Lucene search
K
PtsecurityRecent

184379 matches found

Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53194

Name of the Vulnerable Software and Affected Versions CherryHQ cherry-studio versions prior to 1.9.7 Description Improper authorization exists in the MCP OAuth Local Callback Server component within the src/main/services/mcp/oauth/callback.ts file. A remote attacker can manipulate the code argume...

6.3CVSS6.2AI score0.00264EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53301

Unauthenticated Broken Access Control in Japanized For WooCommerce = 2.9.12 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.18 views

PT-2026-53288

Subscriber Broken Access Control in MainWP = 6.1.1 versions...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53162

Name of the Vulnerable Software and Affected Versions JoomCCK affected versions not specified Description A front-end controller task in the JoomCCK extension for Joomla is susceptible to SQL injection. This occurs because the application constructs two SQL statements by directly concatenating a...

9.8CVSS5.8AI score0.00505EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.9 views

PT-2026-53114

Name of the Vulnerable Software and Affected Versions ANTLR4 versions prior to 4.13.3 Description An issue exists in the tokenVocab Grammar Option Handler where the getImportedVocabFile function in the tool/src/org/antlr/v4/parse/TokenVocabParser.java file is susceptible to path traversal. This...

6.9CVSS6.1AI score0.0055EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.10 views

PT-2026-53103

Name of the Vulnerable Software and Affected Versions glpi-project glpi versions 11.0.5 through 11.0.7 Description An authorization bypass exists in the Document Handler component within the file 'front/document.send.php'. The issue occurs in the Document::canViewFile function when processing the...

6.3CVSS5.9AI score0.00309EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.14 views

PT-2026-53088

Name of the Vulnerable Software and Affected Versions RustDesk affected versions not specified Description An issue exists where incoming control messages are gated based on per-capability flags instead of the session's authorized connection type. Because a file-transfer session fails to clear...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.9 views

PT-2026-53107

A vulnerability was found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /ajaxmedicine.php. The manipulation of the argument medicineid results in sql injection. It is possible to launch the attack remotely. The exploit has been made public...

6.5CVSS5.7AI score0.00204EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.10 views

PT-2026-53163

Name of the Vulnerable Software and Affected Versions volcengine OpenViking versions prior to 0.3.22 Description Insufficient verification of data authenticity exists within the Local VectorDB Primary-key Label Handler component. The issue occurs in the str to uint64 function located in the...

5CVSS6AI score0.00138EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53110

Name of the Vulnerable Software and Affected Versions yashpokharna2555 restaurent-management-system affected versions not specified Description A security flaw exists in the Registration Handler component within the login register.php file. A remote attacker can perform cross-site scripting XSS—a...

5.3CVSS5.7AI score0.00278EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53086

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.40 Description An issue exists where users with limited Admin Control Panel ACP access can assign any usergroup to an account during creation or editing. This occurs because the verify usergroup function in the user module...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53108

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A SQL injection issue exists in the /appointment.php file. This occurs when the editid parameter is manipulated, allowing a remote attacker to execute unauthorized database querie...

6.5CVSS6.7AI score0.00204EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.14 views

PT-2026-53168

Name of the Vulnerable Software and Affected Versions Databend versions prior to 1.2.882 Description An authorization bypass exists in the HTTP Tenant Handler component. The issue resides in the ClientSessionManager::state key function within the src/query/service/src/servers/http/v1/session/clie...

6.5CVSS6.7AI score0.0022EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.7 views

PT-2026-53345

These are all security issues fixed in the glibc-2.43-4.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.10 views

PT-2026-53222

Name of the Vulnerable Software and Affected Versions D-Link DCS-935L version 1.10.01 Description An OS command injection flaw exists in the POST Parameter Handler component. The issue occurs within the sub 400E40 function of the setconf.cgi file. A remote attacker can exploit this by manipulatin...

9CVSS7.6AI score0.02706EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.18 views

PT-2026-53094

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...

6.3CVSS5.2AI score0.00189EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53104

Name of the Vulnerable Software and Affected Versions xiaozhi-esp32 versions prior to 2.2.7 Description A remote denial of service can be triggered through the manipulation of the session id argument. This issue resides within the Application::GetInstance function located in the main/protocols/mq...

