Lucene search
K
PtsecurityMost viewed

184427 matches found

Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.2174 views

PT-2025-19: Stack-based buffer overflow in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

The vulnerability was identified in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family , versions 231.1.162.1 package version, 1.10.3 hwrm spec. The discovered vulnerability is related to stack-based buffer overflow. This leads to arbitrary code...

8.2CVSS6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.2000 views

PT-2025-18: Denial of Service (DoS) in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

The vulnerability was identified in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family , versions 231.1.162.1 package version, 1.10.3 hwrm spec. The discovered vulnerability is related to stack-based buffer overflow in the ChiMP core, which leads to...

8.1CVSS7.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.1984 views

PT-2025-17: Unrestricted memory access to internal memory of networking adapter in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

The vulnerability was identified in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family, versions 231.1.162.1 package version, 1.10.3 hwrm spec. The discovered vulnerability is related to improper access control to the network adapter memory read/writ...

4.6CVSS7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/01/01 12:0 a.m.1221 views

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version with malicious content to bypass the encryption and withdraw cash. Advisory status: 07.2018 - Vendor notification date Credits: The vulnerability was discovered by Vladimir Kononovic...

6.8CVSS7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/01/01 12:0 a.m.1061 views

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version with malicious content to bypass the encryption and withdraw cash. Advisory status: 07.2018 - Vendor notification date Credits: The vulnerability was discovered by Vladimir Kononovic...

6.8CVSS7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/10 11:44 a.m.170 views

PT-2025-21: Local Privilege Escalation in Microsoft OneDrive

The vulnerability was identified in OneDrive, version 25.020.0202. The vulnerability in Microsoft OneDrive was discovered on MacOS. Local privilege escalation allows an attacker to escalate privileges from a normal user to root. To exploit the vulnerability a potential attacker must be able to...

7CVSS7.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2017/08/15 12:0 a.m.153 views

PT-2017-12727 · Numpy +2 · Numpy +2

Name of the Vulnerable Software and Affected Versions: Numpy versions 1.13.1 and earlier Description: The issue is related to missing input validation in the numpy.pad function. This can cause an infinite loop when an empty list or ndarray is used, potentially allowing attackers to conduct a Deni...

9.8CVSS7.5AI score0.17078EPSS
Exploits6References34
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.104 views

PT-2024-19994 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.2 and 2.24.1 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog. This...

4.8CVSS5.8AI score0.00426EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.94 views

PT-2026-45657

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when shared buffers are accessed without validating concurrent modifications to input from user-mode...

7.8CVSS5.8AI score0.00052EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.84 views

PT-2025-22645

Name of the Vulnerable Software and Affected Versions cyrus-imapd versions prior to 3.8.4-2.1 Description A UNIX Symbolic Link Symlink Following issue in cyrus-imapd allows escalation from cyrus to root. This issue affects openSUSE Tumbleweed. Recommendations For versions prior to 3.8.4-2.1, upda...

9.8CVSS5.2AI score0.00485EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2018/09/07 12:0 a.m.76 views

PT-2018-3479 · Google +2 · Go +2

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command in the Go programming language, which is vulnerable to directory traversal when executed with the import path of a...

9.8CVSS7AI score0.9857EPSS
Exploits233References381
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.70 views

PT-2026-45368

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbash command="echo value: dag run.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.1CVSS5.8AI score0.00369EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.70 views

PT-2024-28220 · Unknown · Codection Import/Export Users/Customers

Name of the Vulnerable Software and Affected Versions: Codection Import and export users and customers versions n/a through 1.26.8 Description: The issue allows exposure of sensitive information to an unauthorized actor due to accessing functionality not properly constrained by ACLs. This affects...

7.5CVSS6.4AI score0.0042EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.69 views

PT-2026-50891

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An unchecked enum cast issue exists in the BeginSidebandStream function. An attacker can trigger invalid enum states and undefined behavior by supplying a specially crafted message containing...

7.1CVSS5.9AI score0.00254EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.69 views

PT-2026-48054

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00307EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.67 views

PT-2025-44956

The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the sh contextual help dashboard widget function. This makes it possible for unauthenticated attackers to...

6.1CVSS5.4AI score0.00142EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.66 views

PT-2025-30597 · '1С' · 1С:Предприятие

Уязвимость технологической платформы «1С:Предприятие 8» связана с недостатками процедуры авторизации. Эксплуатация уязвимости, может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к системе от имени произвольного пользователя...

9CVSS7.3AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/12 12:0 a.m.66 views

PT-2023-24676 · Srs · Srs

Name of the Vulnerable Software and Affected Versions: SRS versions prior to 5.0.157 SRS versions prior to 5.0-b1 SRS versions prior to 6.0.48 Description: The issue concerns a drive-by command injection in the api-server server. An attacker can send a request to the "/api/v1/snapshots" endpoint...

