Lucene search
+L
PtsecurityRecent

187471 matches found

Positive Technologies
Positive Technologies
added 17 hours ago11 views

PT-2026-60725

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...

6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago8 views

PT-2026-60623

OpenClaw versions before 2026.5.27 contain a token leakage vulnerability in MS Teams outbound requests that allows lower-trust callers to expose Bot Framework tokens. Attackers can access configured input paths to retrieve credentials that should remain within the trusted boundary...

6.5CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago5 views

PT-2026-60641

The Grav API plugin getgrav/grav-plugin-api before 1.0.6 contains an authorization bypass: API keys can be created with a restricted scopes array, but the ApiKeyAuthenticator class never reads or enforces these scopes. It loads and returns the owning user's full account object, so a key created...

8.6CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago8 views

PT-2026-60700

🧑‍🚒 released sbt 1.12.14 and 2.0.3, featuring - backport of CVE-2026-26032 fix for Ivy while sbt might not be affected - update to Jawn 1.7.0 for CVE-2026-59990 and CVE-2026-61814 fixes...

5.4CVSS6.1AI score0.00583EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 17 hours ago7 views

PT-2026-60716

Improper Handling of Length Parameter Inconsistency CWE-130 vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of...

6.3CVSS6.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 17 hours ago8 views

PT-2026-60715

Unsigned to Signed Conversion Error CWE-196 vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory...

6.3CVSS6.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 17 hours ago7 views

PT-2026-60635

OpenClaw versions before 2026.5.18 contain an authorization bypass vulnerability in skill command dispatch that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can bypass tool policy restrictions through configured input paths to perform...

5.4CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago5 views

PT-2026-60719

UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...

7.3CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60756

HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forger...

4.3CVSS5.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago3 views

PT-2026-60759

HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of...

3.7CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago3 views

PT-2026-60766

Missing support for integrity check vulnerability in ABB KNX Update Tool ABB, ABB KNX Update Tool BJE. This issue affects KNX Update Tool ABB: through 2.0.175; KNX Update Tool BJE: through 2.0.175...

6.4CVSS5.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 17 hours ago3 views

PT-2026-60764

HCL Aftermarket EPC is vulnerable to attack since HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are supported by the Web server which allows an attacker to narrow and intensify their efforts...

5.3CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60754

HCL Aftermarket EPC is vulnerable to attacks since the server software version used by the application is revealed by the web server. Displaying version information of software could allow an attacker to determine which vulnerabilities are present in the software, particularly if an outdated...

5.3CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago3 views

PT-2026-60763

HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing CORS policy for this request that allows access from any domain -Wildcard...

4.2CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60777

SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header...

9.3CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago3 views

PT-2026-60755

HCL Aftermarket EPC is vulnerable to attack since the server is not configured with “X-XSS-Protection" header...

4.3CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago3 views

PT-2026-60774

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60747

Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Proliz's OBS: before v3.6.0...

7.5CVSS5.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60753

HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration...

6.5CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60752

HCL Aftermarket EPC is vulnerable to email flooding as the application does not have a proper mail limitation mechanism at Forget Password functionality. The actor could b e a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program...

5.3CVSS5.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago3 views

PT-2026-60758

HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...

4.2CVSS5.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago3 views

PT-2026-60761

HCL Aftermarket EPC is vulnerable to attack since the application returns detailed error messages that leak information about the processing on the server. An attacker may use the contents of error messages to help launch another ,more focused attack...

5.3CVSS5.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago3 views

PT-2026-60757

HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...

4.3CVSS5.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago3 views

PT-2026-60760

HCL Aftermarket EPC is vulnerable to attack since It was found that a malicious actor can use brute-force techniques to either guess or confirm valid users in the system. Use renumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system...

5.3CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60772

A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 17 hours ago3 views

PT-2026-60762

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS5.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60741

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS5.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60775

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...

8.8CVSS6.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60769

A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface...

4.9CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 17 hours ago6 views

PT-2026-60718

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomatic call google ai function' function. This...

9.8CVSS6.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60776

SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...

8.1CVSS5.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60767

A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function run task of the file executor/app/api/v1/task.py. The manipulation of the argument callback url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is...

7.5CVSS7AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60768

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/tool cron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to th...

6.5CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 17 hours ago5 views

PT-2026-60771

libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were discovered to contain an XML External Entity XXE vulnerability...

5.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60773

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4 allows an attacker wit...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 17 hours ago5 views

PT-2026-60770

A flaw was found in the keycloak-services component of Red Hat Build of Keycloak. The issue occurs because OAuth 2.0 authorization codes are not properly bound to the client that originally requested them. An attacker who can intercept an authorization code can modify it to be redeemed by their o...

5.4CVSS5.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago8 views

PT-2026-60714

Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...

6.7CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 17 hours ago7 views

PT-2026-60616

OpenClaw versions before 2026.6.9 contain a missing authorization vulnerability in Discord moderation actions. In affected versions, a lower-trust caller or configured input path could perform moderation actions that should have required a stronger authorization or policy check. Practical impact...

7.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago8 views

PT-2026-60634

OpenClaw MS Teams before 2026.5.12 contain an authorization bypass vulnerability where the allowFrom feature binds to mutable display names. Attackers with lower-trust access can perform actions requiring stronger authorization by exploiting the mutable display name binding in the affected featur...

5.4CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago5 views

PT-2026-60732

Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo. An authenticated, but low-privileged user without system permissions may issue a remote command to gracefully shutdown system components compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver,...

5.7CVSS5.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 17 hours ago9 views

PT-2026-60707

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the check answer. This makes it possible for unauthenticated attackers to extract the correct-answer marker...

7.5CVSS6AI score
Exploits0References15
Positive Technologies
Positive Technologies
added 17 hours ago6 views

PT-2026-60642

Grav before 2.0.4 contains a two-factor authentication bypass vulnerability in the login plugin where the regenerate2FASecret task checks only user existence, not authorization, during the pending TOTP challenge window. Attackers who know the victim's password can call this task without a CSRF...

9.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago8 views

PT-2026-60646

grav-plugin-login before 3.8.11 contains a cross-site request forgery CSRF vulnerability in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated session user without any anti-CSRF nonce or Origin/Referer check. Because Grav core...

5.4CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago10 views

PT-2026-60740

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS5.3AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 17 hours ago4 views

PT-2026-60743

Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking. This issue affects NetGIS: from 5.0.66 before 7.2.2...

7.5CVSS5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 17 hours ago9 views

PT-2026-60710

The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.17.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6.2AI score
Exploits0References11
Positive Technologies
Positive Technologies
added 17 hours ago7 views

PT-2026-60680

The Smart Custom Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.0.7. This is due to insufficient input sanitization and output escaping of uploaded image attachment titles. This makes it possible for authenticated attackers, with...

6.4CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 17 hours ago5 views

PT-2026-60751

Insertion of sensitive information into sent data vulnerability in IKAS Technology Inc. E-Commerce allows Retrieve Embedded Sensitive Data. This issue affects E-Commerce: through 03062026...

7.5CVSS5.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 17 hours ago6 views

PT-2026-60717

The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'check in date' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 17 hours ago6 views

PT-2026-60628

OpenClaw 2026.1.20 before 2026.5.27 contain an authorization bypass vulnerability in the device.pair.approve feature that allows lower-trust callers to bypass role-management checks. Attackers can perform actions requiring stronger authorization by reaching the affected feature through configured...

8.8CVSS6.1AI score
Exploits0References2
Total number of security vulnerabilities187471