Lucene search
K

5809 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53866

Name of the Vulnerable Software and Affected Versions NetScaler ADC affected versions not specified NetScaler Gateway affected versions not specified Description An unauthenticated arbitrary file read issue exists when access to the NSIP NetScaler IP, Cluster Management IP, or SNIP Subnet IP with...

7.5CVSS5.9AI score0.00415EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-8927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state...

9.1CVSS6AI score0.0025EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52143

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description An authentication bypass issue exists within the 'viewclient' webpage due to improper validation of user-supplied data. This allows remote attackers to inject arbitrary scripts,...

8.8CVSS7.5AI score0.0067EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52149

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBULibraryPort JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...

8.8CVSS7.7AI score0.00689EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52144

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDashboard JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from improper...

8.8CVSS6.3AI score0.00689EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52148

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBURemovableMedia JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from...

8.8CVSS7.7AI score0.00689EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.6 views

PT-2026-51651

Name of the Vulnerable Software and Affected Versions Hubbell Aclara Metrum affected versions not specified Description The Cellular Web Interface contains a flaw where missing authentication allows unauthenticated attackers to manipulate critical device settings and disrupt operations. This issu...

8.7CVSS5.8AI score0.00726EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47973

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting XSS, a condition where malicious scripts are injected into trusted websites...

6.5CVSS5.1AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 2:45 p.m.12 views

EUVD-2026-33330

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument specialname results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit...

6.5CVSS7.1AI score0.00399EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/29 1:45 p.m.17 views

EUVD-2026-33322

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The...

9CVSS7.8AI score0.00835EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/29 1:30 p.m.14 views

CVE-2026-10061 TRENDnet TEW-432BRP formWPS command injection

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor...

6.5CVSS6.3AI score0.0501EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 1:30 p.m.13 views

CVE-2026-10061

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor...

6.5CVSS6.3AI score0.0501EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/05/28 3:8 a.m.13 views

Incorrect Authorization

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Authorization via the user-facing APIs when the Organizations feature is disabled. An attacker can...

7.1CVSS5.3AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.15 views

PT-2026-43096

Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM version 7.0.3 Description Unauthenticated attackers can achieve remote code execution by injecting PHP code through the db name parameter. This is performed by sending a POST request to the 'install/step1.php' endpoint...

9.8CVSS6.4AI score0.01701EPSS
Exploits1References12
Snyk
Snyk
added 2026/05/07 3:27 p.m.10 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via incorrect handling of name constraints during certificate validation. An attacker can bypass critical certificate validation checks by presenting a certificate chain where permitted name constraints a...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.16 views

PT-2026-37062

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description List corruption and Use-After-Free UAF issues exist in the Bluetooth MGMT command complete handlers. These issues stem from a change in the mgmt pending valid function, which validates a...

9.8CVSS5.8AI score0.005EPSS
Exploits0References442
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37076

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A misleadingly named function copy user nocache was identified as a specialty memory copy routine that uses non-temporal stores for the destination and provides exception handling for bo...

9.8CVSS5.7AI score0.93235EPSS
Exploits32References298
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.18 views

PT-2026-36744

Name of the Vulnerable Software and Affected Versions Gym Management System In PHP and Windows NT 1.0 affected versions not specified Description A remote SQL injection can be triggered through the manipulation of the day argument in the '/index.php' endpoint. SQL injection is a type of flaw that...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.13 views

PT-2026-36694

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A command injection issue exists that allows remote attackers to execute arbitrary commands. The flaw is located in the set sys adm function within the '/cgi-bin/adm.cgi' endpoint,...

9.8CVSS6.8AI score0.04971EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.13 views

PT-2026-36696

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A remote command injection issue exists in the ping ddns function within the '/cgi-bin/adm.cgi' endpoint. Manipulating the DDNS argument allows an attacker to execute arbitrary comman...

6.5CVSS6.8AI score0.03191EPSS
Exploits1References6
Rows per page
Query Builder