Lucene search
K
PtsecurityMost viewed

184321 matches found

Positive Technologies
Positive Technologies
•added 2025/08/19 12:0 a.m.•27 views

PT-2025-33741 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A security flaw exists in Scada-LTS 2.7.8.1 related to the mailing lists.shtm file. Manipulation of the name/userList/address argument can lead to cross-site scripting. This issue is potentially...

5.1CVSS6.5AI score0.00326EPSS
Exploits1References12
Positive Technologies
Positive Technologies
•added 2025/08/12 12:0 a.m.•27 views

PT-2025-32635 · Nssm.Exe · Nssm.Exe

Name of the Vulnerable Software and Affected Versions: nssm.exe affected versions not specified Description: A local attacker with limited privileges can exploit improper permissions on nssm.exe to escalate privileges and gain administrative access. Recommendations: At the moment, there is no...

7.8CVSS7.2AI score0.00121EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2025/08/09 12:0 a.m.•27 views

PT-2025-32423 · Bun +4 · Bun +4

Name of the Vulnerable Software and Affected Versions: oak versions 17.1.5 and below Description: oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. Specially crafted values in the x-forwarded-proto or x-forwarded-for...

5.3CVSS6.3AI score0.00388EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2025/04/29 12:0 a.m.•27 views

PT-2025-18175 · Bookgy · Bookgy

Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: The issue is related to a SQL injection vulnerability. This could allow an attacker to retrieve, create, update, and delete databases by sending an HTTP request through the IDTIPO, IDPISTA,...

9.3CVSS7AI score0.00331EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2025/03/12 12:0 a.m.•27 views

PT-2025-11031 · Bitdefender · Bitdefender Box

Name of the Vulnerable Software and Affected Versions: Bitdefender Box 1 versions 1.3.52.928 and below Description: An improper access control issue exists that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signe...

5.7CVSS6.5AI score0.00162EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2025/03/11 12:0 a.m.•27 views

PT-2025-10720 · Rsa · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions 6 through 6.14.00202.10024 Description: The issue allows an authenticated user with record creation privileges to manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request vi...

4.3CVSS6AI score0.0041EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 2025/01/23 12:0 a.m.•27 views

PT-2025-3985 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files Server versions prior to 25.1 Description: The issue allows a highly privileged user to recover external connector passwords due to unsafe password recovery from the configuration. Recommendations: For versions prior to 25.1, update t...

4.6CVSS7.3AI score0.00408EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2024/11/24 12:0 a.m.•27 views

PT-2024-17176 · Unknown · Cph2 Echarge Firmware

Name of the Vulnerable Software and Affected Versions: cph2 echarge firmware versions through 2.0.4 Description: The issue affects devices that communicate with the eCharge cloud infrastructure over an insecure channel, as peer verification is disabled. This allows remote unauthenticated users,...

9.8CVSS8.6AI score0.00417EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 2024/09/16 12:0 a.m.•27 views

PT-2025-8696

Name of the Vulnerable Software and Affected Versions URI gem versions prior to 0.11.3 URI gem versions 0.12.0 through 0.12.3 URI gem versions 0.13.0 through 0.13.1 URI gem versions 1.0.0 through 1.0.2 Description The URI handling methods URI.join, URImerge, URI+ in the URI gem for Ruby have an...

9.8CVSS7.9AI score0.02796EPSS
Exploits2References180
Positive Technologies
Positive Technologies
•added 2023/08/10 12:0 a.m.•27 views

PT-2023-5257 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 20.0.0 through 20.0.14.14 Nextcloud Server versions 21.0.0 through 21.0.9.12 Nextcloud Server versions 22.0.0 through 22.2.10.13 Nextcloud Server versions 23.0.0 through 23.0.12.7 Nextcloud Server versions 24.0.0...

9.8CVSS5.7AI score0.01041EPSS
Exploits6References95
Positive Technologies
Positive Technologies
•added 2023/08/03 12:0 a.m.•27 views

PT-2023-26814 · Crocoblock · Crocoblock Jetelements For Elementor

Name of the Vulnerable Software and Affected Versions: Crocoblock JetElements For Elementor versions 2.6.10 and earlier Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability. This allows for code injection, which can be exploited by attacker...

9CVSS8.9AI score0.00585EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2023/07/04 12:0 a.m.•27 views

PT-2023-18874 · WordPress · Cf7 Google Sheets Connector

Name of the Vulnerable Software and Affected Versions: CF7 Google Sheets Connector WordPress plugin versions prior to 5.0.2 cf7-google-sheets-connector-pro WordPress plugin versions prior to 5.0.2 Description: The issue is related to a Reflected Cross-Site Scripting that could be used against hig...

