Lucene search
K
PtsecurityMost viewed

184322 matches found

Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•25 views

PT-2026-46292

Name of the Vulnerable Software and Affected Versions Neterbit NW-431F Router versions prior to 20241014-IR03 Description The network diagnosis ping module allows OS command injection because the application fails to properly sanitize user input in the IP address field before passing it to the...

9.8CVSS5.8AI score0.01026EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•25 views

PT-2026-46139

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description An issue exists where a crafted ISO image can lead to file overwrite via directory traversal during the deployment process. Directory traversal is a technique that allows an attacker to...

8.1CVSS5.4AI score0.00601EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•25 views

PT-2026-49160

Root has patched NSWG-ECO-154 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•25 views

PT-2026-46386

Name of the Vulnerable Software and Affected Versions Network sockets subsystem affected versions not specified Description An out-of-bounds write and read issue exists in the TLS socket connect path within the network sockets subsystem, specifically in the subsys/net/lib/sockets/sockets tls.c...

6.3CVSS5.7AI score0.0032EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•25 views

PT-2026-46005

Name of the Vulnerable Software and Affected Versions Kimi AI version 1.0 Description A Cross Site Scripting issue exists in the 'Preview' feature of the web interface. The application does not properly sanitize or encode HTML or JavaScript payloads produced by the AI model. When a user accesses...

6.3CVSS6.1AI score0.0027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•25 views

PT-2026-46908

Name of the Vulnerable Software and Affected Versions Widget Factory Joomla Content Editor JCE versions 1.0.0 through 2.9.99.4 Description An improper access control issue in the JCE editor extension for Joomla allows unauthenticated users to create new editor profiles. This flaw enables the uplo...

10CVSS7.7AI score0.80425EPSS
Exploits18References107
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•25 views

PT-2026-46464

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A type confusion issue exists in V8, the JavaScript and WebAssembly engine. This allows a remote attacker to execute arbitrary code within a sandbox by inducing a user to open a special...

9.6CVSS6.4AI score0.00985EPSS
Exploits0References434
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•25 views

PT-2026-46491

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A type confusion issue exists in the Media component, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Type confusio...

9.6CVSS6.4AI score0.00456EPSS
Exploits0References438
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•25 views

PT-2026-45673

A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...

4.8CVSS5.8AI score0.00124EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•25 views

PT-2026-45782

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...

6.9CVSS5.7AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•25 views

PT-2026-45798

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•25 views

PT-2026-45259

Content removed...

5.7CVSS5.8AI score0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•25 views

PT-2026-45591

In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00071EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•25 views

PT-2026-45577

Name of the Vulnerable Software and Affected Versions Android Framework affected versions not specified Description An incorrect bounds check in the setTo function within ResourceTypes.cpp can lead to a read out of bounds. This issue allows for local information disclosure without requiring...

3.3CVSS5.6AI score0.00069EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•25 views

PT-2026-45575

In multiple functions of ubsan throwing runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•25 views

PT-2026-45463

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•25 views

PT-2026-45518

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

8.8CVSS5.9AI score0.00393EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•25 views

PT-2026-45280

Name of the Vulnerable Software and Affected Versions Apache Directory LDAP API version 2.1.7 Description The LDAP client implementation fails to verify if the server certificate matches the intended LDAP hostname. Although the certificate chain is validated against a trusted authority, the lack ...

8.8CVSS5.8AI score0.00182EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•25 views

PT-2026-45402

A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /manage payment.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•25 views

PT-2026-45535

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•25 views

PT-2026-44742

Name of the Vulnerable Software and Affected Versions ASUS System Control Interface affected versions not specified Description An incorrect permission assignment for critical resources in the ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary...

7.3CVSS6AI score0.00135EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•25 views

PT-2026-44477

Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Ubuntu Linux version 6.17 Ubuntu Linux version 7.0 Description AppArmor SAUCE patches contain an issue where the system incorrectly attempts to free a pointer that was not previously allocated via kmalloc, while...

6.1CVSS5.8AI score0.00093EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•25 views

PT-2026-44283

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the btrfs file system where the last unlink trans field is not updated when removing a directory. This can lead to incorrect fsync behavior if a user performs an fsync...

5.5CVSS5.8AI score0.00128EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•25 views

PT-2026-44360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An overflow issue exists in the drm/amdgpu/vcn3 component during the message bound check process. Recommendations At the moment, there is no information about a newer version that contai...

9.8CVSS5.9AI score0.03663EPSS
Exploits17References284
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•25 views

PT-2026-44306

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A use-after-free issue exists in the Linux kernel within the DAMON sysfs schemes. The damon sysfs quot goal-path variable ca...

9.8CVSS6AI score0.03663EPSS
Exploits17References278
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•25 views

PT-2026-44267

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An error unwind issue exists in the RDMA mana component. Specifically, the mana ib create qp rss function fails to properly...

9.8CVSS5.9AI score0.03663EPSS
Exploits11References290
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•25 views

PT-2026-44344

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the EDAC/versalnet component. The init one mc function allocates memory for a device name using kzalloc, which is then assigned to dev-init name. Because device...

9.8CVSS6AI score0.00525EPSS
Exploits4References286
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•25 views

PT-2026-44237

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA rxe driver where the atomic write reply function in drivers/infiniband/sw/rxe/rxe resp.c unconditionally dereferences 8 bytes from the payload addrpkt. The...

