Lucene search
K
PtsecurityRecent

184379 matches found

Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53082

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An integer overflow occurs when the software reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response. This value is used in the allocation num attrs sizeoflibssh2...

8.3CVSS6AI score0.00333EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.13 views

PT-2026-53221

Name of the Vulnerable Software and Affected Versions Delta Electronics DTM Soft affected versions not specified Description The software is susceptible to the deserialization of untrusted data, which can allow an attacker to execute arbitrary code. Real-world exploitation has been observed where...

8.4CVSS6AI score0.00388EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.6 views

PT-2026-53343

These are all security issues fixed in the jupyter-jupyterlab-templates-0.5.3-2.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00782EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.8 views

PT-2026-53332

These are all security issues fixed in the ImageMagick-7.1.2.25-3.1 package on the GA media of openSUSE Tumbleweed...

9.1CVSS5.8AI score0.00895EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53051

Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with custom-level access ...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.8 views

PT-2026-53226

Published our new research: CVE-2026-52870 Missing Authorization in @AnthropicAI's MCP Python SDK. On multi-client MCP servers, any authenticated client could enumerate and hijack tasks from other clients. Patched in v1.27.2. https://t.co/ykvbM2cmXm @Shruti Lohani...

5.8AI score0.00043EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.13 views

PT-2026-53060

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer overflow occurs in the dsp mmap single function when validating requested mappings by summing a user-supplied offset and length against the buffer siz...

7.8CVSS6AI score0.00149EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.8 views

PT-2026-53338

These are all security issues fixed in the jq-1.8.2-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.17 views

PT-2026-53054

The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs update failed payment status AJAX action. The handler is registered through both wp ajax and wp ajax nopriv hooks and the underlying update failed payment statu...

5.3CVSS5.6AI score0.00323EPSS
Exploits2References11
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53047

Name of the Vulnerable Software and Affected Versions Shariff for WordPress versions prior to 1.0.12 Description The plugin fails to sanitize or escape the shariff infourl setting before it is output in the frontend HTML via the generateshariff function. This flaw allows high-privilege users, suc...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.7 views

PT-2026-53333

These are all security issues fixed in the agama-web-ui-22+143.ee15dea20-46.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.9 views

PT-2026-53335

These are all security issues fixed in the calibre-9.10.0-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.11 views

PT-2026-53655

Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.10.0 Description A flaw exists where reading metadata from a malicious EPUB, OPF, or PDF file allows the execution of arbitrary Python code. This occurs when a custom column definition containing a python: template ...

8.5CVSS6.2AI score0.00197EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.15 views

PT-2026-53036

Name of the Vulnerable Software and Affected Versions HCL Traveler for Microsoft Outlook HTMO affected versions not specified Description The application is susceptible to security weaknesses because it relies on .NET Framework 4.5, which has reached end-of-life. As this framework no longer...

7.7CVSS5.7AI score0.001EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.13 views

PT-2026-53055

Name of the Vulnerable Software and Affected Versions Spexo theme for WordPress versions prior to 2.0.12 Description Unauthorized access is possible due to a missing capability check in the activate plugin function. This allows authenticated users with Subscriber-level permissions or higher to...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.11 views

PT-2026-53225

Name of the Vulnerable Software and Affected Versions mcp Python SDK versions prior to 1.27.2 Description Principal confusion exists in the HTTP transports of the mcp Python SDK. Specifically, the SSE and Streamable HTTP stateful mode routed sessions fail to verify if the principal matches the...

5.8AI score0.00054EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.13 views

PT-2026-53043

Name of the Vulnerable Software and Affected Versions Invoice Generator versions prior to 1.0.1 Description The Invoice Generator plugin for WordPress allows privilege escalation because it fails to perform a capability check on the pravel invoice edit account AJAX action. The handler is exposed...

9.8CVSS5.8AI score0.00662EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.7 views

PT-2026-53336

These are all security issues fixed in the hydra-9.7+git20.gbccaea1-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS5.8AI score0.01325EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.14 views

PT-2026-53057

Name of the Vulnerable Software and Affected Versions Frisbii Pay versions prior to 1.9.0 Description Authenticated users with Subscriber-level access and above can perform unauthorized modification of data. This is caused by missing capability checks in the upload csv and process batch functions...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.14 views

PT-2026-53049

Name of the Vulnerable Software and Affected Versions Surbma | Infusionsoft Shortcode versions prior to 2.0.2 Description Stored Cross-Site Scripting occurs via the 'infusionsoft-form' shortcode. The issue stems from insufficient input sanitization and output escaping within the surbma infusionso...

6.4CVSS6AI score0.00193EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53050

Name of the Vulnerable Software and Affected Versions Masteriyo LMS – LMS Course Builder, Quizzes & Certificates versions prior to 2.2.2 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows...

4.3CVSS5.9AI score0.0015EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.9 views

PT-2026-53039

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.16 views

PT-2026-53059

Name of the Vulnerable Software and Affected Versions RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login versions prior to 6.0.8.7 Description An authentication bypass exists due to insufficient verification of data authenticity. The PayPal IPN callback...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.14 views

PT-2026-53038

Name of the Vulnerable Software and Affected Versions Ivory Search – WordPress Search Plugin versions prior to 5.5.16 Description Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access and above to perform Stored Cross-Site Scripting XSS...

