Lucene search
+L
PtsecurityRecent

187678 matches found

Positive Technologies
Positive Technologies
added 5 hours ago4 views

PT-2026-61038

A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This affects the function tool run script execute of the file claw/services/tools/script.c of the component Telegram-to-AI Tool Execution Flow. Performing a manipulation results in code injection. It is possible to initiate the...

7.5CVSS6.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 5 hours ago4 views

PT-2026-60999

A vulnerability has been found in zevorn rt-claw up to 0.2.0. This impacts the function claw tool invoke of the file claw/services/swarm/swarm.c of the component RPC Handler. The manipulation leads to incorrect authorization. Remote exploitation of the attack is possible. The exploit has been...

7.5CVSS6.7AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 5 hours ago4 views

PT-2026-61040

A security vulnerability has been detected in django-oauth django-oauth-toolkit 3.3.0. This issue affects the function load id token of the file oauth2 provider/oauth2 validators.py. The manipulation leads to session expiration. The attack can be initiated remotely. The project was informed of th...

6.5CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 5 hours ago4 views

PT-2026-61002

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /forCYS.php. Such manipulation of the argument course leads to cross site scripting. The attack may be performed from remote. The exploit is...

5.1CVSS3.4AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 5 hours ago4 views

PT-2026-61039

A weakness has been identified in Pluck CMS up to 4.7.21. This vulnerability affects the function htmlspecialchars decode of the file data/modules/albums/albums.admin.php of the component Albums Module. Executing a manipulation of the argument Info can lead to cross site scripting. It is possible...

4.8CVSS3.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 5 hours ago4 views

PT-2026-60998

A flaw has been found in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This affects the function ExecTool.Execute of the file goclaw/internal/tools/credentialed exec.go. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been published...

6.5CVSS6.2AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 5 hours ago4 views

PT-2026-61001

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /CYS.php. This manipulation of the argument course causes cross site scripting. The attack is possible to be carried out remotely. The...

5.1CVSS3.6AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 5 hours ago4 views

PT-2026-61000

A vulnerability was found in zevorn rt-claw up to 0.2.0. Affected is the function claw net get/claw net post of the file claw/services/tools/net.c of the component http request. The manipulation results in information disclosure. The attack can be executed remotely. The exploit has been made publ...

6.9CVSS5.4AI score
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60934

A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the function sub 42537C of the component Scheduler Name Handler. The manipulation of the argument a1 results in stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by...

9CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday10 views

PT-2026-60966

OpenPLC v3 contains a heap-based buffer overflow in the getData function in webserver/core/modbus master.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...

8.8CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60950

SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server...

7.1CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60970

A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/tools invoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...

6.5CVSS5.1AI score
Exploits0References8
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60962

A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/exec approval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...

6.5CVSS6.1AI score
Exploits0References8
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60935

Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...

8.7CVSS5.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60964

Uncontrolled Resource Consumption vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.1.13, from 10.0.0 through 10.1.2. Users are recommended to upgrade to version 9.1.14 or 10.1.3, which fixes the issue...

5.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-60974

A vulnerability was identified in zevorn rt-claw up to 0.2.0. This affects the function claw net get/claw net post of the file claw/tools/tool net.c of the component http request. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

7.5CVSS5AI score
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60961

Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segment is URL-encoded. Fastify's router URL-decodes paths for route matching, but request.url retains the original encoded form, and the prefix-rewrite step uses a literal string...

10CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60959

SurrealDB before 2.2.2 fails to validate HTTP redirects in http functions, allowing authenticated users to bypass deny-net restrictions by redirecting to blocked IP addresses. Attackers can host a public server that redirects to denied network targets, enabling server-side request forgery to acce...

5.8CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60955

SurrealDB versions before 2.2.2 contain a local file read vulnerability in the DEFINE ANALYZER statement that allows authenticated users to read arbitrary files on the file system. Attackers with root, namespace, or database level privileges can point analyzers to arbitrary file paths and...

2.3CVSS5.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday10 views

PT-2026-60944

SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries with errors on line terminator characters. Authorized clients can submit malformed queries that trigger a panic in the span rendering code, crashing the server and causing...

7.1CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60942

SurrealDB before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3 accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted...

8.8CVSS5.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-60939

SurrealDB versions before 2.1.0 contain a denial of service vulnerability in role conversion that allows privileged owner users to define users with nonexistent roles. Attackers can trigger an uncaught panic by signing in with a user assigned an invalid role, crashing the server...

6.9CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60954

SurrealDB before 2.2.2 with scripting enabled fails to properly enforce recursion limits when native functions contain embedded JavaScript that issues new queries. Authenticated attackers can bypass the recursion limit by chaining native and JavaScript function calls to trigger infinite recursion...