7.5CVSS5.8AI score0.00467EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•25 views

PT-2026-44007

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get resource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

8.7CVSS5.8AI score0.00409EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•25 views

PT-2026-44139

Description SymfonyComponentMimeHeaderParameterizedHeader and the related parameter handling reachable from SymfonyComponentMimeHeaderHeaders is responsible for serializing structured headers such as Content-Type and Content-Disposition, which carry key=value parameters e.g. Content-Disposition:...

7.1CVSS5.8AI score0.00056EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•25 views

PT-2026-43298

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•25 views

PT-2026-43259

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.06582EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•25 views

PT-2026-43428

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.2 Description Improper access controls exist within the AiragModelController component. A remote attacker can exploit this by manipulating the list/queryById argument, leading to unauthorized access...

5.3CVSS5.8AI score0.00222EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/05/25 12:0 a.m.•25 views

PT-2026-43033

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-fab versions prior to 3.6.4 Description Apache Airflow FAB Auth Manager is subject to an LDAP filter injection, which occurs when user-supplied input is improperly sanitized before being used in an LDAP filter. This...

5.8AI score0.00574EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/24 12:0 a.m.•25 views

PT-2026-42949

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists in the formWlSiteSurvey function within the '/goform/formWlSiteSurvey' endpoint when manipulating th...

9CVSS7.5AI score0.00445EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•25 views

PT-2026-42688

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description In pkg/builder/builder.go, the software passes the Environment.spec.builder.command variable directly into the exec.Command function after a strings.Fields split without validating the executable pa...

6.9CVSS6.1AI score0.00364EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/05/19 12:0 a.m.•25 views

PT-2026-41977

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description A stored cross-site scripting XSS issue exists due to improper sanitization of elements. The application permits the use of javascript: URIs within the src attribute, which execute when a malicious...

9.3CVSS5.4AI score0.0023EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/19 12:0 a.m.•25 views

PT-2026-41840

Name of the Vulnerable Software and Affected Versions Piotnet Addons for Elementor Pro versions prior to 7.1.71 Description Missing file type validation in the pafe ajax form builder function allows unauthenticated attackers to upload arbitrary files to the server. The plugin employs an incomplet...

9.8CVSS6.2AI score0.00953EPSS
Exploits2References6
Positive Technologies
Positive Technologies
•added 2026/05/18 12:0 a.m.•25 views

PT-2026-41774

Name of the Vulnerable Software and Affected Versions TinyIce versions 0.8.95 through 2.4.1 Description TinyIce is a streaming server for audio and video. A missing authentication check on the WebRTC ingest endpoint 'POST /webrtc/source-offer?mount=' allows unauthenticated users to inject streams...

8.2CVSS5.7AI score0.00357EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/05/18 12:0 a.m.•25 views

PT-2026-41767

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of the docker cp command. When copying files into a container, the daemon creates a temporary filesystem view by bind-mounting volumes. A process...

7.2CVSS5.9AI score0.00104EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/05/18 12:0 a.m.•25 views

PT-2026-41689

Name of the Vulnerable Software and Affected Versions Neotoma versions 0.6.0 through 0.11.0 Description Neotoma can treat public reverse-proxied requests as local when the application receives them over a loopback socket and no Bearer token is present. This occurs in deployments behind a reverse...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/05/14 12:0 a.m.•25 views

PT-2026-41186

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description The task create tool spawns durable sub-agents that inherit insecure default settings. Specifically, the allow shell variable defaults to true and the auto approve variable defaults to true. When ...

9.6CVSS5.9AI score0.0026EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/05/14 12:0 a.m.•25 views

PT-2026-41145

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions prior to 2.39.0 Description The backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function ExtractTarGz in api/archive/targz.go constructs...

5.5CVSS5.9AI score0.00606EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 2026/05/14 12:0 a.m.•25 views

PT-2026-41185

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description Server-Side Request Forgery SSRF occurs when the application fails to properly validate IPv6 addresses provided directly in a URL, such as http://::1. While the system validates hostnames that...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/05/14 12:0 a.m.•25 views

PT-2026-41176

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.31 Description A Cross-Site Scripting issue exists in the SVG renderer implementation. This allows the permanent storage of HTML or JavaScript code within the application, which is then executed in the context ...

5.1CVSS5.8AI score0.00165EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/05/12 12:0 a.m.•25 views

PT-2026-40001

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS6AI score0.00195EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/12 12:0 a.m.•25 views

PT-2026-40439

Name of the Vulnerable Software and Affected Versions DNS Cluster affected versions not specified Description SSL verification is disabled in the DNS Cluster system. This allows a malicious server to perform a man-in-the-middle attack, which is a technique where an attacker intercepts communicati...

8.2CVSS5.8AI score0.00252EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/05/12 12:0 a.m.•25 views

PT-2026-39986

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

7.2CVSS5.9AI score0.00274EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/12 12:0 a.m.•25 views

PT-2026-40101

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability i...

8.5CVSS5.8AI score0.00147EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/11 12:0 a.m.•25 views

PT-2026-39574

Zephyr sockets created with IPPROTO TLS 1 3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtls ssl conf min tls version. The ClientHello advertises both versions and the...

5.3CVSS5.8AI score0.00243EPSS
Exploits1References2
Total number of security vulnerabilities5000