/OYi5XPXTS9...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58887

Notepad++ vulnerabilities now have public PoC exploit code. CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233 are fixed in v8.9.7. Update now. NotepadPlusPlus PathTraversal ZipSlip CVE InfoSec https://t.co/OYi5XPXTS9...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60125

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58888

Notepad++ vulnerabilities now have public PoC exploit code. CVE-2026-52886, CVE-2026-54758, and CVE-2026-57233 are fixed in v8.9.7. Update now. NotepadPlusPlus PathTraversal ZipSlip CVE InfoSec https://t.co/OYi5XPXTS9...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60108

Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...

6.9CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60206

NGINX Plus and NGINX Open Source have a vulnerability in the ngx http slice module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the...

8.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60134

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...

6.9CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60126

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.1CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60128

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60124

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60176

A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions,...

5.9CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60284

Our latest Scorpion Labs blog dives into the research behind CVE-2026-20374, covering UART access, Ghidra, remote debugging, ROP chains, and embedded exploit development. Read the full blog: https://t.co/6bUfLFjkfC https://t.co/9lHSOGJjJY...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60220

Name of the Vulnerable Software and Affected Versions Cisco RoomOS affected versions not specified Description Improper input validation occurs within the software, which is a failure to properly verify that input data is correct and safe before processing it. Recommendations At the moment, there...

7.5CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60129

Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability...

6.6CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60356

MantisBT 2.28.3 and earlier contains a critical authentication bypass in the SOAP API's mci check login function. Any user knowing any valid cookie string can authenticate as any other user knowing their username, including the administrator, without knowing the target's password. The vulnerabili...

9.3CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60234

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the edit local apps and install apps capabilities could cause a legitimate app...

7.2CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60163

A flaw was found in samba's pam winbind. When mkhomedir is enabled, pam winbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory a common default for system accounts ca...

6.1CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60185

When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Impact: System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote,...

8.7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60169

Design defect vulnerability in Expedition mode. Impact: Successful exploitation of this vulnerability may affect availability...

4.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60171

DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60186

The NGINX Agent config dirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config dirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow...

6.4CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60164

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60183

When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...

8.7CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60165

ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot. This...

7.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60167

Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.6CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60184

NGINX Plus and NGINX Open Source have a vulnerability in the ngx http ssi module module. This vulnerability may exist when the Server-Side Includes SSI, proxy pass, and proxy buffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM...

8.3CVSS6.2AI score
Exploits0References2
Total number of security vulnerabilities187114