Lucene search
K
PtsecurityMost viewed

184319 matches found

Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.26 views

PT-2026-46217

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable...

8.1CVSS5.7AI score0.00268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.26 views

PT-2026-46190

Name of the Vulnerable Software and Affected Versions Streamlit versions prior to 1.53.0 Description An issue exists in the Palette Handler component within the lib/streamlit/runtime/caching/hashing.py library. Manipulation of an unknown function in this library can lead to the use of a weak hash...

4.7CVSS4.7AI score0.00083EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.26 views

PT-2026-46879

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

2.1CVSS5.8AI score0.00021EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.26 views

PT-2026-45903

Name of the Vulnerable Software and Affected Versions Vinyl Cache versions prior to 9.0.1 Varnish Cache versions prior to 9.0.3 Description A deficiency in HTTP/2 request parsing allows for a backend request desync attack, also known as request smuggling. This issue can lead to cache poisoning,...

2.3CVSS5.8AI score0.00349EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.26 views

PT-2026-45913

Name of the Vulnerable Software and Affected Versions Java affected versions not specified Description Two issues exist regarding Java deserialization filters. First, a filter bypass occurs when a serialized stream contains a TC PROXYCLASSDESC marker for a java.lang.reflect.Proxy. In this case,...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.26 views

PT-2026-45864

Name of the Vulnerable Software and Affected Versions Dräger Zeus Infinity Empowered Zeus IE affected versions not specified Dräger Zeus RS C500 affected versions not specified Description A local security issue exists in anesthesia workstations that allows unauthorized individuals with physical...

7CVSS5.4AI score0.00169EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.26 views

PT-2026-45682

Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web action data URL parameter...

6.1AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.26 views

PT-2026-45557

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.26 views

PT-2026-45623

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

8.6CVSS6.7AI score0.00162EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.26 views

PT-2026-45532

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions 0.8.0 through 1.0.3 Description In Nextcloud Tables, the view filter criteria is exposed to users who possess read-only permissions. Recommendations Update to version 1.0.4 or 2.0.0...

4.3CVSS5.4AI score0.00222EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.26 views

PT-2026-45654

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description Kiteworks is a private data network PDN. Multiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms allow an authenticated attacker with the FormBuilder role to retrieve information on o...

8.8CVSS5.7AI score0.00667EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.26 views

PT-2026-45491

Summary Vitest browser mode served / vitest test / with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vite...

9.6CVSS6.1AI score0.0005EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.26 views

PT-2026-45658

Name of the Vulnerable Software and Affected Versions Strongbox affected versions not specified Description Memory corruption occurs when using Strongbox due to a missing bounds check. A bounds check is a security mechanism that ensures a program does not access memory outside the boundaries of a...

8.8CVSS5.8AI score0.00075EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.26 views

PT-2026-45446

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00276EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.26 views

PT-2026-45483

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

2.1CVSS5.7AI score0.00018EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.26 views

PT-2026-45098

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC version 1.23 Description A stack-based buffer overflow occurs in the POST Request Handler component. A remote attacker can trigger this issue by manipulating the pppUserName argument within the formWanTcpipSetup function of th...

9CVSS8AI score0.00472EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.26 views

PT-2026-45089

Name of the Vulnerable Software and Affected Versions Spectra Gutenberg Blocks – Website Builder for the Block Editor versions prior to 2.19.26 Description The plugin is susceptible to Remote Code Execution, allowing authenticated attackers with Contributor-level access or higher to execute code ...

8.8CVSS6.2AI score0.01174EPSS
Exploits3References12
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.26 views

PT-2026-44894

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

2.3CVSS5.9AI score0.00185EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.26 views

PT-2026-44231

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the ipmi:si component where the driver fails to return to a normal state when message allocation fails,...

9.8CVSS6AI score0.03663EPSS
Exploits17References284
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.26 views

PT-2026-44257

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A NULL dereference occurs in the Linux kernel when the cros typec register thunderbolt function fails to initialize the adata-lock mutex. This issue manifests when the uninitialized mutex i...

9.8CVSS5.9AI score0.03663EPSS
Exploits17References279
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.26 views

PT-2026-44372

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description A time-to-check-time-of-use TOCTOU issue in the polkit authentication of qSnapper allows a local attacker to bypass the authentication mechanism. This can enable the attacker to perform operations...

8.1CVSS5.9AI score0.00136EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.26 views

PT-2026-43904

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A flaw exists in the IPv4 ICMP implementation where the system fails to validate the reply type before accessing the icmp...

8.2CVSS6AI score0.00433EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.26 views

PT-2026-43439

Name of the Vulnerable Software and Affected Versions ctdb versions prior to 4.23.8+git.477.f78166bceed-1.1 Description A denial of service issue exists against the AD DC WINS server. Recommendations Update to version 4.23.8+git.477.f78166bceed-1.1...

7.8CVSS5.4AI score0.02669EPSS
Exploits0References47
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.26 views

PT-2026-45149

Name of the Vulnerable Software and Affected Versions MariaDB server versions 10.6.1 through 10.6.25 MariaDB server versions 10.11.1 through 10.11.16 MariaDB server versions 11.4.1 through 11.4.10 MariaDB server versions 11.8.1 through 11.8.6 MariaDB server version 12.3.1 Description The mbstream...

