Lucene search
K
PtsecurityRecent

184377 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52914

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description The Storages module writes the OneDrive/SharePoint userless OAuth access token in plaintext to the Rails.cache using the deterministic key storage..httpx...

8.2CVSS5.8AI score0.00129EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52935

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox-test component where channels are not freed during a probe error. This failure to release resources leads to a memory leak and creates Use-After-Free UAF...

5.7AI score0.00129EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.17 views

PT-2026-52681

Name of the Vulnerable Software and Affected Versions Bytes::Random::Secure versions prior to 0.30 Description Internal state for the Pseudo-Random Number Generator PRNG is shared across forked processes when an object is initialized before forking or when the functional interface is used. This...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-53020

Name of the Vulnerable Software and Affected Versions python-engineio versions prior to 4.13.2 Description Two specific configurations of the server fail to verify the size of incoming messages before loading them into memory, which can lead to excessive memory allocations. This occurs during POS...

7.5CVSS5.8AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52897

Name of the Vulnerable Software and Affected Versions Patool versions prior to 4.0.5 Description A path traversal issue exists in the safe extract function within patoolib/programs/py tarfile.py when used with Python versions before 3.12. The is within directory helper function utilizes...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52975

Name of the Vulnerable Software and Affected Versions Bento4 versions prior to 1.8.9 Description A stack overflow occurs in the AP4 StsdAtom::AP4 StsdAtom component, which can be triggered by a specially crafted MP4 file, leading to a Denial of Service DoS. Recommendations Update to version 1.8.9...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-53023

Summary The administrative proxy route cmsproxy in Aimeos Pagible CMS is vulnerable to a Server-Side Request Forgery SSRF attack via DNS Rebinding. A Time-of-Check to Time-of-Use TOCTOU race condition exists between the URL validation phase and the actual HTTP request phase, allowing attackers to...

3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52698

Name of the Vulnerable Software and Affected Versions Apache Kerby versions prior to 2.1.2 Description An issue exists where the Kerberos pre-authentication check can be bypassed by sending a PA-DATA containing an unrecognized or unsupported type. Recommendations Upgrade to version 2.1.2...

7.3CVSS5.8AI score0.00321EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52711

Name of the Vulnerable Software and Affected Versions Live Copy Paste for Elementor versions prior to 1.5.4 Description Broken access control allows users with the Contributor role to perform unauthorized actions. Recommendations Update Live Copy Paste for Elementor to version 1.5.4 or later...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52736

Unauthenticated Sensitive Data Exposure in Trinity Backup Backup, Migrate, Restore, Clone & Schedule Backups = 2.0.9 versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52758

Unauthenticated Cross Site Scripting XSS in Blog2Social = 8.9.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52753

Contributor Privilege Escalation in Frisbii Pay = 1.8.2 versions...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-53017

Name of the Vulnerable Software and Affected Versions turso-cli affected versions not specified Description the turso-cli tool stores the user's platform JSON Web Token JWT in a settings.json file using default file permissions of 0o644. This configuration makes the credential file world-readable...

5.5CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52807

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52815

newsletters subscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS5.8AI score0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.4 views

PT-2026-55848

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=527766102 Crash type: Heap-use-after-free READ 1 Crash state: Ogre::VertexData::convertPackedColour Ogre::MeshSerializerImpl::readGeometry Ogre::MeshSerializerImpl::readMesh...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.7 views

PT-2026-52826

Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.4 views

PT-2026-52740

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce = 10.4.0 versions...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52970

Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a...

5.8AI score0.00089EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52730

Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52693

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-53006

The fluent-plugin-s3 plugin specifically the in s3 input plugin supports reading and decompressing heavily compressed files such as gzip, lzma2, and lzop from Amazon S3. It was discovered that the plugin read the entire decompressed payload into memory at once without enforcing a strict size limi...

2.7CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52848

Name of the Vulnerable Software and Affected Versions KubeVirt versions 1.8.0 and later Description A flaw exists in the network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the networkName value is written directly into the launcher...

4.9CVSS5.8AI score0.00155EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52837

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS5.8AI score0.00325EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52981

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the patron restriction type administration page. An authenticated remote attacker with administrator privileges can inject...

