Lucene search
K
PtsecurityRecent

184322 matches found

Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•14 views

PT-2026-52812

Name of the Vulnerable Software and Affected Versions Gallery versions prior to 4.7.9 Description An issue exists that allows for SQL Injection, a technique where malicious SQL statements are inserted into entry fields for execution, specifically affecting contributors. Recommendations Update to ...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•12 views

PT-2026-52760

Subscriber Cross Site Scripting XSS in ListingPro = 2.9.11 versions...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•14 views

PT-2026-52695

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tim Strifler Exclusive Addons Elementor allows Stored XSS. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.8...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•9 views

PT-2026-52781

Unauthenticated Cross Site Scripting XSS in SureCart = 4.3.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•10 views

PT-2026-52713

Name of the Vulnerable Software and Affected Versions Auros Core versions prior to 5.3.2 Description An unauthenticated content injection flaw allows an attacker to inject arbitrary content into the system without requiring valid credentials. Recommendations Update Auros Core to version 5.3.2 or...

5.3CVSS5.9AI score0.0024EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•16 views

PT-2026-52973

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.6.4 Description A Time-of-Check to Time-of-Use TOCTOU flaw exists in NppCommands.cpp. The application validates the HMAC of the shortcuts.xml file on disk when a user command is triggered, but it executes the...

7.5CVSS5.8AI score0.00129EPSS
Exploits2References5
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•14 views

PT-2026-52885

Name of the Vulnerable Software and Affected Versions Envoy versions 1.34.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The PROXY Protocol v2 header generator emits Type-Length-Values TLVs that exceed t...

4.8CVSS5.8AI score0.00218EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•7 views

PT-2026-52726

Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•18 views

PT-2026-53002

Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description Insufficient validation of the $tag placeholder allows for the dynamic construction of file paths that can be manipulated. If an instance is configured to receive logs from untrusted sources and use...

9.8CVSS6.1AI score0.01107EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•9 views

PT-2026-52833

Name of the Vulnerable Software and Affected Versions Recipe Maker For Your Food Blog from Zip Recipes versions prior to 8.2.8 Description A SQL Injection issue exists that allows exploitation at the contributor level. SQL Injection is a technique where an attacker inserts malicious SQL code into...

8.5CVSS5.9AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•16 views

PT-2026-52769

Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•14 views

PT-2026-52705

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows unauthorized reading of saved queries and tags. Recommendations Update to version 2026.2.16593...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•12 views

PT-2026-52691

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.456 26031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS5.8AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•9 views

PT-2026-52818

Contributor Broken Access Control in Nelio Content = 4.3.4 versions...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•18 views

PT-2026-52650

Name of the Vulnerable Software and Affected Versions Revive Adserver version 6.0.7 Description Stored Cross-Site Scripting XSS occurs in the maintenance-acl-check.php and maintenance-banners-check.php tools. The issue arises when entity names are displayed without proper escaping during the...

5.4CVSS5.9AI score0.00199EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•24 views

PT-2026-52759

Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•16 views

PT-2026-52673

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•8 views

PT-2026-52971

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The TIFF decoder can panic when processing an invalid image that contains an out-of-bounds strip offset. A panic is a critical error that causes a program to cra...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•10 views

PT-2026-52708

The Mattermost Go module github.com/mattermost/mattermost/server/public versions v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost...

5.4CVSS5.8AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•19 views

PT-2026-52864

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

7.5CVSS5.9AI score0.00399EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•20 views

PT-2026-52799

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•19 views

PT-2026-52667

Name of the Vulnerable Software and Affected Versions WSO2 API Manager affected versions not specified Description The message flow component fails to sufficiently validate or restrict user-controlled input within WS-Addressing headers. This allows an unauthenticated attacker to manipulate these...

10CVSS5.9AI score0.00222EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•17 views

PT-2026-52860

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•16 views

PT-2026-52679

https://t.co/mvFUzxRVPL CVE-2026-54840 newsletters-lite CVSS Score 5.3 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomi…...

5.8AI score0.00213EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•10 views

PT-2026-52895

Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The HTTP OAuth2 filter envoy.filters.http.oauth2 can leave an in-flight async token exchange attached to a downstream stream that has already been torn down....

5.9CVSS5.8AI score0.00579EPSS
Exploits1References18
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•22 views

PT-2026-53018

Summary LinkifyIt.prototype.match — the package's primary public API — has ON² algorithmic complexity for inputs containing many fuzzy links or emails. This is not a regex backtrack bug; it's a structural issue in the JS-level scan loop that re-slices the input and re-runs unanchored regex search...