4.4CVSS6AI score0.00251EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.13 views

PT-2026-53056

Name of the Vulnerable Software and Affected Versions Page Builder by SiteOrigin versions prior to 2.34.4 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject arbitrary...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.7 views

PT-2026-53334

These are all security issues fixed in the assimp-devel-6.0.5-4.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.16 views

PT-2026-53041

Name of the Vulnerable Software and Affected Versions CodePeople Post Map for Google Maps versions prior to 1.2.7 Description Insufficient input sanitization and output escaping allow authenticated attackers with Contributor-level access and above to perform Stored Cross-Site Scripting. This is...

6.4CVSS6AI score0.0021EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53053

Name of the Vulnerable Software and Affected Versions Gutenverse versions prior to 3.8.1 Description The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress contains a Stored Cross-Site Scripting issue in the admin settings. This occurs due to insufficient input...

4.4CVSS5.9AI score0.00246EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.11 views

PT-2026-53341

These are all security issues fixed in the ocaml-4.14.4-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.13 views

PT-2026-53340

These are all security issues fixed in the logback-1.5.36-1.1 package on the GA media of openSUSE Tumbleweed...

7CVSS5.8AI score0.00122EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.13 views

PT-2026-53044

Name of the Vulnerable Software and Affected Versions Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content versions prior to 4.16.17 Description An Insecure Direct Object Reference occurs because the software fails to verify if the authenticated...

8.1CVSS5.8AI score0.00222EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.10 views

PT-2026-53037

HCL Traveler for Microsoft Outlook HTMO is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.13 views

PT-2026-53065

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The CONS HISTORY ioctl handler fails to properly validate the requested history size. Providing a large value leads to an integer overflow during the buffer size...

7.8CVSS5.9AI score0.00107EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.11 views

PT-2026-53064

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The ELF image activator cleared per-process ASLR Address Space Layout Randomization, a security technique that randomizes memory addresses to prevent exploitatio...

7.8CVSS5.8AI score0.00106EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.9 views

PT-2026-53048

The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...

4.3CVSS5.9AI score0.00213EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.14 views

PT-2026-53063

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where the audio buffer backing a mapping could be freed upon closing the device while the mapping remains valid. This allows the freed memory to ...

7CVSS6.1AI score0.00125EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.7 views

PT-2026-55946

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.4 pnpm versions prior to 11.7.0 Description A crafted patch entry can resolve outside the configured patches directory, allowing the pnpm patch-remove command to delete an arbitrary reachable file. Recommendations...

7.1CVSS6.2AI score0.00257EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53062

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the kernel handler for IPV6 MSFILTER. The handler drops a serializing lock to copy the source-filter list from userspace and subsequently reacquires it...

7.8CVSS5.8AI score0.00104EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.6 views

PT-2026-53339

These are all security issues fixed in the libslirp-devel-4.9.3+4-1.1 package on the GA media of openSUSE Tumbleweed...

6.5CVSS5.8AI score0.00106EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.14 views

PT-2026-53052

Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description An Insecure Direct Object Reference exists due to missing validation on a user-controlled key. Authenticated attackers with subscriber-level...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.16 views

PT-2026-53042

Name of the Vulnerable Software and Affected Versions HD Quiz versions 2.2.0 through 2.2.1 Description The HD Quiz plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because the hdq validate nonce function fails to properly validate nonces, which are unique tokens...

4.3CVSS5.7AI score0.00179EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.17 views

PT-2026-53040

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6AI score0.00344EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.2 views

PT-2026-54531

Уязвимость компонента act runner системы управления Git-репозиториями Gitea связана с небезопасным управлением привилегиями. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии...

9CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.3 views

PT-2026-54532

Уязвимость функции publickey response success библиотеки libssh2 связана с целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании или выполнить произвольный код...

8.3CVSS7AI score0.00333EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.13 views

PT-2026-53342

These are all security issues fixed in the python311-jupyter-ydoc-3.5.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00782EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53046

Name of the Vulnerable Software and Affected Versions MaxButtons – Create buttons plugin for WordPress versions prior to 9.8.6 Description Reflected Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary we...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.27 views

PT-2026-53077

Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.7 Description Authenticated users with Subscriber-level access can delete arbitrary files on the server, including sensitive files like wp-config.php, which may lead to a full site takeover. Th...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.24 views

PT-2026-53076

Name of the Vulnerable Software and Affected Versions Zephyr versions 3.6.0 through 4.4.0 Description An out-of-bounds write exists in the IP socket recvmsg implementation within the insert pktinfo function. The issue occurs because the system validates the user-supplied ancillary msg control...

8.7CVSS6.1AI score0.0012EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.15 views

PT-2026-53337

These are all security issues fixed in the jackson-databind-2.18.8-2.1 package on the GA media of openSUSE Tumbleweed...

8.1CVSS5.8AI score0.00617EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.15 views

PT-2026-53058

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker versions prior to 11.1.5 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attacker...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References18
Total number of security vulnerabilities184379