Lucene search
K
PtsecurityMost viewed

184334 matches found

Positive Technologies
Positive Technologies
added 1988/10/01 12:0 a.m.26 views

PT-1988-1001 · Sendmail · Sendmail

Name of the Vulnerable Software and Affected Versions: Sendmail affected versions not specified Description: The issue concerns the debug command in Sendmail, which is enabled, allowing attackers to execute commands as root. Recommendations: At the moment, there is no information about a newer...

10CVSS9.5AI score0.16446EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.25 views

PT-2026-54432

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description Storage Concentrator SC & SCVM contains hardcoded credentials for various internal services within a configuration file. Although these credentials use encoding, the...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.25 views

PT-2026-52767

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.25 views

PT-2026-51579

🚨 CVE-2026-54320 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates user...

8.4CVSS6.2AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.25 views

PT-2026-51426

A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, bt sdp parse attribute accepts an input buffer once it contains the 1-byte attribute type and 2-byte attribute id, but then unconditionally pulls an...

7.1CVSS6AI score0.00173EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.25 views

PT-2026-51374

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 IBM WebSphere Application Server affected versions not specified IBM WebSphere Application Server Liberty affected versions not specified Description A denial of service issue exists in the WebSphere WebServer...

7.5CVSS5.8AI score0.00271EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.25 views

PT-2026-51142

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.1.4 Description Configuration can be injected into the Chainflow during execution through the overrideConfig option, which is available in the frontend web integration and the backend Prediction API. This feature is...

9.8CVSS6.6AI score0.00648EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.25 views

PT-2026-51039

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An authentication logic flaw allows an attacker to register and control an account linked to a victim's email address before the email is verified. By enabling two-factor authentication on this...

9.3CVSS5.9AI score0.00351EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.25 views

PT-2026-51103

Summary A Stored Cross-Site Scripting XSS issue previously existed in the Text Widget in Board of Outerbase Studio where unsanitized HTML could be rendered using dangerouslySetInnerHTML Steps to Reproduce 1. Create a new dashboard. 2. Add a Text widget. 3. Insert the following payload: html...

4.4CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.25 views

PT-2026-50889

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An out-of-bounds read occurs in the NI grpc-device streaming API because of a missing bounds check. This issue can lead to a denial of service if an attacker provides a specially crafted writ...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.25 views

PT-2026-51162

These are all security issues fixed in the freerdp-3.27.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.9AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.25 views

PT-2026-51099

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An Insecure Direct Object Reference IDOR issue exists in the /api/v1/responses endpoint. This occurs because the get flow by id or endpoint name function in src/backend/base/langflow/helpers/flow.py...

9.9CVSS6.3AI score0.00467EPSS
Exploits2References55
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.25 views

PT-2026-51013

Name of the Vulnerable Software and Affected Versions Gonic versions prior to 0.21.0 Description A logic error in the ServeCreateOrUpdatePlaylist function allows for arbitrary file write operations within the music streaming server. Recommendations Update to version 0.21.0 or later. As a temporar...

8.1CVSS5.9AI score0.00269EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.25 views

PT-2026-50676

Name of the Vulnerable Software and Affected Versions Docker Sandboxes affected versions not specified Description Docker Sandboxes sbx fail to re-apply the ICMP egress authorizer to networks rebuilt from disk after a Docker daemon restart. This allows a restart-surviving sandbox to forward ICMP...

5.7CVSS6AI score0.00097EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50229

Name of the Vulnerable Software and Affected Versions Android versions prior to June 2026 Description A logic error in the setAllowedCarriers function within PhoneInterfaceManager.java allows for the disabling of carrier restrictions. This flaw can lead to local escalation of privilege without...

10CVSS5.4AI score0.00155EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50193

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue exists in the Web Authentication component. This allows a remote attacker to execute arbitrary code by inducing the user to open a specially crafted HTML page. U...

