Lucene search
K
PtsecurityRecent

184449 matches found

Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53365

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0...

9.8CVSS5.8AI score0.11082EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53372

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1...

9.8CVSS5.8AI score0.01895EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53682

Name of the Vulnerable Software and Affected Versions luci-app-tailscale-community affected versions not specified Description An issue in the tailscale.do login RPC method allows authenticated users to execute arbitrary commands with root privileges. This occurs because the loginserver and...

8.8CVSS6.1AI score0.01179EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.5 views

PT-2026-53519

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...

9.8CVSS5.8AI score0.01867EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.18 views

PT-2026-53481

A command injection vulnerability exists in the run-llama/llama index repository, specifically within the safe eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

9.8CVSS6.6AI score0.02862EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53708

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Improved input validation was implemented to prevent a malicious website from exfiltrating data...

4.3CVSS5.9AI score0.00205EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.6 views

PT-2026-53595

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON not Pickle is the default data format, an unauthenticated client can cause the data to be processed with unpickle. Per the maintainer, rpc....

9.8CVSS6AI score0.45862EPSS
Exploits7References11
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53561

Summary execute code in praisonaiagents.tools.python tools defaults to sandbox mode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blocked attrs, line 143 of python tools....

9.9CVSS6.5AI score0.00541EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.6 views

PT-2026-54621

CVE ID :CVE-2026-12672 Published : June 29, 2026, 4:47 p.m. | 28 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53738

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticated Host Remote Code Execution RCE vulnerability was discovered in Coolify. The flaw resides in the handling of user-defined build parameters for the...

8.8CVSS6.2AI score0.00526EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53249

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component Report Handler. Performing a manipulation of the argument Report Title results in cross site scripting. Remote exploitation o...

5.1CVSS4.5AI score0.00328EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53515

Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...

9.1CVSS5.8AI score0.02296EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53500

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

9.6CVSS6.2AI score0.00371EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53733

Name of the Vulnerable Software and Affected Versions JavaScript::Minifier::XS versions prior to 0.16 Description An issue exists where memory is leaked during every call to the minify function. In the XS.xs component, the cleanup process only frees NodeSet structures and fails to free per-token...

7.5CVSS5.8AI score0.00609EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53294

Name of the Vulnerable Software and Affected Versions Link Whisper Free versions prior to 0.9.5 Description Unauthenticated Cross Site Scripting XSS allows an attacker to execute malicious scripts in the browser of a user without requiring authentication. Recommendations Update Link Whisper Free ...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53685

Name of the Vulnerable Software and Affected Versions mdex versions 0.11.0 through 0.12.2 mdex native versions 0.1.0 through 0.2.2 Description A memory leak occurs in the native rendering code when processing documents containing escaped-tag nodes. The conversion of each %MDEx.EscapedTag node int...

6.9CVSS5.8AI score0.00126EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53709

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53610

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send file function is used unsafely...

9.3CVSS5.8AI score0.0118EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53686

Content removed...

6.9CVSS5.8AI score0.00168EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.6 views

PT-2026-53627

A Path Traversal vulnerability in the partition msg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. Impact An attacker can craft a malicious .msg file with attachment filenames containing path traversal...

9.8CVSS6.4AI score0.00616EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53549

Summary PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and joi...

9.6CVSS6.4AI score0.00619EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53580

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/upload file/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

9.1CVSS6.5AI score0.01019EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53687

Name of the Vulnerable Software and Affected Versions leandrocp mdex versions 0.8.3 through 0.13.1 Description Improper neutralization of input during web page generation allows cross-site scripting XSS via unsanitized URL schemes in Quill Delta output. The function to delta/2 converts Markdown...

5.1CVSS5.9AI score0.0031EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53653

A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter::append of the component EtherNet IP Message Handler. Performing a manipulation results in out-of-bounds write. Remote exploitation of the attack is...

