Lucene search
K
PtsecurityRecent

184427 matches found

Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•10 views

PT-2026-53430

Impact The POST /api/v2/firefighter/raid/jira bot endpoint CreateJiraBotView is reachable without authentication permission classes = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that...

9.9CVSS6AI score0.00272EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•10 views

PT-2026-53392

Description There's an SSRF in the file upload processing system that allows remote attackers to make arbitrary HTTP requests from the server without authentication. The vulnerability exists in the serialization/deserialization handlers for multipart form data and JSON requests, which automatical...

9.9CVSS6AI score0.11883EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•13 views

PT-2026-53261

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /edit class1.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The...

7.5CVSS7AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•11 views

PT-2026-53376

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0...

9.8CVSS5.8AI score0.11082EPSS
Exploits2References7
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•15 views

PT-2026-53429

Technical Description The OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the build url method. When an OpenAPI...

10CVSS6AI score0.01011EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•9 views

PT-2026-53320

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument channelType causes improper authorization. The attack may be initiated remotely. A...

5CVSS5.1AI score0.00199EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•10 views

PT-2026-53588

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAY AUTH MODE=token. In the default unauthenticated state, a remote attacker with...

9.3CVSS6.2AI score0.00474EPSS
Exploits5References13
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•20 views

PT-2026-53749

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Server and project lookups are not scoped to the current team, which allows any...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•12 views

PT-2026-53206

Name of the Vulnerable Software and Affected Versions GotoHTTP versions prior to 10.3 Description Remote attackers can initiate cross site scripting by manipulating the sn argument during the processing of the /reg.12x file. Cross site scripting is a technique where malicious scripts are injected...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•7 views

PT-2026-53461

Summary A serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data...

9.3CVSS6.1AI score0.1383EPSS
Exploits5References12
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•8 views

PT-2026-53383

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin...

9.8CVSS6.4AI score0.01908EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•13 views

PT-2026-53174

Name of the Vulnerable Software and Affected Versions Tenda JD12L version 16.03.53.23 Description A stack-based buffer overflow occurs in the fromAddressNat function within the /goform/addressNat file. This issue is triggered by the manipulation of the page argument, allowing for remote...

9CVSS7.6AI score0.00466EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•15 views

PT-2026-53208

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1 V240425. The affected element is the function sub 401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...

6.5CVSS6.4AI score0.01306EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•8 views

PT-2026-53450

Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. Details The server interpolates...

10CVSS6.3AI score0.00062EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•9 views

PT-2026-53412

Impact An unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dash uploader/httprequesthandler.py reads three form parameters upload id, resumableFilename, resumableIdentifier from request.form.get and passes...

9.8CVSS6.1AI score0.05982EPSS
Exploits4References9
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•7 views

PT-2026-53750

Name of the Vulnerable Software and Affected Versions EIPStackGroup OpENer commit 76b95c Description A buffer overflow occurs in the Get Attribute List function when processing a specially crafted Common Packet Format CPF packet, which is a standardized data structure used for communication. This...

6AI score0.00351EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•13 views

PT-2026-53190

A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes sql injection. The attack is possible to be carried out remotel...

6.5CVSS6.5AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•14 views

PT-2026-53310

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of local CLI parameters allows unintended SQL execution. A user can trigger this issue by providing crafted values to the Cortex SQL or object listing command paths,...

5.4CVSS6.1AI score0.0013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•13 views

PT-2026-53191

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability is an unknown functionality of the file /preview5.php. Such manipulation of the argument course year section leads to sql injection. The attack may be performed from remote...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•14 views

PT-2026-53489

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from pretrained method uses torch.load to load the pytorch model.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•13 views

PT-2026-53257

Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Description The xmlcatalog utility is susceptible to multiple stack-based buffer overflows when operating in --shell mode. The usershell function processes user input using fixed-size stack buffers witho...

7.8CVSS6.9AI score0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•8 views

PT-2026-53478

The OpenAPI and ChatGPT plugin loaders in LlamaHub aka llama-hub before 0.0.67 allow attackers to execute arbitrary code because safe load is not used for YAML...

9.8CVSS6.1AI score0.01192EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•8 views

PT-2026-53735

Name of the Vulnerable Software and Affected Versions Matrix42 Empirum versions prior to 25.5 Matrix42 Empirum versions 26.x prior to 26.2 Description The PBackupVSS.exe component creates a named pipe at '.pipePBackupVSS' with a Discretionary Access Control List DACL that grants GENERIC READ and...