7.5CVSS8.1AI score0.0876EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/01/26 12:0 a.m.66 views

PT-2023-16322 · Isoftforce · Isoftforce Dreamer Cms

Name of the Vulnerable Software and Affected Versions: isoftforce Dreamer CMS versions up to 4.0.1 Description: A vulnerability has been found in the software, classified as problematic, and it affects unknown code. The manipulation of this issue leads to cross site scripting. The attack can be...

5.4CVSS6.6AI score0.00714EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.65 views

PT-2026-49675

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Firefox ESR versions prior to 140.12 Thunderbird versions prior to 152 Thunderbird versions prior to 140.12 Description A memory safety bug exists in the software, which could lead to unexpected behavior or crashe...

9.6CVSS5.8AI score0.00532EPSS
Exploits0References224
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.65 views

PT-2026-45987

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions prior to 14SU6 Cisco Unified Communications Manager versions prior to 15SU5 Cisco Unified Communications Manager Session Management Edition affected versions not specified Description An...

8.6CVSS7.7AI score0.41694EPSS
Exploits3References177
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.64 views

PT-2026-48544

Name of the Vulnerable Software and Affected Versions Baileys versions prior to 6.7.22 Baileys versions prior to 7.0.0-rc12 Description An authentication-bypass-by-spoofing flaw allows a remote unauthenticated attacker to send a maliciously crafted protocolMessage payload via the...

9.3CVSS5.7AI score0.00018EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.64 views

PT-2026-48600

Name of the Vulnerable Software and Affected Versions PDM versions prior to 2.28.0-1.1 Description PDM writes project-local state and configuration files without symlink protection, allowing a malicious repository to use symlinks to overwrite files outside the repository root. This creates an...

6.8CVSS6AI score0.00024EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.64 views

PT-2026-45505

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description An Insecure Direct Object Reference IDOR issue in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with internal approval flow configurations of forms belonging to other users...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/12 12:0 a.m.64 views

PT-2025-2626 · Microsoft +1 · Microsoft-Httpapi +1

The vulnerable software is HCL MyXalytics. It is affected by a sensitive information disclosure vulnerability, where the HTTP response header exposes the server's name and version as Microsoft-HTTP API/2.0. This vulnerability is identified as CVE-2024-42179. The vulnerability allows attackers to...

2.7CVSS6.1AI score0.0022EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.63 views

PT-2026-42553

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description The submit password method in 'concrete/controllers/single page/download file.php' allows unauthorized file access because the process for downloading permission-restricted files bypasses the...

6.3CVSS5.8AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.63 views

PT-2025-6477

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.3 PostgreSQL versions prior to 16.7 PostgreSQL versions prior to 15.11 PostgreSQL versions prior to 14.16 PostgreSQL versions prior to 13.19 Description The issue is related to improper neutralization of quoting...

10CVSS8.4AI score0.89472EPSS
Exploits16References317
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.63 views

PT-2024-8746 · Siemens · Tecnomatix Plant Simulation +1

Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter Visualization versions prior to V2312.0008 Teamcenter Visualization versions prior to V2406.0005 Tecnomatix Plant Simulatio...

7.8CVSS7.5AI score0.00272EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/09/13 12:0 a.m.63 views

PT-2023-5241 · 1с · 1С-Битрикс

Name of the Vulnerable Software and Affected Versions: 1С-Битрикс: Управление сайтом affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the landing module of the 1С-Битрикс site management system. Exploitation of this issue m...

10CVSS7.5AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.62 views

PT-2026-49573

Name of the Vulnerable Software and Affected Versions js-yaml versions prior to 4.2.0 Description A crafted YAML document can trigger algorithmic CPU exhaustion during merge-key processing by repeating the same alias multiple times in a merge sequence. This results in quadratic parse-time behavio...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.62 views

PT-2026-46266

Name of the Vulnerable Software and Affected Versions Net::CIDR::Set versions prior to 0.21 Description The software accepts non-ASCII IP addresses and netmasks. Unicode digits, such as the Arabic-Indic One U+0661, are accepted but not properly parsed as numbers, which could allow network masks t...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.62 views

PT-2026-37991

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

3.1CVSS5.8AI score0.00553EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.62 views

PT-2022-27518 · Acronis +1 · Acronis Cyber Protect Home Office +4

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Home Office Windows versions prior to build 40173 Acronis Agent Windows versions prior to build 30600 Acronis Cyber Protect 15 Windows versions prior to build 30984 Description: The issue is related to local privilege...

8.8CVSS8.2AI score0.00469EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.61 views

PT-2026-53004

Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description The in http and in forward plugins support gzip-compressed data but only enforce size limits on the compressed payloads via settings like body size limit and chunk size limit. Because no limit is...

