Lucene search
K
PtsecurityRecent

184528 matches found

Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’12 views

PT-2026-55261

Name of the Vulnerable Software and Affected Versions Dockwatch versions prior to 0.6.568 Description An unauthenticated OS command injection exists that allows remote attackers to execute arbitrary shell commands. The issue arises from a chain of two bugs: a missing exit function after an...

9.8CVSS6.3AI score0.0119EPSS
Exploits0References8
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’9 views

PT-2026-55036

Contributor Local File Inclusion in Shopify = 1.0.0 versions...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’9 views

PT-2026-54972

Unauthenticated Cross Site Scripting XSS in Kids Life | Children School WordPress = 5.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’13 views

PT-2026-55357

Summary Stored XSS through wikitext can be performed by inserting malicious HTML into the overlays parameter of the display map parser function when using the leaflet service. Details The maps extension doesn't escape overlay names before passing them to leaflet. Leaflet then inserts them as HTML...

8.6CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’6 views

PT-2026-54991

Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...

7.2CVSS5.8AI score0.00203EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’13 views

PT-2026-55309

Name of the Vulnerable Software and Affected Versions react-native-receive-sharing-intent affected versions not specified Description A path traversal issue exists where a co-resident malicious application can write files outside the intended cache directory. This occurs when a crafted display na...

7.7CVSS6.1AI score0.00138EPSS
Exploits0References7
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’9 views

PT-2026-55029

Unauthenticated Broken Access Control in POS EntegratΓΆr = 3.7.103 versions...

8.2CVSS5.8AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’9 views

PT-2026-55298

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References5
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’11 views

PT-2026-55462

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.64.0 Description Langroid's ReadFileTool and WriteFileTool fail to properly enforce the working-directory boundary defined by curr dir. While the tools change the process working directory to curr dir, they do not...

7.1CVSS6AI score0.00184EPSS
Exploits1References5
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’12 views

PT-2026-55461

Name of the Vulnerable Software and Affected Versions langroid versions prior to 0.64.0 Description The SQLChatAgent in langroid implements a defense-in-depth layer via the validate query method, which uses a regex blocklist DANGEROUS SQL PATTERNS to prevent the execution of dangerous SQL...

8.7CVSS6.3AI score0.00686EPSS
Exploits0References5
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’14 views

PT-2026-55249

A malicious actor with access to the network could exploit a Server-Side Request Forgery SSRF vulnerability found in UniFi Talk Application to execute a Denial of Service DoS attack and bypass authentication in certain UniFi Talk API endpoints...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’9 views

PT-2026-55240

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description An authenticated actor with low privileges and network access can exploit multiple SQL Injection vulnerabilities to escalate privileges within UniFi OS devices or instances. SQL Injection is...

8.8CVSS5.9AI score0.00249EPSS
Exploits0References4
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’10 views

PT-2026-55233

Name of the Vulnerable Software and Affected Versions UniFi Access Application affected versions not specified Description An improper input validation issue allows a malicious actor with network access and low privileges to perform command injection on the host device. Recommendations At the...

9.9CVSS6AI score0.00807EPSS
Exploits0References6
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’8 views

PT-2026-55237

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A Server-Side Request Forgery SSRF allows a malicious actor with low privileges and network access to escalate privileges within the system. SSRF is a flaw where an attacker can induce the...

8.8CVSS6.1AI score0.00217EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’10 views

PT-2026-55238

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description An improper input validation issue allows a malicious actor with network access and low privileges to perform command injection on the host device. Command injection is a flaw that allows an...

9.9CVSS6.2AI score0.00872EPSS
Exploits0References6
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’8 views

PT-2026-55335

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.1 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists in the wgagent process. This flaw allows an authenticated privileged user to execute...

8.6CVSS6.3AI score0.00546EPSS
Exploits0References8
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’8 views

PT-2026-55459

Name of the Vulnerable Software and Affected Versions joserfc versions 1.6.7 and earlier Description An authentication bypass exists when the verification key provided to joserfc.jwt.decode is an empty string or None. This occurs because the HMACAlgorithm.verify and HMACAlgorithm.sign functions...

8.7CVSS6AI score
Exploits0References9
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’13 views

PT-2026-55200

PraisonAI before 0.1.7 fails to validate that project id in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS5.8AI score0.00158EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’6 views

PT-2026-55020

Unauthenticated SQL Injection in GeekyBot = 1.2.5 versions...

9.3CVSS5.8AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’11 views

PT-2026-55055

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’12 views

PT-2026-55560

These are all security issues fixed in the python311-mistune-3.3.2-1.1 package on the GA media of openSUSE Tumbleweed...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’8 views

PT-2026-54827

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.8.1. This is due to the '/topics' REST API endpoint being registered with a permission callback set to ' return true',...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References9
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’12 views

PT-2026-55021

Unauthenticated Insecure Direct Object References IDOR in Kirki = 6.0.11 versions...

6.5CVSS5.8AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’6 views

PT-2026-55395

Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...

5.9CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’9 views

PT-2026-55322

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.8 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists in the networkd process. This...

8.6CVSS6.3AI score0.00439EPSS
Exploits0References9
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’12 views

PT-2026-55241

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service DoS attack on the application...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’13 views

PT-2026-55339

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists where an unauthenticated...

