Lucene search
K
PtsecurityMost viewed

184319 matches found

Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.27 views

PT-2026-45146

Name of the Vulnerable Software and Affected Versions MariaDB server versions 10.6.1 through 10.6.25 MariaDB server versions 10.11.1 through 10.11.16 MariaDB server versions 11.4.1 through 11.4.10 MariaDB server versions 11.8.1 through 11.8.6 MariaDB server version 12.3.1 Description During the...

9.1CVSS5.7AI score0.00967EPSS
Exploits0References55
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.27 views

PT-2026-43231

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.27 views

PT-2026-42956

A security flaw has been discovered in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is...

10CVSS7AI score0.01732EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.27 views

PT-2026-42608

Summary The upload-by-URL path did not enforce NC ATTACHMENT FIELD SIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured per-file size limit. Details The attachments service now checks NC...

5.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.27 views

PT-2026-42476

Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the check template.cpp, check template function, tokenize cleanup function,...

5.8AI score0.00134EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.27 views

PT-2026-42496

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm name and frm id POST parameters directly into rendered HTML content...

5.4CVSS5.8AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.27 views

PT-2026-42535

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Concrete CMS fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field during the process of saving page type composer form layouts. An authenticated...

9.4CVSS6.6AI score0.00738EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.27 views

PT-2026-42038

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.1.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description The '/ nuxt island/' endpoint accepts...

5.4CVSS5.2AI score0.00091EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.27 views

PT-2026-41798

Name of the Vulnerable Software and Affected Versions CloakBrowser versions prior to 0.3.28 Description The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.27 views

PT-2026-41652

Name of the Vulnerable Software and Affected Versions OpenColorIO versions prior to 2.5.2 Description In the FileFormatSpi3D.cpp:163 file, the sscanf function is used with the %s format specifier to write data into 64-byte stack buffers while parsing LUT Look-Up Table data lines. Because the inpu...

8.4CVSS6.2AI score0.0012EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.27 views

PT-2026-41187

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An Insecure Direct Object Reference IDOR exists in the Channels feature, which allows any member of a channel to modify messages sent by other members, including administrators. In the update...

4.3CVSS5.8AI score0.00204EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.27 views

PT-2026-39992

Name of the Vulnerable Software and Affected Versions Solid Edge SE2026 versions prior to V226.0 Update 5 Description An issue exists where the application is susceptible to uninitialized pointer access during the parsing of specially crafted PAR files. This could allow an attacker to execute...

7.8CVSS7.5AI score0.00105EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.27 views

PT-2026-40094

Out-of-bounds write for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result...

8.3CVSS5.7AI score0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.27 views

PT-2026-39984

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC affected versions not specified Description Devices fail to properly validate and sanitize the PLC/station name rendered on the "communication" parameters page of the web interface. An authenticated attacker with authorization ...

9.3CVSS7.3AI score0.0037EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.27 views

PT-2026-39957

The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.27 views

PT-2026-39682

OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enforcement by triggering card-action flows in direct message conversations that should have been...

5.4CVSS5.8AI score0.00265EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.27 views

PT-2026-39594

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm handle pdu session modification qos flow descriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be...

5.3CVSS5.5AI score0.00378EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.27 views

PT-2026-38672

Name of the Vulnerable Software and Affected Versions Netgate pfSense CE version 2.7.2 Description Netgate pfSense CE allows code execution through the module installer. This occurs when a backup file containing a serialized PHP object with the post reboot commands property is used. Recommendatio...

9.1CVSS6.2AI score0.00634EPSS
Exploits4References6
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.27 views

PT-2026-38912

Name of the Vulnerable Software and Affected Versions DrayTek Vigor 2960 versions prior to 1.5.1.4 Description An OS command injection issue exists in the CGI login handler. Unauthenticated remote attackers can execute arbitrary commands with web server privileges by injecting shell metacharacter...

9.2CVSS6.1AI score0.01432EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.27 views

PT-2026-38446

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for every logged-in user. Any normal user can fully control a webhook URL, headers, and body, then use...