7.8CVSS5.2AI score0.00135EPSS
Exploits0References36
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.26 views

PT-2026-42930

CVE-2026-5297 - Here is a title for the vulnerability: Apache Struts Deserialization Remote Code Execution Vulnerability CVE ID :CVE-2026-5297 Published : May 21, 2026, 11:16 p.m. | 2 hours, 24 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numberi...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.26 views

PT-2026-42801

Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are handled. In src/crypto.cpp, the custom verify callback treats X509 V ERR UNABLE TO GET ISSUER CERT...

9.8CVSS5.7AI score0.00291EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.26 views

PT-2026-42101

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS6AI score0.00539EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.26 views

PT-2026-41783

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description The Postgres protocol parser incorrectly assumes that BIND message payloads contain a valid NUL-terminated portal name. When processing a crafted empty or unterminated...

7.5CVSS6AI score0.00342EPSS
Exploits1References50
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.26 views

PT-2026-41669

Name of the Vulnerable Software and Affected Versions SGLangs multimodal generation runtime affected versions not specified Description An unauthenticated path traversal flaw allows an attacker to write arbitrary files to any location where the server process has write permissions. This is achiev...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.26 views

PT-2026-41648

Name of the Vulnerable Software and Affected Versions Net::Statsd::Lite versions prior to 0.10.0 Description Net::Statsd::Lite for Perl allows metric injections because the set add function does not validate values for newlines, colons, or pipes. This allows metrics generated from untrusted sourc...

7.3CVSS5.8AI score0.00226EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.26 views

PT-2026-41157

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.8.9 Description Persistent local-pty code execution is possible through the import of bookmark JSON files or compromised synchronization targets such as gist or WebDAV. An attacker can inject exec fields or global...

9.4CVSS6.4AI score0.00234EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.26 views

PT-2026-40566

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics affected versions not specified Description The software contains a JDBC driver for H2 databases that allows external script execution. This occurs when a data source administrator creates a...

9.1CVSS5.8AI score0.00342EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.26 views

PT-2026-39928

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP and ABAP Platform affected versions not specified Description An OS Command Injection issue allows an authenticated attacker with administrative access to execute specially crafted shell commands on th...

6.5CVSS6AI score0.01398EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.26 views

PT-2026-39963

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the save settings function, which is registered on the admin post cccf7 save...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.26 views

PT-2026-39954

The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saab cancel booking function in all versions up to, and including, 1.0.8. The nonce check uses && AND instead of || OR...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.26 views

PT-2026-39853

Name of the Vulnerable Software and Affected Versions jotty·page versions prior to 1.22.0 Description An unauthenticated path traversal issue exists in the '/api/app-icons/filename' endpoint. The filename route parameter is joined into a filesystem path without proper traversal or boundary...

8.2CVSS5.8AI score0.00318EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.26 views

PT-2026-39736

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting XSS vulnerability exists in lista arquivos etapa.php due to improper handling of user-supplied input. The id processo parameter is directly embedded into the HTML without sanitization,...

6.1CVSS6AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.26 views

PT-2026-39681

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX API HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization header...

5CVSS5.8AI score0.00119EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.26 views

PT-2026-39722

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flooding protection. This allows a specially crafted XML document to trigger hash flooding, a...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References46
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.26 views

PT-2026-39502

Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes when other logged-in...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.26 views

PT-2026-39542

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A flaw in the SMF component allows remote attackers to cause a denial of service. The issue exists within the update authorized pcc rule and qos function located in the /src/smf/npcf-handler.c file...

5.3CVSS5.8AI score0.00372EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.26 views

PT-2026-39317

Name of the Vulnerable Software and Affected Versions Gibbon versions prior to 30.0.01 Description An authenticated SQL Injection exists in the Tracking/graphing feature. Users with Teacher or higher privileges can abuse this functionality to perform unintended read and write activities on the...

7CVSS5.9AI score0.00226EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.26 views

PT-2026-39100

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between task migration and iteration within the cgroup component. When a task is migrated out of a css set, the cgroup migrate add task function moves the task fr...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.26 views

PT-2026-39219

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.1.0 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The 'extractArchive' and 'compressFiles' endpoints in file-manager.ts use double-quot...

8.7CVSS5.8AI score0.01207EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.26 views

PT-2026-38406

Name of the Vulnerable Software and Affected Versions Vercel CLI versions 50.16.0 through 52.0.0 Description When running in non-interactive mode via the --non-interactive flag or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads containing suggested follow-up...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.26 views

PT-2026-38350

Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One...

5.3CVSS5.8AI score0.003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.26 views

PT-2026-45198

Name of the Vulnerable Software and Affected Versions D-Link DI-8400 versions prior to 16.07.26A1 Description A stack-based buffer overflow occurs in an unknown function within the '/dbsrv.asp' endpoint. This issue is triggered by manipulating the str argument, allowing for remote exploitation. A...

9CVSS8.5AI score0.005EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.26 views

PT-2026-38610

Name of the Vulnerable Software and Affected Versions FacturaScripts affected versions not specified Description A flaw in the Plugins::add function allows for a Zip Slip attack. The system does not properly validate file paths within uploaded ZIP archives in the Plugins.php file. Although the...

7.2CVSS6.2AI score0.00522EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.26 views

PT-2026-39412

Name of the Vulnerable Software and Affected Versions Next.js versions 13.0.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using beforeInteractive scripts combined with untrusted content are susceptible to cross-site scripting XSS, a flaw where malicious scripts...

6.4CVSS5.8AI score0.00205EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.26 views

PT-2026-37690

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this...

5.8CVSS6.8AI score0.03613EPSS
Exploits0References11
Total number of security vulnerabilities5000