Lucene search
K
PtsecurityMost viewed

184269 matches found

Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.2174 views

PT-2025-19: Stack-based buffer overflow in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

The vulnerability was identified in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family , versions 231.1.162.1 package version, 1.10.3 hwrm spec. The discovered vulnerability is related to stack-based buffer overflow. This leads to arbitrary code...

8.2CVSS6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.2000 views

PT-2025-18: Denial of Service (DoS) in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

The vulnerability was identified in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family , versions 231.1.162.1 package version, 1.10.3 hwrm spec. The discovered vulnerability is related to stack-based buffer overflow in the ChiMP core, which leads to...

8.1CVSS7.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.1984 views

PT-2025-17: Unrestricted memory access to internal memory of networking adapter in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

The vulnerability was identified in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family, versions 231.1.162.1 package version, 1.10.3 hwrm spec. The discovered vulnerability is related to improper access control to the network adapter memory read/writ...

4.6CVSS7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/01/01 12:0 a.m.1219 views

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version with malicious content to bypass the encryption and withdraw cash. Advisory status: 07.2018 - Vendor notification date Credits: The vulnerability was discovered by Vladimir Kononovic...

6.8CVSS7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/01/01 12:0 a.m.1061 views

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version with malicious content to bypass the encryption and withdraw cash. Advisory status: 07.2018 - Vendor notification date Credits: The vulnerability was discovered by Vladimir Kononovic...

6.8CVSS7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/10 11:44 a.m.169 views

PT-2025-21: Local Privilege Escalation in Microsoft OneDrive

The vulnerability was identified in OneDrive, version 25.020.0202. The vulnerability in Microsoft OneDrive was discovered on MacOS. Local privilege escalation allows an attacker to escalate privileges from a normal user to root. To exploit the vulnerability a potential attacker must be able to...

7CVSS7.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2017/08/15 12:0 a.m.150 views

PT-2017-12727 · Numpy +2 · Numpy +2

Name of the Vulnerable Software and Affected Versions: Numpy versions 1.13.1 and earlier Description: The issue is related to missing input validation in the numpy.pad function. This can cause an infinite loop when an empty list or ndarray is used, potentially allowing attackers to conduct a Deni...

9.8CVSS7.5AI score0.17078EPSS
Exploits6References34
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.104 views

PT-2024-19994 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.2 and 2.24.1 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog. This...

4.8CVSS5.8AI score0.00426EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.94 views

PT-2026-45657

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when shared buffers are accessed without validating concurrent modifications to input from user-mode...

7.8CVSS5.8AI score0.00052EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.84 views

PT-2025-22645

Name of the Vulnerable Software and Affected Versions cyrus-imapd versions prior to 3.8.4-2.1 Description A UNIX Symbolic Link Symlink Following issue in cyrus-imapd allows escalation from cyrus to root. This issue affects openSUSE Tumbleweed. Recommendations For versions prior to 3.8.4-2.1, upda...

9.8CVSS5.2AI score0.00485EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2018/09/07 12:0 a.m.75 views

PT-2018-3479 · Google +2 · Go +2

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command in the Go programming language, which is vulnerable to directory traversal when executed with the import path of a...

9.8CVSS7AI score0.9857EPSS
Exploits233References381
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.70 views

PT-2026-45368

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbash command="echo value: dag run.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.1CVSS5.8AI score0.00369EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.70 views

PT-2024-28220 · Unknown · Codection Import/Export Users/Customers

Name of the Vulnerable Software and Affected Versions: Codection Import and export users and customers versions n/a through 1.26.8 Description: The issue allows exposure of sensitive information to an unauthorized actor due to accessing functionality not properly constrained by ACLs. This affects...

7.5CVSS6.4AI score0.0042EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.69 views

PT-2026-50891

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An unchecked enum cast issue exists in the BeginSidebandStream function. An attacker can trigger invalid enum states and undefined behavior by supplying a specially crafted message containing...

7.1CVSS5.9AI score0.00254EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.69 views

PT-2026-48054

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00307EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.65 views

PT-2026-49675

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Firefox ESR versions prior to 140.12 Thunderbird versions prior to 152 Thunderbird versions prior to 140.12 Description A memory safety bug exists in the software, which could lead to unexpected behavior or crashe...

9.6CVSS5.8AI score0.00532EPSS
Exploits0References224
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.65 views

PT-2026-45987

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions prior to 14SU6 Cisco Unified Communications Manager versions prior to 15SU5 Cisco Unified Communications Manager Session Management Edition affected versions not specified Description An...

8.6CVSS7.7AI score0.41694EPSS
Exploits3References177
Positive Technologies
Positive Technologies
added 2023/01/26 12:0 a.m.65 views

PT-2023-16322 · Isoftforce · Isoftforce Dreamer Cms

Name of the Vulnerable Software and Affected Versions: isoftforce Dreamer CMS versions up to 4.0.1 Description: A vulnerability has been found in the software, classified as problematic, and it affects unknown code. The manipulation of this issue leads to cross site scripting. The attack can be...

