Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

37 matches found

Positive Technologies
Positive Technologiesadded 2026/03/04 11:13 a.m.7 views

PT-2026-03: Access Control Violation Vulnerability in PT NGFW

The vulnerability was identified in PT NGFW, version1.8.1 certified. The discovered vulnerability can be exploited by an attacker to gain access to MinIO backups. The exfiltrated data can be used for reconnaissance of the organization's infrastructure to conduct subsequent attacks on the system...

8.7CVSS5.8AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2025/11/25 10:25 a.m.9 views

PT-2025-41: The Twinkly Light Tree 3D firmware uses a vulnerable Blufi library

The vulnerability was identified in the Twinkly Light Tree 3D firmware, 2.8.18. An attacker within Bluetooth range, with physical access to a device running firmware prior to 2.9.0 and provisioning mode manually re-enabled could, in an attack scenario, interfere with the provisioning exchange and...

8.8CVSS5.8AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/31 12:0 a.m.3 views

PT-2025-114: Stored XSS in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to inject arbitrary HTML tags and JavaScript, leading to script execution in victims’ browsers and enabling social‑engineering attacks. Vulnerability status: Confirmed by vendor Date of...

6.1CVSS6AI score
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-28395

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00441EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2025/09/10 12:0 a.m.6 views

PT-2025-86: Disclosure of confidential data via controller configuration request in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability can be exploited by an attacker to obtain administrator‑level privileges. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...

8.3CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/09/02 12:0 a.m.9 views

PT-2025-92: Local Privilege Escalation in IDrive

The vulnerability was identified in IDrive, version 4.0.0.38. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 02.09.2025 Recommendations: Update to version MacVersion...

7CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/08/12 12:0 a.m.5 views

PT-2025-66: Arbitrary file write in Booco

The vulnerability was identified in Booco, version Server v2.38.3. The discovered vulnerability allows an attacker to supply a relative path in a parameter, which results in a new file being created or an existing file being overwritten in any directory of the file system. Vulnerability status:...

8.9CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/08/08 12:0 a.m.8 views

PT-2025-111: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to exploit incorrect authorization, obtaining information or functions beyond their privileges. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 08.08.2025...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/08/08 12:0 a.m.4 views

PT-2025-108: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to subvert access‑control verification in the Kanban module, obtaining unauthorized access to protected functionality. Vulnerability status: Confirmed by vendor Date of vulnerability...

8.6CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/07/04 12:0 a.m.5 views

PT-2025-67: XML external entity leads to Local File Read and Server-side request forgery in FastReport.NET

The vulnerability was identified in FastReport .NET, versions 2024.2.20. The discovered vulnerability, due to the ability to inject and expand external entities, can be exploited by an attacker to read arbitrary local files and perform server‑side request forgery SSRF with full response retrieval...

9.2CVSS5.9AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/06/24 12:0 a.m.6 views

PT-2025-91: Local Privilege Escalation in Mullvad VPN

The vulnerability was identified in Mullvad VPN, version 2025.4. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 24.06.2025 Recommendations: Update to version 2025.7 or...

7CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/05/23 12:0 a.m.7 views

PT-2025-46: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to access information or functionality that exceeds the privileges granted to the user because the application checks access rights incorrectly. Vulnerability status:...

8.1CVSS5.8AI score0.00348EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/05/23 12:0 a.m.8 views

PT-2025-52: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed b...

7CVSS5.8AI score0.00393EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/05/23 12:0 a.m.7 views

PT-2025-45: Arbitrary file upload in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to upload arbitrary including executable files containing malicious code because the application does not perform sufficient validation of uploaded files. Vulnerability...

9.8CVSS6AI score0.00958EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/05/23 12:0 a.m.7 views

PT-2025-47: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to access information or functionality that exceeds the privileges granted to the user because the application checks access rights incorrectly. Vulnerability status:...

5.3CVSS5.8AI score0.00321EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/05/16 12:0 a.m.8 views

PT-2025-43: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to execute arbitrary code on the server because the application performs insufficient validation of user‑supplied data during deserialization. Vulnerability status:...

8.6CVSS6.3AI score0.00787EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/04/25 12:0 a.m.5 views

PT-2025-10: Server-Side Request Forgery (SSRF) in HTML2PDF

The application performs insufficient validation of the destination address before sending an HTTP request. The vulnerability exploitation leads to the disclosure of sensitive data, denial of service, and etc. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 25.04.2025...

7.7CVSS7.4AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2025/04/22 12:0 a.m.6 views

PT-2025-35: Local Privilege Escalation (LPE) in Tunnelblick

The vulnerability was identified in Tunnelblick, versions 3.5beta06 to 6.1beta2. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 22.04.2025 Recommendations: Update to...

8.1CVSS5.8AI score0.00153EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/04/12 12:0 a.m.9 views

PT-2025-36: Local Privilege Escalation (LPE) in Amnezia VPN

The vulnerability was identified in Amnezia VPN, versions to 4.8.6.0, on MacOS. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 12.04.2025 Recommendations: Update to...

7CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/03/29 12:0 a.m.5 views

PT-2025-03: Local Privilege Escalation in Mobile Security Framework (MobSF)

The vulnerability was identified in Mobile Security Framework MobSF , versions 4.3.0. The discovered vulnerability allows an attacker with minimal privileges to obtain an API token, potentially resulting in privilege elevation within the system. Vulnerability status: Confirmed by vendor Date of...

8.5CVSS6.8AI score0.00333EPSS
Exploits1References1
Rows per page
Query Builder