Lucene search
K
PtsecurityMost viewed

184334 matches found

Positive Technologies
Positive Technologies
added 2025/06/25 12:0 a.m.25 views

PT-2025-26840 · Onetrust · Onetrust Sdk

Name of the Vulnerable Software and Affected Versions: OneTrust SDK version 6.33.0 Description: The issue allows a local attacker to cause a denial of service via the Object.setPrototypeOf, proto , and Object.assign components. Recommendations: For OneTrust SDK version 6.33.0, consider disabling...

5.7CVSS6.2AI score0.009EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.25 views

PT-2025-26023 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A bug in the Linux kernel has been identified, specifically in the s3fb driver, where the screen size value calculated from user input in the s3fb set par function can be larger than...

7.8CVSS6AI score0.12746EPSS
Exploits16References587
Positive Technologies
Positive Technologies
added 2025/03/25 12:0 a.m.25 views

PT-2025-12828

Name of the Vulnerable Software and Affected Versions NASA cFS Core Flight System Aquila affected versions not specified Description The issue concerns a segmentation fault that can occur in the Memory Management Module of NASA cFS Core Flight System Aquila when a malicious telecommand is sent...

7.5CVSS5.8AI score0.00458EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2025/03/17 12:0 a.m.25 views

PT-2025-11458

Name of the Vulnerable Software and Affected Versions WebAssembly wabt version 1.0.36 Description A critical issue affects the function wabt::interp::anonymous namespace::BinaryReaderInterp::OnExport of the component Malformed File Handler, leading to a heap-based buffer overflow. The attack may ...

8.8CVSS7.1AI score0.00529EPSS
Exploits1References24
Positive Technologies
Positive Technologies
added 2025/03/09 12:0 a.m.25 views

PT-2025-35718

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's netfilter module related to handling duplicate devices during netfilter table updates. Specifically, a chain or flowtable update may proceed with...

5.5CVSS5.5AI score0.00202EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/03/06 12:0 a.m.25 views

PT-2025-25841

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the rseq feature. The issue occurs when the rseq cs field is non-zero during registration, which can cause a segfault on...

5.5CVSS6.4AI score0.00478EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.25 views

PT-2025-3986 · Apache · Apache Httpd

Name of the Vulnerable Software and Affected Versions: Apache HTTPD affected versions not specified Description: The issue concerns a rejected reason related to the Apache HTTPD DNS. No further details are provided about the nature of the issue or its potential impact. There is no information...

7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.25 views

PT-2025-1261 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.13.07.13 Description: A critical issue has been found in the function formSetDevNetName of the file /goform/SetDevNetName, which affects the Tenda AC15 router. The manipulation of the argument mac leads to a stack-based...

9CVSS8.7AI score0.08654EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.25 views

PT-2025-1977 · Go +2 · Github.Com/Ollama/Ollama +2

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: A security issue has been discovered in a famous LLM product. The estimated number of potentially affected devices worldwide is not...

7.5CVSS7.3AI score0.13476EPSS
Exploits5References15
Positive Technologies
Positive Technologies
added 2024/09/23 12:0 a.m.25 views

PT-2024-28848 · Doccano · Doccano

Name of the Vulnerable Software and Affected Versions: Doccano Open source annotation tools for machine learning practitioners version 1.8.4 Doccano Auto Labeling Pipeline module to annotate a document automatically version 0.1.23 Description: The issue allows a remote attacker to escalate...

6.6CVSS7.6AI score0.00667EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.25 views

PT-2024-28540 · Dell · Dell Powerscale Insightiq

Name of the Vulnerable Software and Affected Versions: Dell PowerScale InsightIQ version 5.0 Description: The issue is related to the use of hard-coded credentials in Dell PowerScale InsightIQ. A high-privileged attacker with local access could potentially exploit this, leading to information...

4.4CVSS6.7AI score0.00146EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.25 views

PT-2024-41391 · Suse +7 · Kernel-Azure +12

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name bsc1227716. - CVE-2024-42096: x86: stop playing stack games in profile pc bsc1228633. -...

9.1CVSS8.2AI score0.67994EPSS
Exploits11References674
Positive Technologies
Positive Technologies
added 2024/04/14 12:0 a.m.25 views

PT-2024-27721 · Unknown · Phpgurukul Student Record System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Student Record System version 3.20 Description: A critical issue was found in the PHPGurukul Student Record System, affecting some unknown functionality of the file /edit-subject.php. The manipulation of the arguments sub1, sub2,...

8.8CVSS7.5AI score0.00795EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.25 views

PT-2024-22995 · Google · Android

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to a possible out of bounds read in the tmu get pi function of tmu.c due to improper input validation. This could lead to local information disclosure with no addition...