9.6CVSS6.3AI score0.00601EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50288

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

8.5CVSS5.8AI score0.00347EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50423

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...

8.5CVSS5.5AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50367

Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8...

8.3CVSS5.2AI score0.00293EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50280

Unauthenticated Local File Inclusion in Reprizo = 1.0.8 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50207

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in Extensions allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML page. Site isolation is a...

9.6CVSS5.8AI score0.00601EPSS
Exploits0References40
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50431

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 4.8 Description An unauthenticated attacker with remote access can exploit the inclusion of functionality from an untrusted control sphere, which may lead to information disclosure. Recommendations Upda...

7.5CVSS5.3AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50262

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

4.9CVSS5AI score0.00437EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50458

Name of the Vulnerable Software and Affected Versions Autodesk Revit affected versions not specified Description A NULL Pointer Dereference occurs when the application attempts to read a memory address that is NULL, typically resulting in a crash. This issue is triggered when a maliciously crafte...

5.5CVSS5.8AI score0.00116EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50488

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains a Broken Object Level Authorization BOLA issue in the builtin search knowledge files function. BOLA occurs when an application does not properly verify if a user has permission...

4.3CVSS6AI score0.00226EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-49938

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue in the Content Server component of Oracle Fusion Middleware allows an unauthenticated attacker with network access via HTTP to compromise the system. The exploitation requires...

9.3CVSS5.9AI score0.00391EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-50060

Name of the Vulnerable Software and Affected Versions Oracle Project Portfolio Analysis versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Project Portfolio Analysis product within Oracle E-Business Suite. A low privileged attacker with...

8.8CVSS5.9AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-50075

Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11.4 prior to SRU93 Description An issue exists in the Remote Administration Daemon that allows an unauthenticated attacker with network access via HTTPS to compromise the system. Successful exploitation can lead to...

10CVSS5.3AI score0.00307EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-51224

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The Docker API server contains an authentication bypass issue caused by a hardcoded default JWT JSON Web Token signing key. A JWT is a compact, URL-safe means of representing claims to be transferre...

9.8CVSS5.9AI score0.00407EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-49958

Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description An issue in the Shell for VS Code component of MySQL Shell allows a low-privileged attacker with network access via HTTP to compromise the software. Successful exploitation can...

9.9CVSS5.8AI score0.00521EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.25 views

PT-2026-49922

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content within Oracle Fusion Middleware. An unauthenticated attacker with network access via HTTP can compromise the...

9.6CVSS5.8AI score0.00416EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.25 views

PT-2026-49149

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.21 Description A path traversal issue exists in the API Endpoint component. A remote attacker can manipulate the cache path relative argument within the userfiles path function of the '/api nosession/thumbnail...

7.5CVSS5.4AI score0.00525EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.25 views

PT-2026-49552

Name of the Vulnerable Software and Affected Versions ws versions 1.1.0 through 5.2.4 ws versions 6.0.0 through 6.2.3 ws versions 7.0.0 through 7.5.10 ws versions 8.0.0 through 8.20.9 Description ws is an open source WebSocket client and server for Node.js. A peer can send a high volume of...

7.5CVSS5.3AI score0.00782EPSS
Exploits1References40
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.25 views

PT-2026-49106

Name of the Vulnerable Software and Affected Versions Iptanus File Upload versions prior to 5.1.7 Description Improper file handling occurs when the duplicatepolicy setting is configured to "maintain both." A Time-of-Check to Time-of-Use TOCTOU race condition—a scenario where a system checks a...

5.4CVSS6AI score0.00159EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.25 views

PT-2026-49090

Name of the Vulnerable Software and Affected Versions Meow Gallery versions prior to 5.4.5 Description The Meow Gallery plugin for WordPress allows unauthorized modification of data because of a missing capability check on the REST API endpoint "/wp-json/meow-gallery/v1/save shortcode"...

