Lucene search
K
PtsecurityRecent

184322 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.7 views

PT-2026-52787

Name of the Vulnerable Software and Affected Versions H5P versions prior to 1.17.8 Description A flaw allows a user with contributor privileges to perform arbitrary file deletion on the system. Recommendations Update to a version newer than 1.17.7...

7.1CVSS5.9AI score0.00294EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52819

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52816

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

5.4CVSS5.8AI score0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52762

Name of the Vulnerable Software and Affected Versions Payment Gateway Based Fees and Discounts for WooCommerce versions prior to 3.0.1 Description An unauthenticated Insecure Direct Object Reference IDOR exists in the software. IDOR is a type of access control vulnerability that occurs when an...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52820

Contributor Cross Site Scripting XSS in Magazine Blocks = 1.8.3 versions...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52817

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52809

Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52822

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-53025

Summary js-toml's interpreter checks whether a key already exists in a parser-built container with if objectkey instead of if key in object. When the prior value is a falsy primitive — false, 0, 0n, 0.0, -0, or "" — the duplicate-key branch is skipped and the value is silently overwritten by a...

5.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52700

Name of the Vulnerable Software and Affected Versions JetBrains Kotlin versions prior to 2.4.20 Description Unsafe deserialization in the build cache metadata allows for remote code execution. Deserialization is the process of converting a data format, such as JSON or XML, back into an object tha...

9.8CVSS6.1AI score0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52990

Name of the Vulnerable Software and Affected Versions H.View HV-500S6 IP cameras affected versions not specified Description An authenticated user can supply unsanitized XML fields to the certificate generation interface. These fields are incorporated into a backend certificate creation command...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52811

Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...

6.5CVSS5.8AI score0.00127EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52836

Name of the Vulnerable Software and Affected Versions Groundhogg versions prior to 4.6 Description An authenticated attacker can exploit a SQL Injection flaw in the Sales Representative feature. SQL Injection is a type of vulnerability that allows an attacker to interfere with the queries that an...

8.5CVSS5.9AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.19 views

PT-2026-52692

Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52859

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.8AI score0.00258EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52942

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the f2fs module, the f2fs sbi show function reads extension list, extension count, and hot ext count without holding the sb lock. If a concurrent sysfs store operation modifies the...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52798

Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...

4.9CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52648

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 6.0.8 Description Insufficient sanitization of user input in the 'zone-include.php' script allows a low-privileged user to execute reflected Cross-Site Scripting XSS attacks. This occurs through the refresh...

6.1CVSS6.5AI score0.00222EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52739

Name of the Vulnerable Software and Affected Versions Fusion Builder versions prior to 3.15.5 Description A privilege escalation issue exists that allows a user with Contributor permissions to elevate their privileges. Recommendations Update to a version newer than 3.15.4...

8.8CVSS5.8AI score0.00278EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52983

Name of the Vulnerable Software and Affected Versions Koha Library Management System versions 0 through 25.11 Description A stored cross-site scripting XSS issue exists in the item type administration page. An authenticated remote attacker with administrator privileges can inject arbitrary web...

5.4CVSS6AI score0.00196EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52911

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description Cache store poisoning allows for Remote Code Execution RCE, a process where an attacker executes arbitrary code on a remote machine. Recommendations Update t...

9.6CVSS6.2AI score0.00233EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52913

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description An Insecure Direct Object Reference IDOR exists in the project storage settings. A project administrator can gain unauthorized access to the managed Nextclou...

9.9CVSS5.8AI score0.00258EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52854

Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.7 Description The cron plugin uses commands defined in the app.json file to manage system cron tasks running as the Dokku user. If a cron command in app.json contains special shell characters, such as or ;, it can...

9.9CVSS6.1AI score0.00274EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52857

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhook id/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52858

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...

8.8CVSS6.2AI score0.00479EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52903

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.2 OpenProject versions prior to 17.4.0 Description A missing authorization issue exists in the CostReportsController. The rename and update actions allow any authenticated user to modify the name, filters, an...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52966

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-beta.8 Description RustFS is a distributed object storage system built in Rust. The real-time metrics endpoint '/rustfs/admin/v3/metrics' is accessible to any valid IAM user, regardless of their assigned policy...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52887

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description A structural flaw exists in the DefaultCertValidator::verifySubjectAltName function. The issue occurs when...

