Lucene search
K
PtsecurityRecent

184253 matches found

Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-56766

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: before v3.3.57...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-56734

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including 4.0.2. This is due to the handle export table function being registered on the WordPress 'init' hook, which fires for all requests, includin...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-56963

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56944

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-56941

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-56940

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-56946

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago3 views

PT-2026-57132

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

6.1AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-57034

Summary YesWiki's Bazar widget handler reflects the id GET parameter into HTML attributes using strip tags only. Because strip tags does not escape double quotes, an attacker can break out of the attribute value, inject an event handler such as onmouseover, and execute arbitrary JavaScript in the...

6.1CVSS6AI score0.00039EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-57022

Impact What kind of vulnerability is it? Who is impacted? A verifier configured with WithTransparencyLogN1 or WithSignedCertificateTimestampsN1 expected defense-in-depth against the compromise of a single log instance. However, threshold counting counted verified witnesses per-entry or...

5.9CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56949

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago3 views

PT-2026-56954

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago3 views

PT-2026-56956

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-56842

Summary Note Mark validates book and note slug values with the OpenAPI/huma tag pattern:"a-z0-9-+". huma compiles this with regexp.MustCompiles.Pattern and tests it with patternRe.MatchStringstr, an UNANCHORED match. Because the pattern is not anchored ^...$, any string that merely CONTAINS one...

8.6CVSS6.5AI score0.00059EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-56959

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-57027

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An issue exists in the erasespamedcomments wiki action, located in actions/EraseSpamedCommentsAction.php, which allows unauthenticated users to permanently delete arbitrary wiki pages. The action...

9.1CVSS6.2AI score0.00052EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-56922

A Roundcube zero-click XSS, CVE-2026-54433, lets an email run script with no click. Roundcube 1.7.2 also fixes a second stored XSS. Update now. Roundcube XSS ZeroClick Webmail StoredXSS CyberSecurity Vulnerability InfoSec https://t.co/pkdbSSekhy...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-56710

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the pg...

4.3CVSS5.9AI score0.00246EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-56733

The Bookero.pl – system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookero products shortcode's hide products and filter products attributes in versions up to and including 2.2. This is due to insufficient input sanitization and output escaping in...

6.4CVSS6.1AI score0.00212EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56736

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the download recent decrypted file wptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56719

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'color' Shortcode Attribute in all versions up to, and including, 5.113.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.1AI score0.00241EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-56696

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS7.3AI score0.00148EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-56729

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS6AI score0.0021EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-56716

The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to and including 5.0.31. This is due to insufficient input sanitization and output escaping in the Advanced...

6.4CVSS6AI score0.00206EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-56708

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-56717

The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.1AI score0.00215EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56722

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'note before' and 'note after' Shortcode Attributes in all versions up to, and including, 3.3.61 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

6.4CVSS6.1AI score0.00201EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56724

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS6AI score0.0014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56709

Name of the Vulnerable Software and Affected Versions UAA versions prior to v78.13.0 Cf-deployment versions prior to v56.2.0 Description A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA. This allows the attack...

9.3CVSS6.1AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56704

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

8.8CVSS7.3AI score0.00331EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56730

The Block, Suspend, Report for BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter in versions up to and including 3.6.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

6.4CVSS6AI score0.00201EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-56735

The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.22.0. This is due to the plugin not properly verifying that a user is authorized to perform an...

7.2CVSS6.2AI score0.00659EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56725

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...

7.1CVSS6AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56705

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score0.00088EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-56715

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.12.7 via the 'logKey' parameter parameter. This makes it possible for authenticated attackers, with administrator-leve...

6.6CVSS6.5AI score0.0071EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56714

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS6AI score0.00269EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-56718

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56728

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS6AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56721

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contact ids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS6AI score0.00266EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56707

Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:boshservice wrapper.exe or C:boshbosh-agent.exe and gain NT AUTHORITYSYSTEM on the next service restart or reboot. This can lead to full host...

8.8CVSS7.2AI score0.001EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56732

Name of the Vulnerable Software and Affected Versions Pinniped go.pinniped.dev versions 0.11.0 through 0.46.0 Description A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions. This occurs when the server is configured with an...

3.8CVSS6.1AI score0.0017EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-56962

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-56952

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-56955

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-56953

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-56958

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-56947

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-56957

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-56943

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-56950

Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it! If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Total number of security vulnerabilities184253