6.1CVSS6.2AI score0.00458EPSS
Exploits2References5
Positive Technologies
Positive Technologies
•added 2022/10/09 12:0 a.m.•27 views

PT-2022-5400 · Exiv2 +1 · Exiv2 +1

Name of the Vulnerable Software and Affected Versions: Exiv2 affected versions not specified Description: The issue is related to a buffer overflow in the QuickTimeVideo::decodeBlock function of the quicktimevideo.cpp file in the Exiv2 library, which can be exploited by a remote attacker to execu...

10CVSS7.3AI score
Exploits0References8
Positive Technologies
Positive Technologies
•added 2021/02/15 12:0 a.m.•27 views

PT-2021-3110 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.39 through 5.10.16 Description: An issue was discovered in the Linux kernel, as used in Xen, where block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. This issue...

9.8CVSS7.2AI score0.89063EPSS
Exploits261References1357
Positive Technologies
Positive Technologies
•added 2020/07/02 12:0 a.m.•27 views

PT-2020-15427 · Jenkins · Jenkins Github Coverage Reporter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Coverage Reporter Plugin versions 1.8 and earlier Jenkins GitHub Coverage Reporter Plugin versions 1.10 and earlier Description: The issue concerns the storage of secrets in plain text in the global configuration file on the...

4.3CVSS4.3AI score0.00691EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2020/05/04 12:0 a.m.•27 views

PT-2020-3071 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.10 Description: The issue is related to a memory leak in the Linux kernel's rpcsec gss krb5 implementation, specifically in the gss mech free function. This leak occurs when unloading a specific kernel module...

10CVSS6AI score0.78684EPSS
Exploits171References2238
Positive Technologies
Positive Technologies
•added 2026/06/27 12:0 a.m.•26 views

PT-2026-53077

Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.7 Description Authenticated users with Subscriber-level access can delete arbitrary files on the server, including sensitive files like wp-config.php, which may lead to a full site takeover. Th...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•26 views

PT-2026-52470

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user or attacker with a stolen session even when 2FA is already fully enabled on the account. This endpoint overwrites the existi...

5.3CVSS6AI score0.00213EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•26 views

PT-2026-52078

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description Mastodon is a free, open-source social network server based on ActivityPub. The normalization of incoming activities signed with...

5.3CVSS5.9AI score0.00162EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•26 views

PT-2026-50814

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.0 through 9.15 Description Stored cross-site scripting exists in the error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server, such as ErrorResponse messages, object names in...

9.3CVSS5.9AI score0.0021EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•26 views

PT-2026-50731

Name of the Vulnerable Software and Affected Versions Gotenberg version 8.33.0 Description A Server-Side Request Forgery SSRF issue exists in the /forms/libreoffice/convert endpoint. By uploading a specially crafted DOCX document, an attacker can force LibreOffice to retrieve external resources...

7.5CVSS5.8AI score
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•26 views

PT-2026-50794

Name of the Vulnerable Software and Affected Versions conda-smithy versions prior to 3.61.0 Description conda-smithy is a tool that combines a conda recipe with configurations to build using freely hosted CI services into a single repository. A flaw in the conda-forge automated webservices allows...

7.6CVSS5.8AI score0.00201EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•26 views

PT-2026-50626

The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'link' Block Attribute in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.5AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•26 views

PT-2026-50539

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.4 Description Tinyproxy fails to reject requests containing multiple Content-Length headers with differing values. The software forwards all duplicate headers to the backend but uses only the first value to...

9.3CVSS6.1AI score0.00439EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•26 views

PT-2026-49723

Name of the Vulnerable Software and Affected Versions Pacemaker affected versions not specified Description An integer overflow exists in the remote message decompression process. An unauthenticated remote attacker can exploit this by sending a specially crafted compressed remote message before...

8.6CVSS5.9AI score0.0044EPSS
Exploits0References27
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•26 views

PT-2026-50147

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.12 Description When running in BYONM mode nodeModulesDir: "manual", the module resolver fails to validate that a package's resolved entrypoint remains within its node modules// directory. A malicious package.json...

5.5CVSS6AI score0.00135EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•26 views

PT-2026-49850

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the Shared Folders component of Oracle VM VirtualBox. A low-privileged attacker with logon access to the infrastructure where the software executes can compromise the system...

7.5CVSS5.9AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•26 views

PT-2026-49412

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

7.5CVSS5.1AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•26 views

PT-2026-49506

Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...

7.5CVSS5.1AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•26 views

PT-2026-49093

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description Insecure deserialization occurs in glances/outdated.py because the load cache function uses pickle.load to read a version-check cache file. This file is stored at predictable, world-accessible paths...