7.8CVSS6.2AI score0.00125EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•9 views

PT-2026-53573

Command injection vulnerability in console.run module with output in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...

9.8CVSS6.1AI score0.01923EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•11 views

PT-2026-53634

Summary A chain of vulnerabilities in vLLM allow Remote Code Execution RCE: 1. Info Leak - PIL error messages expose memory addresses, bypassing ASLR 2. Heap Overflow - JPEG2000 decoder in OpenCV/FFmpeg has a heap overflow that lets us hijack code execution Result: Send a malicious video URL to...

9.8CVSS7.3AI score0.03816EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•14 views

PT-2026-53303

Name of the Vulnerable Software and Affected Versions Devolutions PowerShell Universal version 2026.2.0 Description An information disclosure issue exists in the AI Agent job API. An authenticated user with AI Agent read access can obtain reusable, potentially higher-privileged authentication...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•12 views

PT-2026-53719

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Insufficient input sanitization in Apple platforms allows an app to reach sensitive kernel code paths. This improper input validation...

7.8CVSS6.5AI score0.00142EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•10 views

PT-2026-53504

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information...

9.8CVSS6AI score0.02013EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•7 views

PT-2026-53720

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Improved input validation was implemented to address a flaw where a malicious website could process...

7.1CVSS6.1AI score0.00314EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•9 views

PT-2026-53697

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected process crash due to improper...

6.5CVSS5.9AI score0.00194EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•9 views

PT-2026-53723

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...

8.8CVSS5.9AI score0.00201EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•9 views

PT-2026-53700

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•9 views

PT-2026-53716

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...

6.5CVSS6.1AI score0.00289EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•6 views

PT-2026-53699

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description An out-of-bounds access issue occurs when processing maliciously crafted web content, which may lead ...

6.5CVSS5.9AI score0.00257EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•8 views

PT-2026-53707

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A memory corruption issue exists within WebKit. Processing maliciously crafted web content can lead t...

6.1AI score0.00307EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•11 views

PT-2026-53711

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A permissions issue exists where visiting a website may leak sensitive data. This was addressed by...

6.5CVSS5.9AI score0.00312EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•13 views

PT-2026-53679

A flaw was found in p11-kit. The RPC message attribute parsing functions p11 rpc message get attribute and p11 rpc message get attribute array value form a mutually-recursive call chain with no recursion depth limit when processing nested CKA WRAP TEMPLATE, CKA UNWRAP TEMPLATE, and CKA DERIVE...

6.2CVSS5.8AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•10 views

PT-2026-53702

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A malicious website may be able to process restricted web content outside the sandbox. A sandbox is a...

7.1CVSS5.9AI score0.00182EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•8 views

PT-2026-53721

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...

6.5CVSS5.9AI score0.00189EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•15 views

PT-2026-53725

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue exists due to improper memory management. This occurs when a program continues...

6.5CVSS5.7AI score0.0024EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•10 views

PT-2026-53722

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•15 views

PT-2026-53712

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A use-after-free issue, which occurs when a program continues to use a pointer after it has been free...

8.8CVSS6AI score0.0036EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•12 views

PT-2026-53730

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description An out-of-bounds write issue exists where processing maliciously crafted web content may lead to an...

6.5CVSS6AI score0.00297EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•4 views

PT-2026-53727

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may result in the disclosure of process memory due to...

6.5CVSS5.9AI score0.00203EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•7 views

PT-2026-53713

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected Safari crash due to improper...

6.5CVSS6.1AI score0.00297EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•13 views

PT-2026-53698

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Processing maliciously crafted web content may lead to an unexpected process crash due to improper...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•10 views

PT-2026-53608

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS6.4AI score0.01534EPSS
Exploits1References10
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•12 views

PT-2026-53658

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS5.9AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•16 views

PT-2026-53657

Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/pk/password/ endpoint that allows domain administrators to change any user's password. Attackers with domain admin privileges can bypass object-level access controls to reset superadmin...

7.7CVSS5.8AI score0.00265EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•8 views

PT-2026-53633

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS6.2AI score0.00763EPSS
Exploits2References9
Total number of security vulnerabilities184427