4.3CVSS5.3AI score0.00214EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.25 views

PT-2026-49077

Name of the Vulnerable Software and Affected Versions WP Ticket versions prior to 6.0.5 Description The WP Ticket plugin for WordPress allows unauthenticated attackers to extract sensitive information from the database. The issue occurs during unauthenticated front-end searches when the plugin...

7.5CVSS5.5AI score0.0051EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.25 views

PT-2026-49039

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description A configuration enforcement bypass exists in Feishu dynamic-agent bindings. This issue allows authenticated senders to create or update bindings without adhering to the configured config-write...

4.3CVSS5.2AI score0.00166EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.25 views

PT-2026-48818

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link url' parameter of the presto player overlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.25 views

PT-2026-48668

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail id value...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.25 views

PT-2026-48387

Name of the Vulnerable Software and Affected Versions Anti-Spam by CleanTalk. Spam protection WordPress plugin versions prior to 6.79 Description Insufficient sanitization of content within a custom shortcode used in the email-encoding feature allows unauthenticated attackers to perform Stored...

8.8CVSS5.4AI score0.00296EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.25 views

PT-2026-48357

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.2.7.3256 build 20250913 Description An access-control flaw exists in legacy environments where the NFS Network File System service is enabled. When NFS share settings are permissive, specifically using a wildcard host...

9.8CVSS5.3AI score0.0029EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.25 views

PT-2026-48312

Name of the Vulnerable Software and Affected Versions Spring Data MongoDB versions 5.0.0 through 5.0.5 Spring Data MongoDB versions 4.5.0 through 4.5.11 Spring Data MongoDB versions 4.4.0 through 4.4.14 Spring Data MongoDB versions 4.3.0 through 4.3.16 Spring Data MongoDB versions 4.2.0 through...

5.9CVSS5.8AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.25 views

PT-2026-47976

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description An elevation-of-privilege issue exists due to a server-side request forgery SSRF flaw. This occurs because of insufficient input validation of URLs in the attachment preview...

9CVSS7.3AI score0.00465EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.25 views

PT-2026-48269

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description An incorrect authorization flaw allows a high-privileged attacker to achieve arbitrary code execution in the context of the current user. This issue...

9.1CVSS6AI score0.07535EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.25 views

PT-2026-47795

Name of the Vulnerable Software and Affected Versions Waves Central for macOS versions 13.0.9 through 16.5.5 Description A trusted XPC client component is signed with hardened runtime entitlements that allow dynamic library injection. A local attacker can use the DYLD INSERT LIBRARIES environment...

7.8CVSS6AI score0.00151EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.25 views

PT-2026-48323

Name of the Vulnerable Software and Affected Versions Spring for Apache Kafka versions 4.0.0 through 4.0.5 Spring for Apache Kafka versions 3.3.0 through 3.3.15 Spring for Apache Kafka versions 3.2.0 through 3.2.13 Spring for Apache Kafka versions 2.9.0 through 2.9.13 Spring for Apache Kafka...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.25 views

PT-2026-47612

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description In the network application framework, DefaultHttp2Connection.DefaultEndpoint initializes maxActiveStreams and maxStreams to Integer.MAX VALUE, while...

5.3CVSS5.2AI score0.00292EPSS
Exploits0References53
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.25 views

PT-2026-47545

Summary An attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses can bypass the restrictions. Details io.netty.handler.ipfilter.IpSubnetFilterRulecompareTojava.net.InetSocketAddress method performs a bitwise AND...

8.1CVSS5.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.25 views

PT-2026-47170

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.25 views

PT-2026-47127

Name of the Vulnerable Software and Affected Versions MDJM Event Management plugin for WordPress versions prior to 1.7.8.4 Description The plugin allows arbitrary file upload because it does not perform validation on the file type, extension, or MIME type of uploaded files. This issue occurs with...

7.2CVSS6AI score0.00659EPSS
Exploits1References14
Total number of security vulnerabilities5000