Lucene search
K
PtsecurityRecent

184253 matches found

Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57256

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57257

Deloitte AI Assist for Customer disclosed some configuration information through public-facing API endpoints that accepted unauthenticated requests. This information could reduce an attacker’s reconnaissance effort. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.9CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57259

Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker with knowledge of additional parameters to read from or inject content into the retrieval-augmented generation RAG corpus. On 2026-03-25, AI Assist for Customer restricted network access and enforced...

6.3CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57164

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS6.3AI score
Exploits1References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57286

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline, allowing a low-privilege user to upload active...

6.2CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57276

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57282

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new...

8.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57279

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @logto/core reflected the SAML RelayState, SAMLResponse, and actionUrl into a Logto-origin auto-submit HTML form in packages/core/src/saml-application/SamlApplication/utils.ts without HTML-attribute...

6.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57166

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57095

Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data...

6.9CVSS6.1AI score0.00115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57104

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

6.2AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-57311

Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3...

7.1CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57180

phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...

6.9CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57195

PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...

7.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57227

An unauthenticated path traversal vulnerability exists in the web management interface of WTI Wireless Technology, Inc. version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web roo...

7.5CVSS6.1AI score
Exploits1References3
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57215

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloc centralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57238

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...

2.4CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57221

ESF-IDF is the Espressif Internet of Things IOT Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg parse dqt marker in components/esp driver jpeg/jpeg parse marker.c because the attacker-controlled DQT marker Tq nibble is used as ...

7.5CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57252

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token age freshness check when an incoming token omits the iat claim, allowing arbitrarily old tokens...

4.2CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57219

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...

8.6CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57254

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive...

4.8CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57236

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block size only against the MINBSIZE lower bound and does not validate the fs fsize fragment size, allowi...

2.4CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57217

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57233

An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser components...

9.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57258

Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access an...

6.9CVSS6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57322

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...

7.7CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57333

EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message sender id field was not validated as a path-safe identifier, unlike app id and project id. During user-memory extraction, sender ...

8.2CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57321

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57326

OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, stores them in ClickHouse without output encoding, and later renders them in the authenticated...

9.3CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57305

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...

7.5CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57277

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow accepting an arbitrary email address via the 'email...

9.8CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57307

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57230

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webremium Istanbul Web Design Mezunum Satiyorum allows Stored XSS. This issue affects Mezunum Satiyorum: from 1.2.504 through 10072026. NOTE: The vendor was contacted early about this disclosure bu...

6.4CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57235

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57228

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token and insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

7.2CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57239

PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...

5.1CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-57237

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and custom-name length fields without validating them against...

2.4CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57241

Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS6.1AI score
Exploits1References4
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57240

grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker with admin.users permission can change the password of any user account, including the super administrator, by sending a direct POST...

8.7CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-57220

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this...

8.2CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57211

A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...

6.8CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57202

A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file /callrec/userAddAction.do. Performing a manipulation of the argument role results in improper authorization. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57208

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the authenticode table targeting a maliciously crafted binary, due to...

7CVSS6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57203

A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS5.7AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-57212

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57207

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday2 views

PT-2026-57206

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...

4.4CVSS6.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57214

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

5.3CVSS5.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57225

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57222

9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/ access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as...

8.3CVSS6.1AI score
Exploits0References3
Total number of security vulnerabilities184253