Lucene search
K
PtsecurityMost viewed

184253 matches found

Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48075

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier Description A DOM-based Cross-Site Scripting XSS issue exists where an attacker can manipulate the Document Object Model DOM environment to execute malicious JavaScript in...

5.4CVSS5.6AI score0.00207EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48241

Name of the Vulnerable Software and Affected Versions Xen affected versions not specified Description HVM guest I/O port accesses require either emulation or translation. These translations are managed by the device model through 'XEN DOMCTL ioport mapping'. The linked list used for these...

7.9CVSS5.8AI score0.00095EPSS
Exploits0References34
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48081

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect Open Redirect vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this iss...

4.3CVSS5.5AI score0.00254EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48083

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47530

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java Web Container affected versions not specified Description An unauthenticated attacker can craft a malicious HTTP logon request that manipulates file inclusion parameters. This enables path traversal, which...

9CVSS5.5AI score0.00454EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48052

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48265

Name of the Vulnerable Software and Affected Versions Focus for iOS versions prior to 151.3.1 Klar for iOS versions prior to 151.3.1 Description Universal Cross-Site Scripting UXSS exists in the Webkit navigation of Focus for iOS and Klar for iOS. UXSS is a security flaw that allows an attacker t...

7.5CVSS5.6AI score0.00216EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48220

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.1AI score0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48331

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macro...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48106

Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description Improper input validation allows an unauthorized attacker to bypass a security feature locally. Recommendations At the moment, there is no information about a newer version that...

7.1CVSS5.3AI score0.0035EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47717

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description An issue exists where user-supplied content is included in notification emails without proper escaping. This allows authenticated users to perform Cross-Site Scripting XSS, which is the injecti...

5.4CVSS5.3AI score0.00372EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47804

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to child process.spawn with the shell: true option, allowing shell...

8.7CVSS6.7AI score0.0027EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47750

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47720

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-samba versions prior to 4.12.6 Description The GCSToSambaOperator in the Apache Airflow Samba provider fails to perform a containment check when joining GCS object names to the SMB destination path. This allows an...

6.5CVSS5.6AI score0.00695EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48252

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 through 26.001.21651 Description A Use After Free issue exists in the annotation component, which could result in arbitrary code execution in the context of the current user. Exploitation requires user...

7.8CVSS7.9AI score0.00257EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47843

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.3 Description The implementations of AES-SIV and AES-GCM-SIV mishandle the authentication of Additional Authenticated Data AAD when the ciphertext is empty, which allows for the forgery of such messages. In the...

7.5CVSS5.6AI score0.00513EPSS
Exploits0References118
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48021

Name of the Vulnerable Software and Affected Versions Visual Studio Code versions prior to 1.123.1 Description Exposure of sensitive information to an unauthorized actor allows an attacker to disclose information over a network. Recommendations Update to version 1.123.1 or later...

6.5CVSS5.4AI score0.00763EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47889

Name of the Vulnerable Software and Affected Versions Windows Hotpatch Monitoring Service affected versions not specified Description An out-of-bounds write in the Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally. An out-of-bounds write occurs when a program...

7.8CVSS5.5AI score0.00286EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47686

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute arbitrary operating syst...

8.8CVSS5.9AI score0.01057EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48292

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A server crash occurs when using $changestreams and $ requestReshardingResumeToken with the exchange option. This issue is triggered when the server hits an invariant, and it can be executed ...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48104

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally...

5.5CVSS5.4AI score0.00388EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47841

Issue summary: When the X509 VERIFY PARAM set1 email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so...

5.6AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47866

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A DOM-based Cross-Site Scripting XSS issue allows an attacker to execu...

5.4CVSS5.3AI score0.00207EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48109

Name of the Vulnerable Software and Affected Versions Windows Media affected versions not specified Description A heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute arbitrary code locally or remotely, potentially affecting the entire system. A heap-based buffer...

7.8CVSS6.2AI score0.00445EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48282

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials version c2pa-v0.80.1 Description An integer overflow or wraparound occurs, which can be exploited by an attacker to crash the application. This leads to a...

7.5CVSS5.5AI score0.0043EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48094

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

3.5CVSS5.4AI score0.00299EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48163

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

5.5AI score0.00209EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-48142

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...

