Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

160 matches found

Positive Technologies
Positive Technologiesadded 2026/03/27 12:0 a.m.1 views

PT-2026-28619

Name of the Vulnerable Software and Affected Versions OCaml versions through 4.14.3 Description The Bigarray.reshape function in OCaml versions through 4.14.3 contains an integer overflow issue. This can lead to arbitrary memory being read when processing untrusted data. The function...

5.9CVSS6AI score0.00017EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/05 12:0 a.m.2 views

PT-2026-23612

Name of the Vulnerable Software and Affected Versions stellar-xdr versions prior to 25.0.1 Description The StringM::from str function does not properly validate the length of input strings. When calling StringM::::from strs with a string s exceeding the maximum allowed length N, the function...

4CVSS5.8AI score0.00032EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/02/17 12:0 a.m.2 views

PT-2026-20226

Name of the Vulnerable Software and Affected Versions IBM DataStage on Cloud Pak for Data versions 5.1.2 through 5.3.0 Description IBM DataStage on Cloud Pak for Data returns sensitive information in an HTTP response. This information could potentially be used to impersonate other users within th...

8.1CVSS5.4AI score0.00043EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/01/12 12:0 a.m.2 views

PT-2026-1942

Name of the Vulnerable Software and Affected Versions Broadcom DX NetOps Spectrum versions 24.3.8 and earlier Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, specifically a Path Traversal issue. This allows for unauthorized access t...

8.8CVSS6.6AI score0.00075EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/01/08 12:0 a.m.1 views

PT-2026-1784

Name of the Vulnerable Software and Affected Versions TMRW-studio Atlas versions through 2.1.0 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendation...

9.8CVSS6.7AI score0.00066EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/01/07 12:0 a.m.2 views

PT-2026-1838

Name of the Vulnerable Software and Affected Versions HCL DevOps Deploy versions 8.1.2.0 through 8.1.2.3 Description A user possessing LLM configuration privileges may be able to recover credentials previously saved for authenticated LLM Queries. Recommendations Update HCL DevOps Deploy to a...

4.9CVSS6.5AI score0.0005EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/01/06 12:0 a.m.2 views

PT-2026-1414

Name of the Vulnerable Software and Affected Versions BuddyPress Xprofile Custom Field Types plugin versions through 1.2.8 Description The BuddyPress Xprofile Custom Field Types plugin for WordPress has a flaw that allows authenticated attackers with Subscriber-level access or higher to delete...

7.2CVSS7.2AI score0.00374EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/01/02 12:0 a.m.3 views

PT-2026-1042

Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions prior to 8.0 Description A flaw exists in EmpireSoft EmpireCMS that allows for unrestricted file uploads. This issue is located in the CheckSaveTranFiletype function within the e/class/connect.php file. Successful...

8.8CVSS6.4AI score0.00035EPSS
Exploits1References11
Positive Technologies
Positive Technologiesadded 2025/11/11 12:0 a.m.4 views

PT-2025-46272

Name of the Vulnerable Software and Affected Versions WP-OAuth plugin for WordPress versions up to and including 0.4.1 Description The WP-OAuth plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the...

6.1CVSS6.2AI score0.00138EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2025/11/06 12:0 a.m.2 views

PT-2025-45298

Name of the Vulnerable Software and Affected Versions tagDiv Composer versions through 5.4.1 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, also known as Cross-site Scripting. This allows for potential malicious code execution through web...

7.1CVSS7AI score0.00031EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/11/05 12:0 a.m.3 views

PT-2025-45150

Name of the Vulnerable Software and Affected Versions HCL iAutomate versions 6.5.1 through 6.5.2 Description HCL iAutomate versions 6.5.1 and 6.5.2 have a sensitive information disclosure issue. The application uses an HTTP GET method to process requests, including sensitive information within th...

5.4CVSS6.2AI score0.00042EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/11/01 12:0 a.m.3 views

PT-2025-44713

Name of the Vulnerable Software and Affected Versions Qi Blocks plugin for WordPress versions up to and including 1.4.3 Description The Qi Blocks plugin for WordPress is susceptible to a missing authorization issue. The plugin stores arbitrary CSS styles submitted through the...

4.3CVSS6.2AI score0.00036EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2025/11/01 12:0 a.m.3 views

PT-2025-44715

Name of the Vulnerable Software and Affected Versions Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent versions up to and including 1.1.32 Description The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is susceptible...

9.8CVSS7.7AI score0.00418EPSS
Exploits0References13
Positive Technologies
Positive Technologiesadded 2025/10/31 12:0 a.m.1 views

PT-2025-44597

Name of the Vulnerable Software and Affected Versions ERI File Library plugin for WordPress versions up to and including 1.1.0 Description The ERI File Library plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the erifl file AJAX...

5.3CVSS6AI score0.00089EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2025/10/29 12:0 a.m.5 views

PT-2025-44262

Name of the Vulnerable Software and Affected Versions Premmerce Wholesale Pricing for WooCommerce versions through 1.1.10 Description The software contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue impacts Premmerc...

5.4CVSS6.6AI score0.00052EPSS
Exploits0References4
Saint
Saintadded 2025/10/24 12:0 a.m.92 views

BentoML runner server deserialization vulnerability

Added: 10/24/2025 CVE: CVE-2024-9070 Background BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Problem A deserialization vulnerability in the BentoML runner server allows remote attackers to execute arbitrary commands by sending a...

9.8CVSS9.8AI score0.0041EPSS
Exploits2
Positive Technologies
Positive Technologiesadded 2025/10/16 12:0 a.m.2 views

PT-2025-42483

Name of the Vulnerable Software and Affected Versions Pega Platform versions 8.7.5 through 24.2.2 Description The Pega Platform contains an Insecure Direct Object Reference issue within a user interface component. This issue allows for the reading of data. Recommendations Update to a version late...

6.5CVSS5.8AI score0.00043EPSS
Exploits1References7
Positive Technologies
Positive Technologiesadded 2025/09/09 12:0 a.m.1 views

PT-2025-36572

Name of the Vulnerable Software and Affected Versions: Mikado Core plugin for WordPress versions up to and including 1.5.2 Description: The Mikado Core plugin for WordPress is susceptible to Stored Cross-Site Scripting through shortcodes due to inadequate input sanitization and output escaping of...

6.4CVSS5AI score0.00044EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2025/08/27 12:0 a.m.3 views

PT-2025-34826 · Unknown · Backup Bolt

Name of the Vulnerable Software and Affected Versions: Backup Bolt versions through 1.4.1 Description: Backup Bolt is susceptible to a Cross-Site Request Forgery CSRF issue, which allows attackers to perform actions on behalf of authenticated users. Recommendations: Update Backup Bolt to a versio...

4.3CVSS7.2AI score0.00026EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2025/08/27 12:0 a.m.1 views

PT-2025-34915 · Aftership · Aftership Tracking

Name of the Vulnerable Software and Affected Versions: AfterShip Tracking versions n/a through 1.17.17 Description: A missing authorization flaw exists in AfterShip Tracking, allowing access to functionality not properly restricted by Access Control Lists ACLs. Recommendations: Update AfterShip...

5.3CVSS6.3AI score0.00058EPSS
Exploits0References4
Rows per page
Query Builder