4.4CVSS6.1AI score0.00087EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.25 views

PT-2024-18358 · Dassault Systèmes · Dassault Systèmes Edrawings

Name of the Vulnerable Software and Affected Versions: Dassault Systèmes eDrawings affected versions not specified Description: The issue allows remote code execution via various file parsing vulnerabilities, including heap-based buffer overflow, memory corruption, out-of-bounds read, out-of-boun...

7.8CVSS8.2AI score0.00338EPSS
Exploits0References42
Positive Technologies
Positive Technologies
added 2023/07/31 12:0 a.m.25 views

PT-2023-14370 · Ibm · Ibm Storage Scale Container Native Storage Access

Name of the Vulnerable Software and Affected Versions: IBM Storage Scale Container Native Storage Access versions 5.1.2.1 through 5.1.6.1 Description: The issue allows a local user to obtain escalated privileges on a host without proper security context settings configured. Recommendations: For...

7.8CVSS7.4AI score0.00168EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.25 views

PT-2023-2775 · Cisco · Cisco Dna Center

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the API of Cisco DNA Center Software. These vulnerabilities could allow an authenticated, remote attacker to read...

8.8CVSS8.9AI score0.00624EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/05/05 12:0 a.m.25 views

PT-2023-23176 · Mage Ai · Mage Ai

Name of the Vulnerable Software and Affected Versions: mage-ai versions 0.8.34 through 0.8.71 Description: The issue affects mage-ai, an open-source data pipeline tool, when used with user authentication enabled. It allows the terminal to be accessed by users who are not signed in or do not have...

9.8CVSS9.4AI score0.00659EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.25 views

PT-2023-18367 · Unknown · Campcodes Retro Basketball Shoes Online Store

Name of the Vulnerable Software and Affected Versions: Campcodes Retro Basketball Shoes Online Store version 1.0 Description: A critical vulnerability was found in the software, affecting the file contactus1.php. The manipulation of the email argument leads to SQL injection. The attack can be...

7.5CVSS8.1AI score0.00607EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.25 views

PT-2023-20852 · Llvm +1 · Llvm +1

Name of the Vulnerable Software and Affected Versions: LLVM version a0dab4950 Description: The issue is related to a segmentation fault in the mlir::outlineSingleBlockRegion function. It is noted that third parties dispute this as a vulnerability because the LLVM security policy excludes issues...

5.5CVSS6.6AI score0.00328EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2023/01/01 12:0 a.m.25 views

PT-2025-37662

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak can occur in the Linux kernel due to a failure during the attachment of fentry probes. When the attachment fails, the allocated bpf trampoline image remains in the system, ...

5.5CVSS6.3AI score0.00145EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/11/30 12:0 a.m.25 views

PT-2022-14002

Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 22.3.11164.0 M-Files Server versions prior to 22.3.11237.1 Description The issue is related to incorrect privilege assignment, allowing a user to read unmanaged objects. Recommendations For versions prior to...

4.3CVSS5AI score0.00454EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/11/10 12:0 a.m.25 views

PT-2022-22958 · Dotcms · Dotcms

Name of the Vulnerable Software and Affected Versions: dotCMS versions prior to 22.06 dotCMS version 5.3.8.12 dotCMS version 21.06.9 dotCMS version 22.03.2 Description: The issue allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a U...

6.1CVSS6.2AI score0.01192EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2022/09/26 12:0 a.m.25 views

PT-2022-16430 · WordPress · Popup Builder

Name of the Vulnerable Software and Affected Versions: WP Popup Builder versions prior to 1.2.9 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page...

6.1CVSS6AI score0.00497EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2022/09/14 12:0 a.m.25 views

PT-2022-6448 · Fortinet · Fortinac

Name of the Vulnerable Software and Affected Versions: Fortinet FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.8, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to an improper neutralization of input...

7.6CVSS5.4AI score0.00514EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/08/26 12:0 a.m.25 views

PT-2022-23551 · Unknown · Simple Task Scheduling System

Name of the Vulnerable Software and Affected Versions: Simple Task Scheduling System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Master.php?f=delete student" endpoint. Recommendations: Fo...

9.8CVSS9.4AI score0.00891EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/07/18 12:0 a.m.25 views

PT-2022-16697 · WordPress · The Visualizer: Tables/Charts Manager For Wordpress

Name of the Vulnerable Software and Affected Versions: The Visualizer: Tables and Charts Manager for WordPress versions up to, and including 3.7.9 Description: The issue concerns deserialization of untrusted input via the remote data parameter. This allows authenticated attackers with contributor...

8.8CVSS8.6AI score0.01762EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2021/02/21 12:0 a.m.25 views

PT-2021-7676 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.161 Description: A vulnerability in the io uring subsystem can leak kernel memory information to the user process. The timens install function calls current is single threaded to determine if the current...

9.8CVSS6.2AI score0.89063EPSS
Exploits222References738
Positive Technologies
Positive Technologies
added 2021/01/22 12:0 a.m.25 views

PT-2021-7753 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability was found in the fs/inode.c:inode init owner function logic of the Linux kernel. This issue allows local users to create files for the XFS file-system with unintended...

