Lucene search
+L
PtsecurityRecent

187283 matches found

ptsecurity
ptsecurity
added 22 hours ago4 views

PT-2026-60434

The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplate function. This makes it possible for unauthenticated attackers to execute arbitrary PHP code on...

8.8CVSS6.3AI score
Exploits0References11
ptsecurity
ptsecurity
added 22 hours ago5 views

PT-2026-60435

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the fr token function in all versions up to, and including, 7.3.1.4. This makes it possible for...

8.1CVSS6.5AI score
Exploits0References8
ptsecurity
ptsecurity
added 22 hours ago5 views

PT-2026-19

Name of the Vulnerable Software and Affected Versions ViPNet Client ViPNet MFTP component, versions prior to 4.5.5 build 24733 Description Vulnerability in ViPNet Client component ViPNet MFTP. Recommendations Disable ViPNet on each host APM/server or update ViPNet Client 4 to version 4.5.5 buiild...

9CVSS6.1AI score
Exploits0References3
ptsecurity
ptsecurity
added 22 hours ago7 views

PT-2026-60459

Name of the Vulnerable Software and Affected Versions ubuntu-pro-client affected versions not specified Description An input validation and injection issue exists where the client constructs APT source files using data from the contract server response via the directives.suites and...

9CVSS6.5AI score
Exploits0References5
ptsecurity
ptsecurity
added 22 hours ago6 views

PT-2026-60493

LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to blind SQL injection in the ComparisonServlet component, allowing authenticated user to manipulate SQL queries via crafted input...

6.1AI score
Exploits0References3
ptsecurity
ptsecurity
added 22 hours ago6 views

PT-2026-60494

An Open Redirect vulnerability CWE-601 exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to the application's own origin, so a user who follows a crafted login link can be sent to an untrusted...

6.8CVSS6AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago4 views

PT-2026-60496

Microsoft UFO open-source framework for intelligent automation across devices and platforms. Prior to 3.0.7, the COMMAND RESULTS handler in ufo/server/ws/handler.py called get or create session in ufo/server/services/session manager.py without owner client id, allowing an authenticated client to...

6.5CVSS6.1AI score
Exploits0References4
ptsecurity
ptsecurity
added 22 hours ago7 views

PT-2026-60498

Perfect Support Ticketing & Document Management System through 1.7 contains a broken access control vulnerability that allows authenticated attackers with Agent-level privileges to manipulate the Support Agent assignment field of tickets by bypassing intended authorization checks. Attackers can a...

5.4CVSS6.1AI score
Exploits0References3
ptsecurity
ptsecurity
added 22 hours ago6 views

PT-2026-60527

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. From 0.96.0 until 0.140.0, authenticated users can rename uploaded files with path traversal sequences because app/models/model file.rb uses the user-controlled...

7.1CVSS6.1AI score0.00051EPSS
Exploits0References5
ptsecurity
ptsecurity
added 22 hours ago7 views

PT-2026-60520

During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system...

6.8CVSS6.1AI score
Exploits0References3
ptsecurity
ptsecurity
added 22 hours ago4 views

PT-2026-60451

A severe structural breakdown in core cloud identity protocols has escalated over the last 24 hours. Security researchers have publicly disclosed "TokenShifter", a critical TOCTOU Time-of-Check to Time-of-Use vulnerability tracked as CVE-2026-72134, heavily impacting OAuth 2.0 token issuance logi...

6.1AI score
Exploits0References1
ptsecurity
ptsecurity
added 22 hours ago6 views

PT-2026-60510

A potential out-of-bounds write vulnerability could allow a local privileged attacker to modify power management settings in System Management Mode...

6.8CVSS6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago5 views

PT-2026-60511

A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory...

6.7CVSS6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago4 views

PT-2026-60513

A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler...

6.7CVSS6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago9 views

PT-2026-60518

The Janssen Project is an open-source identity and access management IAM platform. Prior to 2.0.0, jans-auth-server accepts unsigned JWE request objects because JwtAuthorizationRequest skips inner signature validation when jwe.getSignedJWTPayload returns null, and...

5.3CVSS6.1AI score0.00044EPSS
Exploits0References5
ptsecurity
ptsecurity
added 22 hours ago5 views

PT-2026-60521

A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code...

7.3CVSS6.3AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago6 views

PT-2026-60533

Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template parameter from api controller.php without validation, and log controller.php later checks file exists and calls include View::getView$template, allowing an...

7.7CVSS6.2AI score0.00177EPSS
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago5 views

PT-2026-60509

LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to Local File Inclusion LFI in the OnlyOfficeEditor servlet class, allowing authenticated user to exploit path traversal flaws in the fileExt parameter, enabling unauthorized access to sensitive files outside the designated directories...