6.3CVSS5.7AI score0.00411EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53095

Name of the Vulnerable Software and Affected Versions arc53 DocsGPT versions prior to 0.18.1 Description An issue exists in the Credential Storage component within the encrypt credentials function of the application/security/encryption.py file. This flaw leads to insufficient verification of data...

3.1CVSS5.6AI score0.00095EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.14 views

PT-2026-53100

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /archive.php file where the manipulation of the sy argument allows for SQL injection. This allows a remote attacker to interfere with the database...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53112

Name of the Vulnerable Software and Affected Versions ANTLR4 versions prior to 4.13.3 Description Command injection is possible in the gofmt component via the GoTarget function located in the tool/src/org/antlr/v4/codegen/target/GoTarget.java file. This issue allows an attacker to execute arbitra...

5.3CVSS6.3AI score0.00678EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53093

Zephyr's BSD-sockets getaddrinfo implementation subsys/net/lib/sockets/getaddrinfo.c passes a pointer to a stack-allocated state object struct getaddrinfo state ai state as the user data of an asynchronous DNS resolver query. The socket layer waits on a semaphore with a timeout deliberately set...

7.4CVSS5.8AI score0.00269EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53214

Name of the Vulnerable Software and Affected Versions Wavlink WL-NU516U1-A version M16U1 V240425 Description A stack-based buffer overflow occurs in the POST Parameter Handler component when processing the Guest ssid argument. This issue exists within the sub 407504 function of the...

9CVSS7.7AI score0.00466EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.16 views

PT-2026-53223

Name of the Vulnerable Software and Affected Versions Edimax EW-7478APC version 1.04 Description A stack-based buffer overflow occurs when manipulating the pppUserName argument within the formPPPoESetup function of the /goform/formPPPoESetup endpoint in the POST Request Handler component. This...

9CVSS7.8AI score0.00751EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.4 views

PT-2026-53347

These are all security issues fixed in the libQXmppQt6-10-1.16.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.11 views

PT-2026-53164

Name of the Vulnerable Software and Affected Versions khoj-ai khoj versions prior to 2.0.0-beta.29 Description A flaw in the Conversation Sharing Handler component within the file src/khoj/routers/api chat.py allows for incorrect authorization. This occurs through the manipulation of the...

6.5CVSS6AI score0.00165EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.16 views

PT-2026-53105

Name of the Vulnerable Software and Affected Versions AIDC-AI ComfyUI-Copilot versions prior to 2.0.29 Description A flaw exists in the Workflow Checkpoint Restore Handler component within the file backend/controller/conversation api.py. This issue involves improper control of resource identifier...

3.1CVSS5.7AI score0.00232EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.15 views

PT-2026-53097

Name of the Vulnerable Software and Affected Versions MLflow versions up to 4666cffc7912ea606d592fc38d6a75e2935f65e7 Description An issue exists within the Experiment-scoped Label Schema CRUD API where a function lacks proper authorization. This allows a remote attacker to perform unauthorized...

8.8CVSS6AI score0.00263EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.16 views

PT-2026-53092

The Microchip SERCOM-G1 UART driver drivers/serial/uart mchp sercom g1.c, used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous DMA receive path. When uart rx enable is invoked with a one-byte receive buffer len == 1 and CONFIG UART MCHP ASYNC is enabled, the...

4.2CVSS6AI score0.00148EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53098

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /preview.php endpoint where manipulating the course year section variable allows for SQL injection. This allows a remote attacker to interfere with...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.14 views

PT-2026-53089

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.3 Description An authenticated user can execute arbitrary code in the server context by configuring a Custom MCP node. The issue occurs because environment variables are validated against a denylist using a...

5CVSS6.1AI score0.00827EPSS
Exploits3References12
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.11 views

PT-2026-53344

These are all security issues fixed in the chromedriver-149.0.7827.200-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53167

Name of the Vulnerable Software and Affected Versions VoltAgent versions prior to 2.1.18 Description An improper authorization issue exists within the Memory REST API component, specifically in the handleGetMemoryConversation function located in the...