5.4CVSS6.6AI score0.00714EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.64 views

PT-2026-48544

Name of the Vulnerable Software and Affected Versions Baileys versions prior to 6.7.22 Baileys versions prior to 7.0.0-rc12 Description An authentication-bypass-by-spoofing flaw allows a remote unauthenticated attacker to send a maliciously crafted protocolMessage payload via the...

9.3CVSS5.7AI score0.00018EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.64 views

PT-2025-30597 · '1С' · 1С:Предприятие

Уязвимость технологической платформы «1С:Предприятие 8» связана с недостатками процедуры авторизации. Эксплуатация уязвимости, может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к системе от имени произвольного пользователя...

9CVSS7.3AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/12 12:0 a.m.64 views

PT-2025-2626 · Microsoft +1 · Microsoft-Httpapi +1

The vulnerable software is HCL MyXalytics. It is affected by a sensitive information disclosure vulnerability, where the HTTP response header exposes the server's name and version as Microsoft-HTTP API/2.0. This vulnerability is identified as CVE-2024-42179. The vulnerability allows attackers to...

2.7CVSS6.1AI score0.0022EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.63 views

PT-2026-42553

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description The submit password method in 'concrete/controllers/single page/download file.php' allows unauthorized file access because the process for downloading permission-restricted files bypasses the...

6.3CVSS5.8AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.63 views

PT-2025-6477

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.3 PostgreSQL versions prior to 16.7 PostgreSQL versions prior to 15.11 PostgreSQL versions prior to 14.16 PostgreSQL versions prior to 13.19 Description The issue is related to improper neutralization of quoting...

10CVSS8.4AI score0.89472EPSS
Exploits16References317
Positive Technologies
Positive Technologies
added 2023/09/13 12:0 a.m.63 views

PT-2023-5241 · 1с · 1С-Битрикс

Name of the Vulnerable Software and Affected Versions: 1С-Битрикс: Управление сайтом affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the landing module of the 1С-Битрикс site management system. Exploitation of this issue m...

10CVSS7.5AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.62 views

PT-2026-46266

Name of the Vulnerable Software and Affected Versions Net::CIDR::Set versions prior to 0.21 Description The software accepts non-ASCII IP addresses and netmasks. Unicode digits, such as the Arabic-Indic One U+0661, are accepted but not properly parsed as numbers, which could allow network masks t...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.60 views

PT-2026-48224

Name of the Vulnerable Software and Affected Versions Dreamweaver Desktop versions prior to 21.8 Description An improper access control issue allows for arbitrary file system read, enabling an attacker to access sensitive files and directories outside the intended access scope. Exploitation...

8.6CVSS5.9AI score0.00168EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.60 views

PT-2026-45878

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description LibreChat is an enhanced ChatGPT clone supporting multiple AI providers. The Model Context Protocol MCP server integration improperly resolves $VAR placeholders against the server's process.env...

9.6CVSS5.5AI score0.0294EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.60 views

PT-2026-45505

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description An Insecure Direct Object Reference IDOR issue in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with internal approval flow configurations of forms belonging to other users...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.60 views

PT-2026-44971

Name of the Vulnerable Software and Affected Versions NI SystemLink Enterprise versions prior to 2026-04 Description An authentication bypass in the NI SystemLink Enterprise Dashboard application allows an unauthenticated remote attacker to circumvent authentication controls. This can be achieved...

9.3CVSS5.8AI score0.00623EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/09/23 12:0 a.m.60 views

PT-2020-15021 · Powerdns +4 · Powerdns Authoritative Server +4

Name of the Vulnerable Software and Affected Versions: PowerDNS Authoritative Server versions prior to 4.3.1 Description: An issue has been found where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory...

9.8CVSS6AI score0.64857EPSS
Exploits1References65
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.58 views

PT-2026-49573

Name of the Vulnerable Software and Affected Versions js-yaml versions prior to 4.2.0 Description A crafted YAML document can trigger algorithmic CPU exhaustion during merge-key processing by repeating the same alias multiple times in a merge sequence. This results in quadratic parse-time behavio...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.58 views

PT-2023-20326 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.x through 24.0.9 Nextcloud Server versions 25.0.x through 25.0.4 Nextcloud Enterprise Server versions 21.x through 21.0.9.9 Nextcloud Enterprise Server versions 22.x through 22.2.0.9 Nextcloud Enterprise Server...

9CVSS6.1AI score0.04176EPSS
Exploits4References26
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.57 views

PT-2026-45506

Name of the Vulnerable Software and Affected Versions FlexRIC version 2.0.0 Description A remote unauthenticated attacker can cause the iApp process on port 36422 to crash by sending an E42 RIC SUBSCRIPTION REQUEST that references a non-existent E2 Node. This occurs because the lookup function...