6CVSS5.9AI score0.00176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.27 views

PT-2026-38578

Name of the Vulnerable Software and Affected Versions Microsoft Edge Copilot Chat affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to disclose information over a network...

7.8CVSS5.8AI score0.01135EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.27 views

PT-2026-38545

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/api tools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS6.1AI score0.00215EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.27 views

PT-2026-37969

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

5.9CVSS6.9AI score0.01523EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.27 views

PT-2026-38045

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...

6.5CVSS6.8AI score0.00559EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.27 views

PT-2026-37289

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.0 Description An issue exists where the endpoint 'plugin/CloneSite/cloneClient.json.php' echoes the local CloneSite shared secret, stored in the variable myKey a constant generated via md5$global'systemRootPath...

7.5CVSS5.9AI score0.00255EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.27 views

PT-2026-37201

CVE-2026-42312 pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set config value API method @permissionPerms.SETTINGS in src/p… https://t.co/ADtnuQJj56...

6.8CVSS5.8AI score0.00174EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.27 views

PT-2026-34880

In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site can masquerade as an institution member in an institution for which they are not an administrator, if they also have the 'Site staff' role...

4.7CVSS5.2AI score0.00177EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.27 views

PT-2026-34613

Name of the Vulnerable Software and Affected Versions Nuclei versions 3.0.0 through 3.7.9 Description A flaw in the JavaScript protocol runtime's module loading system allows JavaScript templates to read local .js and .json files from the host filesystem. This occurs because the require function...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.27 views

PT-2026-44338

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Direct Rendering Manager DRM GEM change handle ioctl. The issue occurs when a single object briefly has two idr entries, allowing a concurrent gem close...

9.8CVSS6.5AI score0.00501EPSS
Exploits1References304
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.27 views

PT-2026-23822

Name of the Vulnerable Software and Affected Versions hoppscotch versions prior to 2026.2.1 Description hoppscotch is an API development ecosystem. Prior to version 2026.2.1, the DELETE ''/v1/access-tokens/revoke'' endpoint allows any authenticated user to delete any other user's Personal Access...

6.5CVSS5.8AI score0.00225EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.27 views

PT-2026-23153

Name of the Vulnerable Software and Affected Versions Mikado-Themes Cortex versions through 1.5 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendatio...

5.8AI score0.00504EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.27 views

PT-2026-21992

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One Console affected versions not specified Description The Trend Micro Apex One Console is susceptible to a directory traversal issue that could lead to remote code execution. The issue allows an attacker to potentially gain...

9.8CVSS7.6AI score0.03754EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.27 views

PT-2026-7378

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.0022EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.27 views

PT-2026-6009

Name of the Vulnerable Software and Affected Versions Autodesk 3ds Max affected versions not specified Description A specially designed RGB file, when processed by Autodesk 3ds Max, can lead to a memory corruption issue. An attacker could potentially use this to run code without authorization...

8.4CVSS5.6AI score0.00172EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.27 views

PT-2026-4277

Edge Crisis: CISA added two critical vulnerabilities to the Known Exploited Vulnerabilities catalog yesterday. CVE-2026-21809 and CVE-2026-21810 target Citrix Workspace and Ivanti Connect Secure. Federal agencies have until February 11 to remediate...

5.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.27 views

PT-2026-4304

Name of the Vulnerable Software and Affected Versions Omada Controllers, Gateways and Access Points affected versions not specified Description An authentication weakness exists in Omada Controllers, Gateways, and Access Points related to controller-device adoption. This is due to improper handli...

6CVSS5.8AI score0.00201EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.27 views

PT-2026-3906

Name of the Vulnerable Software and Affected Versions Grist versions prior to 1.7.9 Description Grist is spreadsheet software that utilizes Python as its formula language. When configured to run formulas in the Pyodide sandbox GRIST SANDBOX FLAVOR set to pyodide, a crafted spreadsheet formula can...