7.5CVSS7.1AI score0.0063EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.61 views

PT-2026-46054

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software uses deprecated SHA-1 hashing for IWF CSAM URL matching and CIPA blocklist matching. SHA-1 is a cryptographic hash function that is no longer considered secure against well-funded...

5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.60 views

PT-2026-48224

Name of the Vulnerable Software and Affected Versions Dreamweaver Desktop versions prior to 21.8 Description An improper access control issue allows for arbitrary file system read, enabling an attacker to access sensitive files and directories outside the intended access scope. Exploitation...

8.6CVSS5.9AI score0.00168EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.60 views

PT-2026-45878

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description LibreChat is an enhanced ChatGPT clone supporting multiple AI providers. The Model Context Protocol MCP server integration improperly resolves $VAR placeholders against the server's process.env...

9.6CVSS5.5AI score0.0294EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.60 views

PT-2026-44971

Name of the Vulnerable Software and Affected Versions NI SystemLink Enterprise versions prior to 2026-04 Description An authentication bypass in the NI SystemLink Enterprise Dashboard application allows an unauthenticated remote attacker to circumvent authentication controls. This can be achieved...

9.3CVSS5.8AI score0.00623EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.60 views

PT-2026-42142

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

7.2CVSS5.8AI score0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/09/23 12:0 a.m.60 views

PT-2020-15021 · Powerdns +4 · Powerdns Authoritative Server +4

Name of the Vulnerable Software and Affected Versions: PowerDNS Authoritative Server versions prior to 4.3.1 Description: An issue has been found where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory...

9.8CVSS6AI score0.64857EPSS
Exploits1References65
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.59 views

PT-2026-46951

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description A stored cross-site scripting issue exists where attackers can inject malicious scripts through media file metadata tags, specifically GENRE, ARTIST, and ALBUM. These payloads execute within the we...

7.2CVSS5.2AI score0.00197EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.58 views

PT-2023-20326 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.x through 24.0.9 Nextcloud Server versions 25.0.x through 25.0.4 Nextcloud Enterprise Server versions 21.x through 21.0.9.9 Nextcloud Enterprise Server versions 22.x through 22.2.0.9 Nextcloud Enterprise Server...

9CVSS6.1AI score0.04176EPSS
Exploits4References26
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.57 views

PT-2026-45506

Name of the Vulnerable Software and Affected Versions FlexRIC version 2.0.0 Description A remote unauthenticated attacker can cause the iApp process on port 36422 to crash by sending an E42 RIC SUBSCRIPTION REQUEST that references a non-existent E2 Node. This occurs because the lookup function...

7.5CVSS5.6AI score0.00642EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.57 views

PT-2025-16290 · Unknown · Vision Helpdesk

Name of the Vulnerable Software and Affected Versions: Vision Helpdesk versions 5.7.0 and earlier Description: The issue allows Time-Based Blind SQL injection via the vis username parameter in the Forgot Password feature, also known as index.php?/home/forgot-password. No authentication is require...

6.5CVSS7.7AI score0.00254EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.56 views

PT-2024-33043 · Mipjz · Mipjz

Name of the Vulnerable Software and Affected Versions: mipjz version 5.0.5 Description: A Server-side request forgery SSRF vulnerability exists due to the improper handling of the postAddress parameter in the mipPost method of the ApiAdminTool.php file. This allows an attacker to read server file...

4.9CVSS7.2AI score0.00489EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/02/03 12:0 a.m.56 views

PT-2023-10006 · Unknown · Fanzila Webfinance

Name of the Vulnerable Software and Affected Versions: fanzila WebFinance version 0.5 Description: A critical issue has been found in fanzila WebFinance, affecting an unknown function of the file htdocs/admin/save roles.php. The manipulation of the id argument leads to sql injection...

9.8CVSS6.3AI score0.00643EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.55 views

PT-2026-53626

Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...

9.8CVSS5.8AI score0.00372EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.55 views

PT-2026-51580

Name of the Vulnerable Software and Affected Versions @rtk-ai/rtk-rewrite version 1.0.0 Description The @rtk-ai/rtk-rewrite OpenClaw plugin fails to properly escape input passed to a shell-backed execSync function. While JSON.stringify is used to wrap values in double quotes, it does not neutrali...

6.3CVSS6.2AI score0.00288EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.55 views

PT-2026-46985

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 5.0.0 Description Users can reset their Multi-Factor Authentication MFA token through API routes that trigger email notifications. Because there is no limit on the number of emails that can be sent, an attacker could...

2.1CVSS5.2AI score0.00278EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.55 views

PT-2026-41480

Name of the Vulnerable Software and Affected Versions opensearch versions prior to 2.19.0 opensearch-ingest-attachment-plugin affected versions not specified opensearch-mapper-annotated-text-plugin affected versions not specified opensearch-mapper-murmur3-plugin affected versions not specified...

3.7CVSS5.8AI score
Exploits0References4
Total number of security vulnerabilities5000