4.4CVSS5.8AI score0.00212EPSS
Exploits1References20
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52851

Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.2 Description The openresty-vhosts plugin copies files from an application's openresty/http-includes/ git repository directory to the host. The plugin then interpolates these filenames, without escaping, into a...

9CVSS6.1AI score0.00274EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52884

Name of the Vulnerable Software and Affected Versions Envoy versions 1.18.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The router filter contains a null pointer dereference—a condition where the softwa...

7.5CVSS5.9AI score0.00445EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52707

HTMLy 3.1.1 contains a Server-Side Request Forgery SSRF vulnerability in the RSS feed import functionality. The function get feed in system/admin/admin.php passes user-supplied $feed url directly to file get contents without any validation. An authenticated attacker with administrative privileges...

2.1CVSS5.8AI score0.00229EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52984

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.21 Description The authentication filter for the REST API endpoint /api/v1/ incorrectly treats any request path ending in /configs as a public instance-config endpoint, allowing it t...

10CVSS5.8AI score0.00472EPSS
Exploits2References12
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52908

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.4.0 Description An issue exists where the endpoint GET /api/v3/meetings/:meeting id/agenda items/:agenda item id discloses private work package data. This occurs when a linked work package belongs to a project...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52912

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description The HTML sanitizer allows elements to have unrestricted data- attributes through a :data wildcard. An attacker can inject data-controller="poll-for-changes"...

6.4CVSS6.1AI score0.0015EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.18 views

PT-2026-52910

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description An authorization context confusion and Insecure Direct Object Reference IDOR exist within the Calendar and Team Planner modules. A user with management...

5.4CVSS5.8AI score0.00185EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52845

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.32 Description A Denial of Service DoS issue exists in the AITextSummarizerBlock component. This occurs because the system allows input amplification, where a relatively small amount of content can lead to excessi...

5.3CVSS5.8AI score0.00247EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52921

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Push kjump return address even for non-kjump kexec The version of purgatory code shipped by kexec-tools attempts to look above the top of its stack to find a return address for a kjump, even in a non-kjump kexec. After...

5.8AI score0.00121EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52927

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the arm64 architecture early kernel mapping process. For 4K pages, the early kernel mapping may utilize 2MB block entries, but kernel segments are only 64KB aligned...

5.8AI score0.00122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52839

Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...

6.7AI score0.00726EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52768

Name of the Vulnerable Software and Affected Versions Subscriptions for WooCommerce versions prior to 1.9.6 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass security restrictions. Recommendations Update to a version newer than 1.9.5...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.21 views

PT-2026-52747

Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...

8.1CVSS5.8AI score0.00317EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-53024

Name of the Vulnerable Software and Affected Versions regclient affected versions not specified Description Authentication credentials for a registry may be leaked to external servers. This occurs when a malicious registry server, a malicious blob store, or a registry that fails to restrict...

6.8CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52751

Unauthenticated Multiple Vulnerabilities in BitFire Security = 5.0.3 versions...

8.6CVSS5.8AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52755

Unauthenticated Cross Site Scripting XSS in Gutenverse Form = 2.4.7 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52674

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this...

8.6CVSS5.8AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52731

Unauthenticated Broken Access Control in Gutenverse Companion = 2.5.0 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-53021

Impact This vulnerability is an improper input neutralization issue leading to output manipulation, specifically, Terminal/ANSI Escape Sequence Injection and XML Injection: Terminal Output Spoofing: A malicious file whose name contains ANSI escape sequences can end up being included in flawfinder...

6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52664

Name of the Vulnerable Software and Affected Versions YMC Filter WordPress plugin versions prior to 3.11.3 Description An issue exists where the software fails to properly authorize access to a REST API endpoint and does not validate a user-supplied query parameter. This allows unauthenticated...

7.5CVSS5.8AI score0.00921EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52647

A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the tracker-campaigns.php script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to...

4.3CVSS5.8AI score0.00287EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52665

The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as...

5.8AI score0.00215EPSS
Exploits0References2
Total number of security vulnerabilities184322