6AI score
Exploits0References3
ptsecurity
ptsecurity
added 22 hours ago6 views

PT-2026-60512

A potential out of bounds write vulnerability could allow a local privileged attacker to execute code in System Management Mode...

6.8CVSS6.2AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago4 views

PT-2026-60514

A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code...

7.3CVSS6.3AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago4 views

PT-2026-60515

A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS6.3AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago4 views

PT-2026-60517

rz-libdemangle is a Rizin library for demangling symbols. Prior to 6bf56d3, the Rust demangler in src/rust/rust v0.c can perform an out-of-bounds read when the demangler structure is not yet initialized. This issue is fixed in commit 6bf56d3...

5.5CVSS6.1AI score
Exploits0References4
ptsecurity
ptsecurity
added 22 hours ago5 views

PT-2026-60522

AWS Bedrock AgentCore Python SDK is an open-source Python library that provides client tools for building AI agents on the Amazon Bedrock AgentCore platform. Unintended logging of sensitive user content in the OpenTelemetry instrumentation in AWS Bedrock AgentCore Python SDK versions 1.4.8 and...

5.7CVSS6.1AI score
Exploits0References4
ptsecurity
ptsecurity
added 22 hours ago9 views

PT-2026-60401

The MxChat – AI Chatbot & Content Generation for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS6.2AI score
Exploits0References7
ptsecurity
ptsecurity
added 22 hours ago7 views

PT-2026-60416

The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read other users' private conversations and take over their conversation records when the discussions...

6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago9 views

PT-2026-60418

The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attackers to forge a recovery link that logs them in as another user when the automatic-login option is...

6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago8 views

PT-2026-60413

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the...

6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago7 views

PT-2026-60457

stoatchat delta versions before 20250210-1 0.8.2 contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft...

8.7CVSS6.1AI score
Exploits0References3
ptsecurity
ptsecurity
added 22 hours ago8 views

PT-2026-60421

The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed pos...

6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago6 views

PT-2026-60417

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile...

6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago8 views

PT-2026-60405

Loki queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy...

7.5CVSS6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago9 views

PT-2026-60402

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twitter message' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS6.2AI score
Exploits0References9
ptsecurity
ptsecurity
added 22 hours ago8 views

PT-2026-60410

The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sort field' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

4.9CVSS6.1AI score
Exploits0References6
ptsecurity
ptsecurity
added 22 hours ago5 views

PT-2026-60450

The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fields' parameter in versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.2CVSS6.2AI score
Exploits0References3
ptsecurity
ptsecurity
added 22 hours ago8 views

PT-2026-60420

The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action it allows any edit posts user, so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide,...

6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago7 views

PT-2026-60424

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable...

6.2AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago8 views

PT-2026-60423

The FunnelKit WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting against logged-in users who open a crafted pag...

6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago8 views

PT-2026-60400

The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'order by' parameter in all versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score
Exploits0References6
ptsecurity
ptsecurity
added 22 hours ago11 views

PT-2026-60350

A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument kd cs leads to authorization bypass. The attack is possible to be carried out remotely. This...

6.5CVSS6.3AI score
Exploits0References5
ptsecurity
ptsecurity
added 22 hours ago8 views

PT-2026-60425

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this by...

9.2CVSS6.2AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago6 views

PT-2026-60448

A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...

8.5CVSS6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago6 views

PT-2026-60409

The SEO Booster plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

4.9CVSS6.1AI score
Exploits0References6
ptsecurity
ptsecurity
added 22 hours ago9 views

PT-2026-60407

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because Mo SAML Utilities::mo saml cast key reads the SignatureMethod Algorithm attribute...

9.8CVSS6AI score
Exploits0References8
ptsecurity
ptsecurity
added 22 hours ago6 views

PT-2026-60442

The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.1AI score
Exploits0References7
ptsecurity
ptsecurity
added 22 hours ago5 views

PT-2026-60449

Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system...

6.7CVSS6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago8 views

PT-2026-60398

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitize status. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts...

4.3CVSS6.1AI score
Exploits0References7
ptsecurity
ptsecurity
added 22 hours ago6 views

PT-2026-60404

The Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'align' Block Attribute in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.2AI score
Exploits0References6
ptsecurity
ptsecurity
added 22 hours ago9 views

PT-2026-60414

The WP Job Portal WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level self-registerable account to perform SQL injection attacks...

6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago10 views

PT-2026-60415

The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier, allowing unauthenticated attackers to log in as any existing user, including administrators, as well ...

6.1AI score
Exploits0References2
ptsecurity
ptsecurity
added 22 hours ago7 views

PT-2026-60408

The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and including, 7.6.1 due to insufficient input sanitization and output escaping. This makes it possible...

6.1CVSS6.2AI score
Exploits0References7
Total number of security vulnerabilities187283