Lucene search
K

1183 matches found

Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.19 views

PT-2026-47283

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An improper access control flaw exists where a limited administrator can bypass Fine-Grained Admin Permissions FGAP, which are detailed permissions that restrict administrative actions to...

7.2CVSS5.5AI score0.00329EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40778

Name of the Vulnerable Software and Affected Versions AMD Zen 2-based products affected versions not specified Description Improper isolation of shared resources within the CPU operation op/µop cache on Zen 2-based products can cause incorrect instructions to be executed at a higher privilege...

7.3CVSS5.4AI score0.00258EPSS
Exploits0
OSV
OSV
added 2026/05/04 9:27 p.m.7 views

GHSA-HCWR-PQ9G-RQ3M apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)

apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and available via ChecksumString, and the downloaded package control hash is computed, but the two values are never...

7.5CVSS5.9AI score0.00159EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-36800

Name of the Vulnerable Software and Affected Versions Norton Secure VPN affected versions not specified Description A privilege escalation issue occurs during the installation of the software via the Microsoft Store. A low-privilege user can replace files during the installation process,...

8.8CVSS5.9AI score0.00127EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-36806

Name of the Vulnerable Software and Affected Versions Ansible Automation Platform Gateway versions 2.6 and later Description A flaw in the AAP gateway involves the user auto-link strategy, which automatically links an external Identity Provider IDP identity to an existing user account based on...

8.3CVSS5.8AI score0.00397EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/09 5:0 p.m.2 views

CVE-2026-5970

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

7.5CVSS6.8AI score0.00387EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28440

Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description A code injection issue exists in BUFFALO Wi-Fi router products. Successful exploitation of this issue could allow for the execution of arbitrary code on affected devices...

8.8CVSS6.3AI score0.00266EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.8 views

PT-2026-28696

Name of the Vulnerable Software and Affected Versions SourceCodester Note Taking App version 1.0 Description A cross-site request forgery condition exists in SourceCodester Note Taking App. The issue impacts an unknown function and allows for remote exploitation. The exploit has been publicly...

5.3CVSS5.7AI score0.00155EPSS
Exploits0References7
NVD
NVD
added 2026/02/21 12:16 a.m.6 views

CVE-2026-27147

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

6.9CVSS0.00197EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:10 p.m.4 views

CVE-2026-27146

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...

7.1CVSS5.9AI score0.00174EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.4 views

PT-2026-7420

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description Inserting specific large documents into a replica set may cause secondary nodes to fail to retrieve the oplog from the primary node. This can halt replication within the replica set,...

7.5CVSS5.4AI score0.00243EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.4 views

PT-2026-7297

Name of the Vulnerable Software and Affected Versions IntelR Quick Assist Technology for some IntelR Platforms affected versions not specified Description An improper authorization issue exists within the kernel of IntelR Quick Assist Technology for some IntelR Platforms within Ring 0. This may...

6.8CVSS5.3AI score0.0009EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.6 views

PT-2026-6986

Name of the Vulnerable Software and Affected Versions Tenda AC8 version 16.03.33.05 Description A buffer overflow issue exists in the Embedded Httpd Service component of Tenda AC8. The flaw is located in the file '/goform/fast setting wifi set' and is triggered by manipulating the timeZone...

9CVSS5.5AI score0.00622EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.11 views

PT-2026-6706

Name of the Vulnerable Software and Affected Versions versions prior to 2026-24916 Description An identity authentication bypass issue exists in the window module. Successful exploitation could compromise service confidentiality. Recommendations At the moment, there is no information about a newe...

5.9CVSS5.4AI score0.00117EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.4 views

PT-2026-6702

Name of the Vulnerable Software and Affected Versions Huawei HarmonyOS affected versions not specified Description An out-of-bounds write issue exists in the camera module. Successful exploitation of this issue may affect system availability. Recommendations At the moment, there is no information...

8.4CVSS5.4AI score0.00105EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.6 views

PT-2026-6701

Name of the Vulnerable Software and Affected Versions versions prior to 2026 affected versions not specified Description A heap-based buffer overflow vulnerability exists in the image module. Successful exploitation of this issue may affect availability. Recommendations At the moment, there is no...

7.3CVSS5.8AI score0.0008EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6703

Name of the Vulnerable Software and Affected Versions versions prior to 2026-24929 Description An out-of-bounds read issue exists in the graphics module. Successful exploitation could impact system availability. Recommendations At the moment, there is no information about a newer version that...

5.9CVSS5.4AI score0.00073EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.4 views

PT-2026-6607

Name of the Vulnerable Software and Affected Versions Tanium Appliance affected versions not specified Description An improper input validation issue exists in Tanium Appliance. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

2.7CVSS5.4AI score0.00245EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/29 9:33 p.m.4 views

CVE-2026-25040

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.9AI score0.00523EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/11 12:0 a.m.15 views

PT-2026-2032

Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A flaw exists in the strcpy function within the /goform/formConfigFastDirectionW file. Manipulation of the ssid argument can lead to a buffer overflow, potentially allowing for remote exploitation...

9CVSS8.8AI score0.00783EPSS
Exploits1References10
Rows per page
Query Builder