Lucene search
+L
PtsecurityRecent

187663 matches found

Positive Technologies
Positive Technologies
•added 23 hours ago•3 views

PT-2026-60984

Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component reachable to any process on the device via the android.intent.action.SEND intent and accepts the file to share as a URI supplied through the android.intent.extra.STREAM extra. The activity does not validate or filte...

6.8CVSS5.4AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 23 hours ago•3 views

PT-2026-60983

ProFTPD mod sftp contains a heap-based buffer overflow reachable by an authenticated SFTP user. The fxp packet read function accepts the attacker-supplied 32-bit big-endian SFTP packet length without a minimum sanity check. A value of 0 causes an unsigned subtraction elsewhere in the read path to...

7.7CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 23 hours ago•3 views

PT-2026-60981

A flaw has been found in LiuMengxuan04 MiniCode 0.1.0. Affected by this vulnerability is the function child process.spawn of the file mcp.ts. Executing a manipulation can lead to command injection. The attack can be launched remotely. The attack requires a high level of complexity. The exploitati...

5.1CVSS5AI score
Exploits0References9
Positive Technologies
Positive Technologies
•added 23 hours ago•4 views

PT-2026-60982

A vulnerability was found in RobinHerbots Inputmask up to 5.0.9. Affected by this issue is the function extendDefaults/extendDefinitions/extendAliases in the library lib/dependencyLibs/extend.js of the component Internal Deep Merge Helper. The manipulation results in improperly controlled...

6.5CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 23 hours ago•3 views

PT-2026-60987

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /edit room1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The...

7.5CVSS7AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 23 hours ago•3 views

PT-2026-60980

A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /prescriptionrecord.php. This manipulation of the argument delid causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to...

6.5CVSS5.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 23 hours ago•3 views

PT-2026-60979

A vulnerability was identified in nearai ironclaw up to 0.29.1. The affected element is the function validate path of the file src/tools/builtin/path utils.rs of the component write file. The manipulation leads to link following. Local access is required to approach this attack. The exploit is...

4.8CVSS4.7AI score
Exploits0References9
Positive Technologies
Positive Technologies
•added 23 hours ago•3 views

PT-2026-60989

The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the error message GET parameter is passed directly to wc add notice in flowpayment-fl.php lines 57-58 withou...

6.1CVSS5AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 23 hours ago•3 views

PT-2026-60986

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /edit rooma.php. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made publi...

7.5CVSS7.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 23 hours ago•3 views

PT-2026-60988

A stored cross-site scripting XSS vulnerability exists in the POST /api/prompts/share endpoint of parisneo/lollms latest version. The endpoint stores attacker-controlled prompt content into DBDirectMessage.content without server-side sanitization. When a victim opens the direct message DM thread,...

8.7CVSS7.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 23 hours ago•3 views

PT-2026-60985

A vulnerability has been found in CartoDB carto-api-client 0.5.29. This impacts the function addFilter of the file src/filters.ts. Such manipulation of the argument column leads to improperly controlled modification of object prototype attributes. The attack can be executed remotely. The project...

6.5CVSS6.3AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 23 hours ago•7 views

PT-2026-60920

The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the storeInfo function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS5.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 23 hours ago•10 views

PT-2026-60921

A vulnerability has been found in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chat send of the file astrbot/dashboard/routes/open api.py of the component API. Such manipulation of the argument Username leads to authentication bypass by spoofing. It is possible t...

6.5CVSS6.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60961

Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segment is URL-encoded. Fastify's router URL-decodes paths for route matching, but request.url retains the original encoded form, and the prefix-rewrite step uses a literal string...

10CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60938

SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time function that panics when unwrap is called on a None result from timestamp opt. Authorized clients can repeatedly invoke rand::time to reliably trigger server panics and cause denial of service...

7.1CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 23 hours ago•6 views

PT-2026-60933

A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This affects the function sub 40BB50 of the file /proc/webmon recent domains. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This project is superseded by...

9CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 23 hours ago•6 views

PT-2026-60928

VMware Avi Load Balancer contains an authorization bypass vulnerability. A malicious actor on the network can access a limited subset of the Avi Control Plane without proper authorization. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6...

8.3CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 23 hours ago•6 views

PT-2026-60922

A vulnerability was found in AstrBotDevs AstrBot up to 4.25.5. Impacted is the function normalize rw path of the file astrbot/core/tools/computer tools/fs.py of the component Filesystem Computer-Use Tool. Performing a manipulation results in link following. The attack is only possible with local...

5.3CVSS5.3AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 23 hours ago•7 views

PT-2026-60929

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be able to access the Avi Control plane and execute code remotely. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in...

8.7CVSS6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60930

VMware Avi Load Balancer contains a local privilege escalation vulnerability. A malicious user with local access may be able to escalate their privileges to run code as root. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in 30.2.7...

7.8CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60927

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. Affected is the function NewContextBuilder of the file pkg/agent/context.go. Such manipulation leads to inclusion of functionality from untrusted control sphere. The attack needs to be performed locally. The exploit has be...

5.3CVSS5.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 23 hours ago•8 views

PT-2026-60926

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function web fetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and...