7.8CVSS6.5AI score0.00303EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•26 views

PT-2026-49119

Name of the Vulnerable Software and Affected Versions Tornado versions prior to 6.5.6 Description Gzip decompression routines process data in limited-size chunks but lack an overall limit for the total size of accumulated decompressed chunks. This allows a malicious server to consume unlimited...

7.5CVSS5.3AI score0.00052EPSS
Exploits0References21
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•26 views

PT-2026-49087

Name of the Vulnerable Software and Affected Versions Canvas plugin for WordPress versions prior to 2.5.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•26 views

PT-2026-49010

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25040308 AVG Antivirus versions prior to VPS 25040308 Norton Antivirus versions prior to VPS 25040308 Avast One versions prior to VPS 25040308 Avast Business Antivirus versions prior to VPS 25040308...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•26 views

PT-2026-48992

Name of the Vulnerable Software and Affected Versions Kitty versions 0.47.0 through 0.47.1 Description In the kitten dnd component, a malicious remote drag-and-drop source can overwrite or truncate arbitrary files that the local user has permission to write. This occurs because remote text/uri-li...

7.6CVSS6.1AI score0.00268EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•26 views

PT-2026-48850

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

5.2AI score0.00294EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•26 views

PT-2026-48861

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a warning with...

2.1CVSS5.3AI score0.00251EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•26 views

PT-2026-48998

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An information disclosure issue exists in the AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown is populated using the AuthKey.user id...

5.3CVSS5.4AI score0.00247EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•26 views

PT-2026-48909

Name of the Vulnerable Software and Affected Versions Aqara Board service affected versions not specified Description The Aqara Board service at the endpoint "op-test.aqara.com" accepts arbitrary MQTT command payloads and forwards them to the platform's HiveMQ broker without authentication. This...

8.6CVSS5.4AI score0.00412EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•26 views

PT-2026-48661

Name of the Vulnerable Software and Affected Versions Check Point Identity Agent Full for Windows OS affected versions not specified Description A local privilege escalation issue exists where an authenticated local user can execute arbitrary code with SYSTEM privileges. This occurs due to improp...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•26 views

PT-2026-48621

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description Jaxp13XPathTemplate evaluated XPat...

8.2CVSS5.8AI score0.00352EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•26 views

PT-2026-48662

Name of the Vulnerable Software and Affected Versions Keras versions prior to 3.14.0 Description A path traversal issue exists in the archive extraction utilities within keras/src/utils/file utils.py. The functions filter safe tarinfos and filter safe zipinfos validate archive member paths agains...

8.1CVSS7.3AI score0.00518EPSS
Exploits1References14
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•26 views

PT-2026-48659

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

6.3CVSS4.9AI score0.00191EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•26 views

PT-2026-48487

Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description A privilege escalation issue in the Command Line Interface CLI of PAN-OS software allows an authenticated administrator to perform actions on the device with root privileges. This affects...

8.5CVSS6.7AI score0.00242EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•26 views

PT-2026-48309

Name of the Vulnerable Software and Affected Versions Spring Security versions 7.0.0 through 7.0.5 Spring Authorization Server versions 1.5.0 through 1.5.7 Description The authorization endpoint performs insufficient validation of the request uri parameter. An attacker can craft a malicious...

6.1CVSS5.9AI score0.00172EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•26 views

PT-2026-47684

Name of the Vulnerable Software and Affected Versions 6Storage Rentals versions prior to 2.22.1 Description An authorization bypass exists in the 6Storage Rentals plugin for WordPress. Unauthenticated attackers can read and modify arbitrary tenant profile data, including names, email addresses,...

7.5CVSS5.3AI score0.00403EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•26 views

PT-2026-48221

Name of the Vulnerable Software and Affected Versions Substance3D Sampler versions 6.0.0 and earlier Description An out-of-bounds write occurs when the software processes a malicious file. This issue can lead to arbitrary code execution within the context of the current user and requires user...

7.8CVSS6.2AI score0.00144EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•26 views

PT-2026-47834

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference occurs in the OpenSSL QUIC server when receiving a QUIC initial packet containing an invalid or expired token. This issue is triggered specifically when address...

7.5CVSS5.5AI score0.00684EPSS
Exploits0References104
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•26 views

PT-2026-47698

Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability...

6.4CVSS5.4AI score0.00133EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•26 views

PT-2026-47510

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient policy enforcement in the Network component allows a remote attacker who has compromised the utility process to leak cross-origin data through the use of a crafted HTML...

9.6CVSS5.9AI score0.01654EPSS
Exploits4References85
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•26 views

PT-2026-47321

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description An out-of-bounds read occurs when using mod headers and mod mime in conjunction with multiple response languages. An out-of-bounds read is a condition where a program reads data past...

9.8CVSS5.3AI score0.41611EPSS
Exploits0References138
Total number of security vulnerabilities5000