5.5CVSS5.5AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47645

Name of the Vulnerable Software and Affected Versions Spring HATEOAS versions 1.5.0 through 1.5.6 Spring HATEOAS versions 2.3.0 through 2.3.4 Spring HATEOAS versions 2.4.0 through 2.4.1 Spring HATEOAS versions 2.5.0 through 2.5.2 Spring HATEOAS versions 3.0.0 through 3.0.3 Description Spring...

7.5CVSS5.2AI score0.00299EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47688

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions...

5.6AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47837

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur in a CMP client application when processing a crafted CMP response. An attacker controlling a CMP server or acting as a man-in-the-middle can send a CRMF...

7.5CVSS5.5AI score0.00513EPSS
Exploits0References115
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47783

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA/rxe component regarding incorrect iova-to-va I/O virtual address to virtual address conversion when memory regions MRs have page sizes different from the syst...

9.8CVSS5.7AI score0.00817EPSS
Exploits9References108
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47727

Name of the Vulnerable Software and Affected Versions Arm C1-Ultra affected versions not specified Arm C1-Premium affected versions not specified Arm Neoverse V3 & V3AE affected versions not specified Arm Neoverse V2 affected versions not specified Arm Neoverse V1 affected versions not specified...

9.1CVSS6.6AI score0.0053EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47758

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Linux kernel when the tun xdp one function returns -EINVAL for frames shorter than ETH HLEN without freeing the page allocated by vhost net build xdp. Because...

9.1CVSS5.4AI score0.00457EPSS
Exploits1References64
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47640

Name of the Vulnerable Software and Affected Versions tmux versions prior to 3.7-rc Description A use after free issue exists in the image free function within the image.c file. This flaw requires local access to exploit and is characterized by high complexity and difficult exploitability...

4.5CVSS4.7AI score0.00124EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•17 views

PT-2026-47992

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7CVSS5.4AI score0.00179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47362

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the x86 EFI implementation where the graceful page fault handler efi crash gracefully on page fault incorrectly identifies the system state. Due to changes in FPU...

9.8CVSS5.3AI score0.00563EPSS
Exploits0References138
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47335

A security flaw has been discovered in imvks786 student management system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin login.php of the component Administrator Login Endpoint. Performing a manipulation of the argument a usr/a pwd results...

7.5CVSS5.3AI score0.00328EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47302

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator fails to properly validate the module component of rsync URIs used to generate file system paths for its cache. This lack of validation enables path traversal if a module name...

8.3CVSS5.4AI score0.00433EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47301

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator exits upon encountering any error while accepting incoming HTTP or RTR connections. This includes recoverable errors, such as exhausting available file descriptors. An attacker...

8.7CVSS5.5AI score0.00333EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47287

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

8.5CVSS5.2AI score0.0014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47299

Name of the Vulnerable Software and Affected Versions ninenines gun versions 1.0.0 through 2.3.x Description Uncontrolled Resource Consumption in the gun http module allows a malicious server to exhaust client memory through unbounded HTTP/1.1 response buffering. In the handle/5 function, three...

8.7CVSS5.7AI score0.00381EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47251

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public an...

7.5CVSS5.3AI score0.00275EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47202

A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename...

6.5CVSS6AI score0.00301EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47307

A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be initiated remotely. The...

9CVSS8.5AI score0.00466EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47559

Summary An authorization issue in the Scheduler API allowed authenticated non-admin users to create or modify scheduled actions that should be restricted to administrators. Details The Scheduler API did not correctly enforce administrator permissions when processing scheduler modifications. As a...

6.3CVSS5.7AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47597

It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker could possibly use this issue to trick users into performing unintended actions...

5.3CVSS5.5AI score0.00305EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47266

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47254

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to...

5.3CVSS5.1AI score0.00511EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•17 views

PT-2026-47236

Name of the Vulnerable Software and Affected Versions Travelscape version 1.0.3 Description Insufficient validation in the theme's upload functionality allows unauthenticated attackers to upload arbitrary files to the theme directory. This can lead to remote code execution on the affected WordPre...

9.8CVSS6.4AI score0.00674EPSS
Exploits0References12
Total number of security vulnerabilities5000