7.7CVSS6.2AI score0.00201EPSS
Exploits0References7
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’11 views

PT-2026-55470

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections network.listen addr is set, which is the default. 3. Your node's mempool is active node is synced near the chain tip. All default configurations are affected. Summary The...

5.3CVSS5.7AI score
Exploits0References5
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’11 views

PT-2026-55295

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepath globpattern valu...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References5
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’7 views

PT-2026-55286

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub 483ba0 component...

5.8AI score0.00452EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’13 views

PT-2026-55260

Name of the Vulnerable Software and Affected Versions Flowmon ADS versions prior to 12.5.6 Flowmon ADS versions prior to 13.0.5 Description An authenticated low-privileged user in the Anomaly Detection System ADS can send specially crafted requests to gain unauthorized access to application data...

8.7CVSS5.9AI score0.00247EPSS
Exploits0References4
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’14 views

PT-2026-55289

Name of the Vulnerable Software and Affected Versions Cockpit CMS versions prior to 364 Description Unauthenticated attackers can read arbitrary files or execute PHP files due to a path traversal and local file inclusion issue. The application fails to perform containment checks when constructing...

8.2CVSS6.1AI score0.00406EPSS
Exploits0References11
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’10 views

PT-2026-55561

These are all security issues fixed in the python314-3.14.6-1.1 package on the GA media of openSUSE Tumbleweed...

9.1CVSS6.1AI score0.02602EPSS
Exploits1References13
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’10 views

PT-2026-55235

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanup listen l2cap chan close removes the channel from conn-chan l, which must be done under conn-lock. cleanup listen runs under the parent sk lock, so acquiring conn-lock...

5.8AI score0.00165EPSS
Exploits0References9
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’18 views

PT-2026-55248

A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device...

7.5CVSS5.8AI score0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’11 views

PT-2026-55292

LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS and updateTranslate methods filter target rows by message id alone, omitting the userId scope that sibli...

6CVSS5.8AI score0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’9 views

PT-2026-55387

Summary Langroid's ReadFileTool and WriteFileTool appear to treat curr dir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to curr dir and then operate on the user-supplied file path without resolving and enforcing that...

7.1CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’12 views

PT-2026-55325

Name of the Vulnerable Software and Affected Versions WatchGuard Mobile VPN with SSL client for Windows versions prior to 2026.3 Description A local privilege escalation issue allows an attacker with local access to the machine where the client is installed to elevate their privileges to NT...

7.3CVSS5.9AI score0.00114EPSS
Exploits0References7
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’13 views

PT-2026-55488

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.31 PHP versions 8.3.0 through 8.3.31 PHP versions 8.4.0 through 8.4.22 PHP versions 8.5.0 through 8.5.7 Description The OpenSSL extension contains a buffer allocation flaw in the AES-WRAP-PAD algorithm...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References14
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’8 views

PT-2026-54851

Ever wondered who's been trashing your submissions since 2017? Good news for anyone whose venue runs HotCRP: CCS, NDSS, S&P, USENIX... πŸŽ“ We call it BetterOpenReviewβ„’ CVE-2026-55493: now every review is an open review Don't worry if you've rejected someone, it's patched. https://t.co/saAUrCSkbQ...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’15 views

PT-2026-55277

Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete Summary All HTTP routes under /api/documents/ in mcp-memory-service are served without any authentication dependency, even when the server is configured with an API key MCP API KEY or OAuth. An...

9.8CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’9 views

PT-2026-54877

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.8AI score0.00247EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’10 views

PT-2026-55001

Unauthenticated Cross Site Scripting XSS in Customize My Account for WooCommerce = 4.3.9 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’10 views

PT-2026-54997

Subscriber Cross Site Scripting XSS in JetReviews = 3.0.0.1 versions...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’11 views

PT-2026-54969

Unauthenticated Cross Site Scripting XSS in Kids Zone - Children WordPress Theme = 5.4 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’11 views

PT-2026-55316

Name of the Vulnerable Software and Affected Versions Libreswan affected versions not specified Description Libreswan fails to correctly verify the DER encoding of the ASN.1 digest within the IKEv2 AUTH payload when using RSASSA-PKCS1-v1 5. This occurs in the RSA authenticate hash signature pkcs1...

8.1CVSS6.5AI score0.00352EPSS
Exploits0References8
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’12 views

PT-2026-55476

Impact In JSONata = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. References...

7.5CVSS5.7AI score
Exploits0References8
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’13 views

PT-2026-55314

Name of the Vulnerable Software and Affected Versions Libreswan affected versions not specified Description An invalidly formatted IKEv2 fragment can cause the pluto daemon to crash and restart, leading to a denial of service. The issue occurs within the reassemble v2 incoming fragments function,...

7.5CVSS6.4AI score0.00597EPSS
Exploits0References9
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’12 views

PT-2026-54983

Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/07/02 12:0 a.m.β€’16 views

PT-2026-55263

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob servlet endpoint. Attackers can submit a multipart POST request with a JSP webshell disguised using a spoofed...

9.8CVSS6.5AI score0.00708EPSS
Exploits0References5
Total number of security vulnerabilities184528