7.5CVSS5.6AI score0.00642EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.57 views

PT-2025-16290 · Unknown · Vision Helpdesk

Name of the Vulnerable Software and Affected Versions: Vision Helpdesk versions 5.7.0 and earlier Description: The issue allows Time-Based Blind SQL injection via the vis username parameter in the Forgot Password feature, also known as index.php?/home/forgot-password. No authentication is require...

6.5CVSS7.7AI score0.00254EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.55 views

PT-2026-46985

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 5.0.0 Description Users can reset their Multi-Factor Authentication MFA token through API routes that trigger email notifications. Because there is no limit on the number of emails that can be sent, an attacker could...

2.1CVSS5.2AI score0.00278EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.55 views

PT-2024-2606 · Dji · Dji Mavic Mini 3 Pro

Name of the Vulnerable Software and Affected Versions: DJI Mavic Mini 3 Pro affected versions not specified Description: A Missing Authentication for Critical Function issue affects the HTTP service running on the standard port 80, allowing an attacker to enumerate and download videos and picture...

5.5CVSS7.3AI score0.00236EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.54 views

PT-2026-41480

Name of the Vulnerable Software and Affected Versions opensearch versions prior to 2.19.0 opensearch-ingest-attachment-plugin affected versions not specified opensearch-mapper-annotated-text-plugin affected versions not specified opensearch-mapper-murmur3-plugin affected versions not specified...

3.7CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.53 views

PT-2026-29496

Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...

7.1CVSS6.1AI score0.00213EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/07/29 12:0 a.m.53 views

PT-2025-31357

DSM Version: 7.2.2-72806 Update 4 とな https://t.co/oSE7NaDt69 1.Fixed a security vulnerability regarding SDK library CVE-2025-8024. 2.Fixed multiple security vulnerabilities...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/20 12:0 a.m.53 views

PT-2025-3266 · Axess · Axess Acs

Name of the Vulnerable Software and Affected Versions: AXESS ACS Auto Configuration Server versions prior to 5.2.0 Description: The issue is related to unsanitized user input in the TR069 API, which allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069...

7.5CVSS7.1AI score0.00508EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/01/11 12:0 a.m.53 views

PT-2023-5866

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.57 Bamboo Data Center and Server versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1, and 9.3.0 F5 NGINX products affected versions not specified gRPC-Go versions prior to 1.56.3, 1.57.1, and 1.58.3 IBM HTTP...

7.8CVSS8.5AI score0.99999EPSS
Exploits19
Positive Technologies
Positive Technologies
added 2025/01/11 12:0 a.m.52 views

PT-2025-1920 · WordPress · The Coupon X: Discount Pop Up

Name of the Vulnerable Software and Affected Versions: The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress versions up to, and including, 1.3.5 Description: The issue is related to PHP Object Injection via deserialization of untrusted...

7.5CVSS7.8AI score0.0053EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.51 views

PT-2026-48600

Name of the Vulnerable Software and Affected Versions PDM versions prior to 2.28.0-1.1 Description PDM writes project-local state and configuration files without symlink protection, allowing a malicious repository to use symlinks to overwrite files outside the repository root. This creates an...

6.8CVSS6AI score0.00024EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.51 views

PT-2026-34428

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the nvme-pci component. When a user changes the polled queue count at run time, a brief window during a reset may allow a hipri task to poll a queue before the...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References52
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.51 views

PT-2025-44956

The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the sh contextual help dashboard widget function. This makes it possible for unauthenticated attackers to...

6.1CVSS5.4AI score0.00142EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.50 views

PT-2024-19351 · Ibm · Ibm Txseries For Multiplatforms

Name of the Vulnerable Software and Affected Versions: IBM TXSeries for Multiplatforms version 8.2 Description: The issue allows web pages to be stored locally, which can then be read by another user on the system. Recommendations: For IBM TXSeries for Multiplatforms version 8.2, consider...

4CVSS6.3AI score0.00217EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.50 views

PT-2023-16386 · WordPress · Catalyst Connect Zoho Crm Client Portal

Name of the Vulnerable Software and Affected Versions: Catalyst Connect Zoho CRM Client Portal WordPress plugin versions prior to 2.1.0 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitized and escaped before being...

6.1CVSS6.3AI score0.00458EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.49 views

PT-2026-45476

Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and...

3.5CVSS5.7AI score0.00203EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.49 views

PT-2026-40430

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...

8.4CVSS6AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.49 views

PT-2026-20800

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT AuthoritySYSTEM. A malicious executable must be named WTWatch.exe and dropped in the C:ProgramDatawtaClientExe directory, which is writable by "Everyone". The executable...

5.6AI score0.00104EPSS
Exploits0References1
Total number of security vulnerabilities5000