Lucene search
K
PtsecurityRecent

184377 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52673

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52971

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The TIFF decoder can panic when processing an invalid image that contains an out-of-bounds strip offset. A panic is a critical error that causes a program to cra...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52708

The Mattermost Go module github.com/mattermost/mattermost/server/public versions v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost...

5.4CVSS5.8AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52679

https://t.co/mvFUzxRVPL CVE-2026-54840 newsletters-lite CVSS Score 5.3 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomi…...

5.8AI score0.00213EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52895

Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down....

5.9CVSS5.8AI score0.00579EPSS
Exploits1References18
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.22 views

PT-2026-53018

Summary LinkifyIt.prototype.match — the package's primary public API — has ON² algorithmic complexity for inputs containing many fuzzy links or emails. This is not a regex backtrack bug; it's a structural issue in the JS-level scan loop that re-slices the input and re-runs unanchored regex search...

8.7CVSS5.8AI score0.02152EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-53015

Impact The preAuthEncoding function in @sigstore/core uses Node.js 'ascii' encoding when converting the PAE Pre-Authentication Encoding string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designe...

5.4CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52924

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/amd/display component where the dcn32 validate bandwidth function wraps dcn32 internal validate bw using DC FP START and DC FP END. On x86 non-RT systems, DC F...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52796

Contributor Cross Site Scripting XSS in Neve PRO = 3.1.2 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52660

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6AI score0.00281EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52789

Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...

5.8CVSS5.8AI score0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52733

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52802

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52808

Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.17 views

PT-2026-52697

Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...

8CVSS5.9AI score0.00954EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52969

An issue in the DSO::mmap and copy function of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via loading a crafted shared library...

5.8AI score0.00446EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52915

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "useradmin". This vulnerability is fixed in 17.3.3 and 17.4.1...

8.8CVSS5.8AI score0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.7 views

PT-2026-52902

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.2 OpenProject versions prior to 17.4.0 Description A business logic error exists in the password change behavior. This flaw allows an attacker who has achieved an active session takeover to bypass password...

5.9CVSS5.8AI score0.00175EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52888

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description A stack overflow occurs during the destructor process of a JSON Object when deeply nested objects, reachin...

7.5CVSS5.8AI score0.00557EPSS
Exploits2References21
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52979

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.21 Description An authentication bypass exists in the AuthenticationFilter of Kestra OSS. The system uses a suffix match via request.getPath.endsWith"/configs" to whitelist the publi...

10CVSS6.4AI score0.00684EPSS
Exploits2References12
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52901

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.2 OpenProject versions prior to 17.4.0 Description OpenProject exposes a document update endpoint used to modify existing documents. The system loads the target document with visibility checks, but...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52852

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU ROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user w...

5.5CVSS5.8AI score0.00089EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52883

Name of the Vulnerable Software and Affected Versions Envoy versions 1.34.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description Envoy crashes when an ext proc server sends a single gRPC message containing...

6.5CVSS5.7AI score0.00444EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52722

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery SS...

6.5CVSS5.8AI score0.00104EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52976

Name of the Vulnerable Software and Affected Versions Bento4 versions prior to 1.8.9 Description A stack overflow occurs in the AP4 Array::EnsureCapacity component. This issue allows an attacker to trigger a Denial of Service DoS by providing a specially crafted MP4 file. Recommendations Update t...

5.5CVSS5.9AI score0.00142EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52899

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.4.0 Description The rich text rendering pipeline uses an overly permissive configuration for inline style sanitization. This allows authenticated users with write access to formattable text fields, such as work...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52889

Name of the Vulnerable Software and Affected Versions Envoy versions 1.23.0 through 1.35.10 Envoy versions 1.36.0 through 1.36.6 Envoy versions 1.37.0 through 1.37.2 Envoy versions 1.38.0 through 1.38.0 Description A flaw exists in the zstd decompressor implementation ZstdDecompressorImpl. When...

7.5CVSS5.7AI score0.00486EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52794

Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...

8.8CVSS6.4AI score0.00463EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52774

Unauthenticated SQL Injection in JetEngine = 3.8.10.2 versions...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-53029

Impact The Live Preview endpoint for existing entries and terms only checked view authorization, but it accepts and renders caller-supplied field values. A Control Panel user with view but not edit permission could therefore submit content they were not authorized to author and generate a shareab...

3.5CVSS5.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52720

Unauthenticated Broken Access Control in SiteGround Email Marketing = 1.7.5 versions...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52662

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...

8.5CVSS6AI score0.00122EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52765

Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...

9.9CVSS5.8AI score0.00362EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52766

Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...

9.9CVSS5.8AI score0.00362EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52790

Unauthenticated Broken Access Control in GIFT4U = 1.0.10 versions...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.19 views

PT-2026-52958

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The wbt init enable default function uses WARN ON ONCE to check for failures from wbt alloc and wbt init. However, these are expected failure paths: wbt alloc may return NULL during memo...

5.8AI score0.001EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52985

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.21 Description An access control bypass exists in the previewFileFromExecution endpoint GET '/api/v1/tenant/executions/executionId/file/preview'. This issue allows an authenticated...

6.5CVSS5.9AI score0.00263EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52986

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.3.24 Description The BasicAuth authentication component of the Kestra OSS workflow orchestration platform stores passwords using SHA-512, which has a high computation speed. An attacker with read access to the...

8.7CVSS5.8AI score0.00158EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52663

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

5.9AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52683

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirm payment function in all...

6.5CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52829

Name of the Vulnerable Software and Affected Versions Paid Memberships Pro - Add Member From Admin versions prior to 0.7.3 Description An unauthenticated Cross Site Request Forgery CSRF exists, which allows attackers to execute unauthorized actions via crafted requests. CSRF is a type of attack...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52763

Subscriber PHP Object Injection in RealHomes = 4.5.3 versions...

8.8CVSS5.8AI score0.00391EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52724

Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.7 views

PT-2026-52991

Name of the Vulnerable Software and Affected Versions H.View HV-500S6 IP Camera affected versions not specified Description Certificate-related upload interfaces allow authenticated users to store arbitrary file content in fixed, persistent filesystem locations. The system fails to validate the...

8.6CVSS5.9AI score0.004EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52821

Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52795

Contributor Cross Site Scripting XSS in SeedProd Pro 6.19.5 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52672

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...

7.5CVSS5.9AI score0.01266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.18 views

PT-2026-52668

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-ftp versions prior to 3.15.1 Description The FTPSHook.get conn function in the Apache Airflow FTP provider creates an ftplib.FTP TLS connection without calling prot p. This results in the data channel being transmitted...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.18 views

PT-2026-52776

Unauthenticated SQL Injection in Advance Product Search = 1.4.4 versions...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52865

Name of the Vulnerable Software and Affected Versions extract-zip affected versions not specified Description The software fails to validate symlink targets during the extraction of zip archives. A malicious zip file containing a symlink with a relative path can be used to point outside the...

8.6CVSS6.1AI score0.00346EPSS
Exploits1References14
Total number of security vulnerabilities184377