9.8CVSS7.2AI score0.89063EPSS
Exploits263References1575
Positive Technologies
Positive Technologies
added 2020/11/02 12:0 a.m.25 views

PT-2020-6661 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to the use of memory after it has been freed in the llcp sock bind function of the NFC protocol in the Linux kernel. This could allow a local attacker to access...

9.8CVSS7.2AI score0.89063EPSS
Exploits245References1384
Positive Technologies
Positive Technologies
added 2018/04/06 12:0 a.m.25 views

PT-2023-2689 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 Description: The issue is related to the copy from user function in the Linux kernel, which does not implement the uaccess begin nospec feature. This allows a...

10CVSS7.3AI score0.9166EPSS
Exploits347References1825
Positive Technologies
Positive Technologies
added 2017/05/07 12:0 a.m.25 views

PT-2017-13: Elevation of Privilege in Microsoft Windows

The specialists of the Positive Research center have detected an Elevation of Privilege vulnerability in Microsoft Windows. An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully...

7.8CVSS8.3AI score0.10034EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2014/10/23 12:0 a.m.25 views

PT-2019-4107 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.34 through 5.2.x Description: A buffer overflow flaw was found in the Linux kernel's vhost functionality, which translates virtqueue buffers to IOVs and logs buffer descriptors during migration. This flaw can be...

10CVSS7.5AI score0.98745EPSS
Exploits215References2221
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.24 views

PT-2026-53464

Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledge bases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit th...

9.6CVSS6AI score0.04417EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.24 views

PT-2026-52759

Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.24 views

PT-2026-52187

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max ttl, count, or time out request parameters due to insufficient input validation when constructing shell...

7.7CVSS6.3AI score0.00675EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.24 views

PT-2026-51901

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential NULL pointer dereference exists in the error path of the ice set ringparam function. The issue occurs because ice set ringparam nullifies the tstamp ring of temporary tx ring...

6AI score0.00155EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.24 views

PT-2026-51458

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Organization team member management can be performed via GET requests without Cross-Site Request Forgery CSRF protection. CSRF is a security flaw where an attacker tricks a logged-in user into executin...

8.8CVSS6AI score0.00248EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.24 views

PT-2026-51372

WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG PATH directory by sending requests with percent-encoded backslashes %5C that bypass the path.Clean sanitization in handler/router.go...

8.7CVSS6AI score0.00408EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.24 views

PT-2026-51407

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A weak parsing issue exists in the x-limited-key-id header. Remote attackers can bypass subkey enforcement by submitting duplicate headers, zero, or malformed values that result in falsy values or N...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.24 views

PT-2026-51462

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description Authenticated users with automation permissions can bypass the Server-Side Request Forgery SSRF blacklist through DNS rebinding. This occurs because the outbound fetch flow resolves the DNS twice:...

8.5CVSS5.8AI score0.00202EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.24 views

PT-2026-51196

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description A security flaw exists in the PROXY ADMIN database API Key Generator component within the authenticate user function of the litellm/proxy/auth/login utils.py file. A remote attacker can...

6.5CVSS6.6AI score0.00262EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.24 views

PT-2026-51258

Name of the Vulnerable Software and Affected Versions kortix-ai suna versions prior to 0.8.39 Description A weakness in the Auth Endpoint component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted websites. The issue exists within...

5.3CVSS5.7AI score0.00288EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.24 views

PT-2026-51229

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 and later Description A stored cross-site scripting issue exists in the User Permissions page. The software fails to properly perform HTML escaping when rendering user group names. This allows attackers with...

4.8CVSS5.8AI score0.00148EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.24 views

PT-2026-51132

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains insufficient authorization checks that allow unauthenticated attackers to delete and modify files on the server. This issue occurs within t...

7.5CVSS5.9AI score0.00433EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50838

Name of the Vulnerable Software and Affected Versions Blocksy Companion versions prior to 2.1.46 Description The Blocksy Companion plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings caused by insufficient input sanitization and output escaping. This allows...

4.4CVSS5.9AI score0.00208EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50837

Name of the Vulnerable Software and Affected Versions BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor versions prior to 4.5.4 Description Stored Cross-Site Scripting occurs via the blockId attribute of the 'betterdocs/category-slate-layout' Gutenberg block. The issue...

6.4CVSS6AI score0.00212EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-51063

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.3 Description When parsing a JSON object with a key of 254 bytes or longer, the Oj.load function in :object mode reads uninitialized stack memory. For keys 256 bytes or longer, the process also performs an out-of-boun...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-51037

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A cross-tenant authorization bypass exists in PostgREST endpoints. This issue allows API keys with organization-level read permissions to access webhook secrets and delivery logs belonging to other...

7.1CVSS5.9AI score0.00241EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50628

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS5.8AI score0.00355EPSS
Exploits0References10
Total number of security vulnerabilities5000