Lucene search
K
PtsecurityRecent

184253 matches found

Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57213

A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been made public and could be used. The vendor...

6.5CVSS6.3AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57218

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIB MBEDTLS SUPPORT or CPPHTTPLIB WOLFSSL SUPPORT and a...

7.4CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57216

Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An authenticated...

7.1CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57224

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database:: call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowin...

5.1CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57226

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py...

3.1CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57172

Capgo before 12.128.2 contains an improper validation vulnerability in the accept invitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn...

6.9CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57081

Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings...

6.9CVSS6.1AI score0.00105EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57079

A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function add url/ add package of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated...

5.5CVSS5.7AI score0.00378EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added yesterday9 views

PT-2026-57080

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57075

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $ SERVER'QUERY STRING' via parse str bypassing wp magic quotes, which does not cover $ SERVER, then passed through...

9.1CVSS6.1AI score0.00349EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57076

The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.2AI score0.00156EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57077

The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files e.g., CSS to directories outside the...

5.3CVSS6.1AI score0.00533EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57073

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS6.1AI score0.00314EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57045

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument client id causes incorrect authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57094

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS6.2AI score0.00111EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57096

Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege...

8.5CVSS6.3AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57093

Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege...

6.8CVSS6.1AI score0.00131EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57097

Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information...

4.8CVSS6.1AI score0.00099EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57085

Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege...

6.7CVSS6.1AI score0.00129EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57086

Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application...

5.8CVSS6.1AI score0.00096EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57082

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS6.1AI score0.00099EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57090

Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code...

8.4CVSS6.3AI score0.00127EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57089

Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6.1AI score0.00379EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57087

Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6.1AI score0.00379EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57061

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form page id' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the add to submissions function, which applies sanitize text field which...

6.4CVSS6.2AI score0.00307EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57063

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to unauthorized post publication in all versions up to, and including, 3.5.32 due to a misconfigured capability check on the 'get items permission check' function permission callback of the...

4.3CVSS6.1AI score0.00268EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57069

The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.2AI score0.00243EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57070

The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8CVSS6.3AI score0.00348EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57067

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...

7.5CVSS6.1AI score0.00393EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57068

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS6.1AI score0.0047EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57145

R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...

8.7CVSS6.3AI score0.01228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57106

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipe air gap receiver enabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An...

6.1AI score0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57059

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insapp upload image as attachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on...

9.8CVSS6.5AI score0.00744EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57109

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...

6.1AI score0.0014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57110

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

6.1AI score0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57105

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipe air gap receiver enabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no...

6.1AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57146

R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users. This issue was fixed in version v3.19-2832 and...

5.1CVSS6.2AI score0.0039EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57114

The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.1 via the update form due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS6.1AI score0.00226EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-57138

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6.2AI score0.00561EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57099

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS6.2AI score0.00246EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57100

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has...

6AI score0.00136EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57113

The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS6.2AI score0.00208EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57078

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function build image content/ download to data url of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The...

7.5CVSS5.7AI score0.00352EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57047

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS5.9AI score0.00234EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57046

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/access control.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploi...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57092

Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings...

5.1CVSS6.1AI score0.00105EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57098

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory...

6.8CVSS6.1AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57084

Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code...

8.4CVSS6.3AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57083

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS6.1AI score0.00105EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57091

Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

5.1CVSS6.1AI score0.00105EPSS
Exploits0References2
Total number of security vulnerabilities184253