6.1CVSS5.8AI score0.0022EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52982

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the OPAC item detail page. An authenticated remote attacker with edit items permission can inject arbitrary web scripts throu...

5.4CVSS5.8AI score0.00196EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-53008

Summary Description An LDAP Injection CWE-90 vulnerability in the MSISDN authentication module allows an unauthenticated, remote attacker to obtain an arbitrary OpenAM session without a password in the default trusted gateway configuration. This impacts OpenAM Community Edition through version...

8.7CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52786

Unauthenticated Cross Site Scripting XSS in FOX = 1.4.8 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52714

Name of the Vulnerable Software and Affected Versions BookPro versions prior to 1.1.1 Description An unauthenticated Insecure Direct Object Reference IDOR exists, which occurs when an application provides direct access to objects based on user-supplied input without sufficient authorization check...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52801

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.5 views

PT-2026-52709

Name of the Vulnerable Software and Affected Versions Forget About Shortcode Buttons versions prior to 2.1.4 Description Broken access control allows contributors to perform unauthorized actions within the software. Recommendations Update to a version newer than 2.1.3...

5.4CVSS5.8AI score0.00209EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52813

Contributor SQL Injection in WP Post Author = 3.9.1 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52710

Name of the Vulnerable Software and Affected Versions Restaurant Menu by MotoPress versions prior to 2.4.12 Description Broken access control allows users with the Subscriber role to perform unauthorized actions within the plugin. Recommendations Update Restaurant Menu by MotoPress to version...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52953

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the padata component where the CPU offline callback was incorrectly placed in a hotplug state before CPUHP TEARDOWN CPU. Because failure is not permitted in these...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52943

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A soft lockup occurs when opening /dev/sgX due to improper validation of the def reserved size module parameter. While the sg proc write dressz function enforces a size limit between 0 a...

5.5CVSS5.8AI score0.00101EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52850

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

9CVSS5.9AI score0.00289EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52725

Unauthenticated SQL Injection in JetBooking = 4.0.4.1 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52842

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Kernel software running within a Host VM can send improper commands to the GPU Firmware. This allows the firmware to perform memory read or write operations...

7.8CVSS5.8AI score0.00106EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52855

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52964

Name of the Vulnerable Software and Affected Versions RustFS versions 1.0.0-alpha.1 through 1.0.0-beta.8 Description An authorization bypass exists in the bucket replication admin API. The ListRemoteTargetHandler handler for listing remote replication targets verifies the existence of request...

8.2CVSS5.8AI score0.00181EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52882

Name of the Vulnerable Software and Affected Versions Envoy versions 1.26.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The envoy.filters.http.grpc stats filter is subject to a null pointer dereference,...

7.5CVSS5.7AI score0.00448EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52782

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...

8.5CVSS5.9AI score0.00351EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52770

Unauthenticated Broken Access Control in MailChimp Block = 1.1.15 versions...

8.3CVSS5.8AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52735

Unauthenticated Broken Access Control in Intranet & Private Site All-In-One Intranet = 1.8.1 versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52688

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS6.3AI score0.00134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52682

Name of the Vulnerable Software and Affected Versions Bytes::Random::Secure::Tiny versions prior to 1.012 Description Internal state for the Pseudo-Random Number Generator PRNG is shared across forked processes when an object is initialized before the fork occurs. This leads to the production of...

7.5CVSS5.7AI score0.00292EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-53001

Name of the Vulnerable Software and Affected Versions Fleet DM affected versions not specified Description An issue exists in the global policy read endpoint GET /api/latest/fleet/policies/policy id where authorization is performed against an empty structure with a nil TeamID. This allows the...

4.3CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52892

Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2026.2.5 through 2026.2.11 Description An issue exists in the custom PowerShell VPN editor where incorrect link resolution by display name allows an authenticated attacker with write access to a shar...

7.2CVSS5.9AI score0.00278EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.21 views

PT-2026-52680

Name of the Vulnerable Software and Affected Versions Claude Code versions 2.1.38 through 2.1.162 Description Worktree handling allows the creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink...

8.8CVSS6.4AI score0.00765EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.24 views

PT-2026-52759

Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Total number of security vulnerabilities184377