3.1CVSS5.8AI score0.0022EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.11 views

PT-2026-53227

CVE-2026-55509 Security Research Public CVE writeups, reproducible proof-of-concepts, a... https://t.co/zaBciGtro1 Vulnerability Notification: https://t.co/xhLrNnfyrO...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53101

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulation of the argument course year section results in sql injection. The attack may be launched...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.11 views

PT-2026-53165

Name of the Vulnerable Software and Affected Versions RAGapp versions prior to 0.1.6 Description A path traversal issue exists in the Knowledge File Handler component. This flaw allows remote attackers to manipulate files via the FileHandler.upload file and FileHandler.remove file functions locat...

6.5CVSS6.6AI score0.00294EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.21 views

PT-2026-53113

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...

4.5CVSS5.2AI score0.00091EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.10 views

PT-2026-53346

These are all security issues fixed in the istioctl-1.30.2-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00665EPSS
Exploits11References15
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.14 views

PT-2026-53115

Name of the Vulnerable Software and Affected Versions code-projects Project Management System version 1.0 Description Cross site scripting XSS occurs in the Mail Compose Page component within the /mail.php endpoint. This issue allows a remote attacker to execute malicious scripts through the...

5.1CVSS5.8AI score0.00203EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53109

Name of the Vulnerable Software and Affected Versions yashpokharna2555 restaurent-management-system affected versions not specified Description An issue exists in the POST Parameter Handler component within the /forgotpassword.php file. Remote manipulation of the email parameter allows for SQL...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.18 views

PT-2026-53085

Gitea act runner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-o...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53102

Name of the Vulnerable Software and Affected Versions xiaozhi-esp32 versions prior to 2.2.7 Description A weakness in the MCP Response Handler component allows for improper synchronization. This issue occurs within the ParseMessage function located in the main/mcp server.cc file. Remote...

3.1CVSS5.7AI score0.00228EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53224

Name of the Vulnerable Software and Affected Versions Edimax EW-7478APC version 1.04 Description A remote buffer overflow exists in the POST Request Handler component. The issue occurs within the formUSBFolder function located in the /goform/formUSBFolder endpoint when processing the ShareName or...

9CVSS7.6AI score0.00445EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.3 views

PT-2026-54530

Уязвимость функции decode dlta файла libavcodec/rasc.c видеодекодера RASC мультимедийной библиотеки FFmpeg связана с записью за границами буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании...

9CVSS7.3AI score0.00217EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.8 views

PT-2026-53166

Name of the Vulnerable Software and Affected Versions SimStudioAI sim versions prior to 0.6.93 Description An issue exists in the Password Protection Handler component within the apps/sim/lib/core/security/deployment.ts library. A remote attacker can perform a manipulation that results in the use...

6.3CVSS5.7AI score0.00216EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53081

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to the latest patch Description The RASC video decoder in libavcodec contains a flaw where the decode dlta function in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXT LINE row-boundary...

8.8CVSS6AI score0.00217EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.21 views

PT-2026-53099

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An SQL injection issue exists in the /preview6.php endpoint. A remote attacker can exploit this by manipulating the course year section variable, allowing for the executi...

7.5CVSS7.3AI score0.00412EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.17 views

PT-2026-53091

The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicast client ep qos state subsys/bluetooth/audio/bap unicast client.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd throug...

6.5CVSS5.8AI score0.00185EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53106

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A SQL injection issue exists in the /adminprofile.php endpoint. This occurs when the loginid variable is manipulated, allowing a remote attacker to execute unauthorized database...

5.8CVSS5.9AI score0.00214EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53083

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An issue exists in the public key parsing process where the software expands its public key list using SSH2 REALLOC but fails to zero-initialize new entries before they are populated. If a parse...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.12 views

PT-2026-53111

Name of the Vulnerable Software and Affected Versions ANTLR4 versions prior to 4.13.3 Description An issue exists in the Grammar Action Block Handler component within the file tool/src/org/antlr/v4/codegen/model/OutputFile.java. A remote attacker can perform a manipulation that leads to code...

7.5CVSS7.5AI score0.00311EPSS
Exploits0References8
Total number of security vulnerabilities184379