6CVSS5.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday11 views

PT-2026-60948

SurrealDB versions before 1.1.0 fail to properly parse the ID, DB, and NS headers in HTTP REST API requests containing special characters. Unauthenticated attackers can send crafted HTTP requests with malformed header values to trigger an uncaught exception that crashes the server...

8.7CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60963

A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/exec approval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit ha...

6.5CVSS6.1AI score
Exploits0References8
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60947

SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE, and DELETE operations, allowing authorized users to access unauthorized field values through various query techniques. Attackers can exploit SELECT VALUE operations, field aliasing, function argument...

7.1CVSS5.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60985

A vulnerability has been found in CartoDB carto-api-client 0.5.29. This impacts the function addFilter of the file src/filters.ts. Such manipulation of the argument column leads to improperly controlled modification of object prototype attributes. The attack can be executed remotely. The project...

6.5CVSS6.3AI score
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-60975

A security flaw has been discovered in zevorn rt-claw up to 0.2.0. This impacts the function receiver thread of the file claw/services/swarm/swarm.c of the component http request. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The...

7.5CVSS5.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-60958

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permissions at the root, namespace, or database level to define custom database functions via DEFINE FUNCTION using nested FOR loops. Although a single loop's iteration count is...

7.1CVSS5.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60940

SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand clause. Authorized clients can execute queries with ORDER BY rand to trigger a panic in the sorting function, crashing the server...

7.1CVSS5.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60932

A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setup conntrack of the file /sbin/rc. Executing a manipulation of the argument ct tcp timeout can lead to out-of-bounds write. The attack may be performed from remote. This project is...

9CVSS7.5AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday11 views

PT-2026-60941

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...

7.1CVSS5.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday12 views

PT-2026-60945

SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server...

7.1CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60920

The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the storeInfo function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS5.2AI score0.00156EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60923

A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

5.3CVSS4.5AI score0.00166EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60960

Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite prefix. The WebSocket routing path in WebSocketProxy.findUpstream resolves the destination via the WHATWG URL constructor, which...

8.7CVSS5.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-60937

SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used on tables defined with TYPE RELATION. Because table definitions include the PERMISSIONS clause, an attempt to tighten a table's permissions via OVERWRITE does not take effect, a...

2.3CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday10 views

PT-2026-60956

SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace function that fails to restrict resulting string length when using regex patterns. An authenticated attacker can craft a malicious query to exhaust server memory through unbounded string allocations,...

7.1CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-61036

A new vulnerability with increased severity was disclosed for Google Chrome CVE-2026-15904 https://t.co/Tx211X8knu...

5.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-61037

A severe vulnerability was disclosed for Google Chrome CVE-2026-15905 https://t.co/adqLf1ahHn...

5.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-61035

There is a new vulnerability with elevated criticality in Google Chrome CVE-2026-15903 https://t.co/oVEB8500q4...

5.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60995

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Impacted is the function isPrivateOrRestrictedIP of the file pkg/tools/integration/web.go of the component web fetch. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been mad...

6.5CVSS6.1AI score
Exploits0References9
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60992

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. This affects the function WebFetch.execute of the file agent/tools/web fetch/web fetch.py. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit ha...

6.5CVSS4.9AI score
Exploits0References10
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60997

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. The impacted element is an unknown function of the file web/backend/middleware/access control.go of the component First Run Setup. Performing a manipulation of the argument allowed cidrs results in authentication bypass using alternate...

6.3CVSS5AI score
Exploits0References9
Positive Technologies
Positive Technologies
added yesterday10 views

PT-2026-60957

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 does not enforce a default execution-time limit on embedded JavaScript scripting functions when the scripting capability is explicitly enabled via --allow-scripting or --allow-all. An authenticated attacker can submit long-running...

2.3CVSS5.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60931

A vulnerability was detected in halo-dev halo up to 2.24.2. Affected by this vulnerability is the function Download of the file MigrationEndpoint.java of the component Files Backup Endpoint. Performing a manipulation results in path traversal. The attack is possible to be carried out remotely. Th...

5.8CVSS4.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60943

SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...

6.3CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60951

SurrealDB before 2.2.6, 2.3.6, and 2.1.8 and 3.0.0-alpha.7 and earlier fails to validate DNS-resolved hostnames against --deny-net network access restrictions in its http:: functions. An authenticated user can invoke http:: with a hostname that resolves to a denied IP address, causing the server ...

5.8CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60952

SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...

7.1CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60969

A security flaw has been discovered in nextlevelbuilder GoClaw up to 3.13.2. Affected by this vulnerability is the function extractBin/RequestApproval/matchesAllowlist of the file internal/tools/exec approval.go. The manipulation results in incorrect authorization. The exploit has been released t...

4.8CVSS4.8AI score
Exploits0References7
Total number of security vulnerabilities187678