7.5CVSS6.9AI score
Exploits0References9
Positive Technologies
Positive Technologies
•added 23 hours ago•6 views

PT-2026-60924

A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipeline execute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is public...

5.3CVSS5.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 23 hours ago•6 views

PT-2026-60923

A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

5.3CVSS4.5AI score
Exploits0References9
Positive Technologies
Positive Technologies
•added 23 hours ago•6 views

PT-2026-60925

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The...

6.9CVSS5.5AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 23 hours ago•12 views

PT-2026-60919

A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.get chat sessions of the file astrbot/dashboard/routes/open api.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass. It ...

5.3CVSS4.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60932

A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setup conntrack of the file /sbin/rc. Executing a manipulation of the argument ct tcp timeout can lead to out-of-bounds write. The attack may be performed from remote. This project is...

9CVSS7.5AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60931

A vulnerability was detected in halo-dev halo up to 2.24.2. Affected by this vulnerability is the function Download of the file MigrationEndpoint.java of the component Files Backup Endpoint. Performing a manipulation results in path traversal. The attack is possible to be carried out remotely. Th...

5.8CVSS4.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 23 hours ago•3 views

PT-2026-60977

A vulnerability has been found in princezuda SafestClaw up to 4.2.4. This vulnerability affects the function ShellAction. validate command of the file src/safestclaw/actions/shell.py of the component Built-in Web Interface. Such manipulation leads to incomplete blacklist. An attack has to be...

5.3CVSS4.6AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60950

SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server...

7.1CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60943

SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...

6.3CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60934

A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the function sub 42537C of the component Scheduler Name Handler. The manipulation of the argument a1 results in stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by...

9CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 23 hours ago•6 views

PT-2026-60974

A vulnerability was identified in zevorn rt-claw up to 0.2.0. This affects the function claw net get/claw net post of the file claw/tools/tool net.c of the component http request. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

7.5CVSS5AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60971

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.15.0-beta.32. This affects the function CheckSSRF/isPrivateIP of the file internal/tools/web shared.go of the component web fetch. Such manipulation leads to server-side request forgery. The attack can be launched...

6.5CVSS4.9AI score
Exploits0References10
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60935

Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...

8.7CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60969

A security flaw has been discovered in nextlevelbuilder GoClaw up to 3.13.2. Affected by this vulnerability is the function extractBin/RequestApproval/matchesAllowlist of the file internal/tools/exec approval.go. The manipulation results in incorrect authorization. The exploit has been released t...

4.8CVSS4.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 23 hours ago•6 views

PT-2026-60973

A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handle rpc request of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. T...

7.5CVSS5.1AI score
Exploits0References9
Positive Technologies
Positive Technologies
•added 23 hours ago•6 views

PT-2026-60972

A vulnerability was found in zevorn rt-claw up to 0.2.0. The affected element is the function claw net get/claw net post of the file claw/services/tools/net.c of the component http request. The manipulation of the argument url results in server-side request forgery. The attack can be executed...

7.5CVSS5AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60970

A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/tools invoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...

6.5CVSS5.1AI score
Exploits0References8
Positive Technologies
Positive Technologies
•added 23 hours ago•6 views

PT-2026-60975

A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This impacts the function receiver thread of the file claw/services/swarm/swarm.c of the component http request. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The...

7.5CVSS5.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60968

A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.2. Affected is the function isSafeBin of the file internal/tools/exec approval.go. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be...

6.5CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 23 hours ago•0 views

PT-2026-60994

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This issue affects the function dispatchIncoming of the file pkg/channels/wecom/wecom.go of the component Group Message Handler. The manipulation results in incorrect authorization. It is possible to launch the attack remotely. T...

6.5CVSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 23 hours ago•0 views

PT-2026-60991

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown part of the file /forexam.php. The manipulation of the argument day results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to...

5.1CVSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 23 hours ago•0 views

PT-2026-60992

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. This affects the function WebFetch.execute of the file agent/tools/web fetch/web fetch.py. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit ha...

6.5CVSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 23 hours ago•0 views

PT-2026-60993

QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain valid session tokens for existing accounts by submitting a signup request with a known victim email address. The signup route unconditionally creates and links a new token to the matching...

8.8CVSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 23 hours ago•0 views

PT-2026-60990

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /schoolyr.php. The manipulation of the argument sy leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...

5.1CVSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60963

A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/exec approval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit ha...

6.5CVSS6.1AI score
Exploits0References8
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60954

SurrealDB before 2.2.2 with scripting enabled fails to properly enforce recursion limits when native functions contain embedded JavaScript that issues new queries. Authenticated attackers can bypass the recursion limit by chaining native and JavaScript function calls to trigger infinite recursion...

6CVSS5.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 23 hours ago•7 views

PT-2026-60942

SurrealDB before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3 accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted...

8.8CVSS5.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 23 hours ago•5 views

PT-2026-60953

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table and field names in the command-line export command. An authenticated System User with OWNER or EDITOR roles can create tables or fields with malicious names containing SurrealQL. When a...

9.4CVSS5.3AI score
Exploits0References3
Total number of security vulnerabilities187663