9CVSS6AI score0.005EPSS
Exploits0References29
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.27 views

PT-2026-3628

Name of the Vulnerable Software and Affected Versions tinyMQTT versions prior to commit 6226ade15bd4f97be2d196352e64dd10937c1962 Description A memory leak exists because the broker does not validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeat...

7.5CVSS5.4AI score0.00287EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.27 views

PT-2026-1484

Name of the Vulnerable Software and Affected Versions CodexThemes TheGem Theme Elements for Elementor versions through 5.11.0 Description TheGem Theme Elements for Elementor contains a flaw related to improper control of filename for include/require statements, potentially leading to PHP Local Fi...

6.5AI score0.00331EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.27 views

PT-2026-8147

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the mac80211 module related to the handling of TID-To-Link Mapping TTLM elements. Specifically, the parsing of TTLM elements with a default link map i...

5.5CVSS6.5AI score0.001EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/23 12:0 a.m.27 views

PT-2025-47840

Name of the Vulnerable Software and Affected Versions D-Link DIR-822K versions 1.00 20250513164613 D-Link DWR-M920 versions 1.00 20250513164613 and 1.1.50 Description A buffer overflow issue exists in D-Link DIR-822K and DWR-M920. The issue is located in the file /boafrm/formFirewallAdv...

9CVSS9AI score0.00709EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.27 views

PT-2025-47536

Name of the Vulnerable Software and Affected Versions Campcodes Online Hospital Management System version 1.0 Description The Campcodes Online Hospital Management System version 1.0 is susceptible to SQL Injection. This issue affects the admin panel and specifically occurs through the username...

7.2AI score0.00181EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.27 views

PT-2025-45029

Name of the Vulnerable Software and Affected Versions Survision LPR Camera system affected versions not specified Description The Survision LPR Camera system lacks default password protection. This allows immediate access to the configuration wizard without requiring a login or checking...

9.3CVSS6.6AI score0.0044EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.27 views

PT-2025-41957

Name of the Vulnerable Software and Affected Versions Fortinet FortiAnalyzer versions 7.6.0 through 7.6.3 Fortinet FortiAnalyzer versions prior to 7.4.6 Description An improper authentication issue exists in FortiAnalyzer. An unauthenticated attacker can obtain information about the device’s heal...

6.5CVSS6.7AI score0.00435EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.27 views

PT-2025-33741 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A security flaw exists in Scada-LTS 2.7.8.1 related to the mailing lists.shtm file. Manipulation of the name/userList/address argument can lead to cross-site scripting. This issue is potentially...

5.1CVSS6.5AI score0.00326EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.27 views

PT-2025-32635 · Nssm.Exe · Nssm.Exe

Name of the Vulnerable Software and Affected Versions: nssm.exe affected versions not specified Description: A local attacker with limited privileges can exploit improper permissions on nssm.exe to escalate privileges and gain administrative access. Recommendations: At the moment, there is no...

7.8CVSS7.2AI score0.00121EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/09 12:0 a.m.27 views

PT-2025-32423 · Bun +4 · Bun +4

Name of the Vulnerable Software and Affected Versions: oak versions 17.1.5 and below Description: oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. Specially crafted values in the x-forwarded-proto or x-forwarded-for...

5.3CVSS6.3AI score0.00388EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.27 views

PT-2025-26030 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A refcount leak issue has been identified in the Linux kernel, specifically in the powerpc/xive component. The of find node by path function returns a node pointer with an incremented...

7.8CVSS5.6AI score0.12746EPSS
Exploits16References587
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.27 views

PT-2025-18175 · Bookgy · Bookgy

Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: The issue is related to a SQL injection vulnerability. This could allow an attacker to retrieve, create, update, and delete databases by sending an HTTP request through the IDTIPO, IDPISTA,...

9.3CVSS7AI score0.00331EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.27 views

PT-2025-11031 · Bitdefender · Bitdefender Box

Name of the Vulnerable Software and Affected Versions: Bitdefender Box 1 versions 1.3.52.928 and below Description: An improper access control issue exists that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signe...

5.7CVSS6.5AI score0.00162EPSS
Exploits0References6
Total number of security vulnerabilities5000