8.7CVSS5.8AI score0.02152EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•10 views

PT-2026-53015

Impact The preAuthEncoding function in @sigstore/core uses Node.js 'ascii' encoding when converting the PAE Pre-Authentication Encoding string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designe...

5.4CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•9 views

PT-2026-52924

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/amd/display component where the dcn32 validate bandwidth function wraps dcn32 internal validate bw using DC FP START and DC FP END. On x86 non-RT systems, DC F...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•14 views

PT-2026-52797

Subscriber Broken Access Control in WPCafe = 3.0.14 versions...

4.3CVSS5.8AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•8 views

PT-2026-52920

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference or refcount corruption exists in the iommu/vt-d component. When dev pasid is not found in the dev pasids list and remains NULL, teardown operations are execute...

8.8CVSS5.9AI score0.00235EPSS
Exploits0References374
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•14 views

PT-2026-52926

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the audit log capset function where the effective capability set is incorrectly recorded into the inheritable field. This occurs because the function reports cap pi...

7.8CVSS5.8AI score0.00184EPSS
Exploits0References378
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•27 views

PT-2026-52933

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox-test component where a double-free occurs during the process of freeing channels. This happens because the RX channel can be aliased to the TX channel if i...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References21
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•13 views

PT-2026-52934

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox component where the system fails to perform a sanity check for the channel array. If no channel array is attached to the mailbox controller, a subsequent...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References21
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•16 views

PT-2026-52649

Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...

8.8CVSS7.2AI score0.02734EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•14 views

PT-2026-53019

Name of the Vulnerable Software and Affected Versions python-socketio versions prior to 5.16.2 Description The server stores binary EVENT and ACK messages in memory while awaiting their binary attachments. An attacker can trigger a memory exhaustion issue by submitting a binary message and...

7.5CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•10 views

PT-2026-52937

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the airoha qdma init rx queue function when queue entry or DMA descriptor list allocation fails. This happens because the ndesc variable is initializ...

5.8AI score0.00122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•25 views

PT-2026-52767

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•9 views

PT-2026-52800

Name of the Vulnerable Software and Affected Versions StatCounter versions prior to 2.1.2 Description StatCounter is subject to Cross Site Scripting XSS, a flaw that allows an attacker to inject malicious scripts into web pages viewed by other users, specifically affecting the contributor role...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•15 views

PT-2026-52689

A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details...

8.5CVSS6.2AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•51 views

PT-2026-53004

Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description The in http and in forward plugins support gzip-compressed data but only enforce size limits on the compressed payloads via settings like body size limit and chunk size limit. Because no limit is...

7.5CVSS7.1AI score0.0063EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•15 views

PT-2026-52938

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the airoha qdma cleanup tx queue function when the queue entry list allocation fails within the airoha qdma init tx queue routine. This is caused by...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References16
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•13 views

PT-2026-52778

Name of the Vulnerable Software and Affected Versions Teable affected versions not specified Description The v2 REST API controller lacks @Permissions metadata on ORPC endpoints, which enables authenticated users to bypass authorization checks. This allows unauthorized reading of table schemas,...

8.8CVSS5.8AI score0.00371EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•11 views

PT-2026-53011

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description An arbitrary file write issue exists on the host system when using a crafted image. The /instances/$name/exec endpoint uses the record-output parameter to store command output in the exec-outpu...

9.9CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•11 views

PT-2026-53010

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description An issue exists where a specially crafted image can be used to read or create and write arbitrary files on the host, potentially leading to arbitrary command execution. The problem occurs becau...

9.9CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•12 views

PT-2026-53013

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description A flaw exists where a specially crafted container image or instance backup can be used to read or create and write arbitrary files on the host, potentially leading to arbitrary command executio...

9.9CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•13 views

PT-2026-53016

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description An arbitrary file write exists in the Incus client that can lead to arbitrary command execution as root on the server. The issue occurs when the client processes a request with source.type=url...

9.9CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•15 views

PT-2026-53012

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description Instance snapshots ignore the restricted.containers.lowlevel=block setting, which allows for arbitrary command execution on the Incus server. This occurs by abusing lowlevel hooks such as raw.l...

9.9CVSS6.3AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•14 views

PT-2026-53014

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description Improper validation of the user-provided backup compression algorithm allows for argument injection in the constructed command line. The system validates the compression algorithm by checking...

9.9CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•15 views

PT-2026-52202

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.5 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Improper authorization checks could allow an unauthenticated user to view confidential issue references ...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•9 views

PT-2026-52207

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.3 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Insufficient filtering in a CI/CD API endpoint could allow sensitive information to be written to...

4.4CVSS5.7AI score0.0013EPSS
Exploits0References6
Total number of security vulnerabilities184322