7.5CVSS5.4AI score0.00371EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.7 views

PT-2026-53490

Summary Marimo 19.6k stars has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints e.g., /ws that correct...

9.8CVSS6AI score
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53254

A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack...

9CVSS7.8AI score0.00445EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53253

A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. It is possible to initiate the attack remotely. The exploit...

9CVSS7.5AI score0.00445EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53643

Summary The reset user password and gym permissions user edit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker and victim have no gym assignment gym=None. A user with...

9.9CVSS6AI score0.00371EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53275

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step...

4.3CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53476

Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route for example POST /chat/completions a...

9.8CVSS5.8AI score0.86607EPSS
Exploits7References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53469

Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acme url SSRF and creator-equality IDOR Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access vi...

9.9CVSS6AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53277

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A SQL injection issue exists in the /insertbillingrecord.php endpoint. This occurs when the patientid argument is manipulated, allowing a remote attacker to execute arbitrary SQL...

6.5CVSS6.9AI score0.002EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53409

Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6AI score0.00447EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53747

Name of the Vulnerable Software and Affected Versions Strapi users-permissions plugin affected versions not specified Description The users-permissions plugin fails to restrict JSON Web Token JWT algorithms when the plugin::users-permissions.jwt.algorithm configuration is not explicitly set. This...

6.3CVSS5.8AI score0.00147EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53680

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: full info string: true are enabled,...

2.3CVSS5.8AI score0.00405EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53670

Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description An authorization bypass exists in four REST endpoints: 'c2profile config check webhook', 'c2profile redirect rules webhook', 'c2profile get ioc webhook', and 'c2profile sample message webhook'. The...

6.5CVSS5.9AI score0.00171EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53652

Name of the Vulnerable Software and Affected Versions googleapis/mcp-toolbox affected versions not specified Description A path traversal issue exists in the HTTP tool URL builder. When constructing downstream API requests, the tool substitutes user-controlled pathParams into the configured tool...

9.3CVSS6AI score0.00374EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53306

Name of the Vulnerable Software and Affected Versions Edimax EW-7478APC version 1.04 Description A buffer overflow exists in the POST Request Handler component. This issue occurs when the formUSBAccount function in the '/goform/formUSBAccount' endpoint processes the UserName and Password argument...

9CVSS7.6AI score0.00455EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53197

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /preview4.php. Such manipulation of the argument course year section leads to sql injection. The attack may be launched remotely. The exploit has been...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53748

Name of the Vulnerable Software and Affected Versions Zephyr versions prior to 4.4.0 Description The USB CDC-NCM device class contains a flaw where the cdc ncm send function ignores the return value of usbd ep enqueue. If the enqueue operation fails—which occurs when the USB bus is suspended,...

5.3CVSS5.9AI score0.00134EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53673

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.5CVSS6.1AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53692

Name of the Vulnerable Software and Affected Versions AWS Application Load Balancer affected versions not specified Description Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. B...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53386

Summary In backpropagate = 1.1.0, the optional Reflex web UI pip install backpropagateui, launched via backprop ui exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push. The CLI accepts two operator-facing...

9.3CVSS6.1AI score0.00324EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.7 views

PT-2026-53743

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Description An always-incorrect control flow...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53192

A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF File Handler. Performing a manipulation results in out-of-bounds read. It is...

5.3CVSS5.5AI score0.00293EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53741

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Description An incorrect control flow implementation...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53319

A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/header/ModbusLayer.h of the component Modbus Protocol Handler. The manipulation of the argument length results in heap-based buffer overflow. The attack...

6.3CVSS5.7AI score0.00394EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53693

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description An out-of-bounds access issue occurs when processing maliciously crafted web content, which may lead ...

6.5CVSS5.9AI score0.00247EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53710

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected process crash due to improper...

6.5CVSS5.9AI score0.00202EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53459

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

9.8CVSS6.2AI score0.00578EPSS
Exploits0References7
Total number of security vulnerabilities184449