Lucene search
K
PtsecurityMost viewed

184253 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.48 views

PT-2026-49215

WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoin...

6.9CVSS5.4AI score0.00374EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.48 views

PT-2026-42911

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.23 Description An injection issue exists in the Skills Guard Multi-Word Prompt Handler component within the file agent/skills guard.py. The flaw allows remote exploitation through the...

7.5CVSS7.1AI score0.00305EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.48 views

PT-2026-40430

An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...

8.4CVSS6AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.48 views

PT-2026-39241

Name of the Vulnerable Software and Affected Versions eventsource-encoder versions prior to 1.0.2 Description The software fails to sanitize the event and id fields of an EventSourceMessage before serialization in the encodeMessage function. An attacker who controls these fields can inject...

5.8CVSS6AI score0.00277EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.48 views

PT-2024-19351 · Ibm · Ibm Txseries For Multiplatforms

Name of the Vulnerable Software and Affected Versions: IBM TXSeries for Multiplatforms version 8.2 Description: The issue allows web pages to be stored locally, which can then be read by another user on the system. Recommendations: For IBM TXSeries for Multiplatforms version 8.2, consider...

4CVSS6.3AI score0.00217EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/26 12:0 a.m.48 views

PT-2024-6814 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 129.0.6668.58 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in the Autofill feature, allowing a remote attacker to perform UI spoofing via a...

8.8CVSS5.1AI score0.00472EPSS
Exploits2References60
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.47 views

PT-2026-51626

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description An authorization bypass exists where three API endpoints are protected by write-level middleware instead of administrator-level middleware. This allows a collaborator with write access to perfor...

7.1CVSS5.9AI score0.00478EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.47 views

PT-2026-50528

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An out-of-bounds write issue exists in the ssh2 transport read function due to an integer overflow and a failure to enforce upper bounds on the packet length field. A remote attacker operating a...

10CVSS7.9AI score0.00732EPSS
Exploits11References108
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.47 views

PT-2026-44608

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in ANGLE. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially...

9.6CVSS5.8AI score0.00368EPSS
Exploits0References156
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.47 views

PT-2026-39329

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This occurs because the...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.47 views

PT-2026-30458

🚨 LIVE HIJACK ALERT — CVE-2026-55555. CVSS 9.3. langchain agents reading tool output as trusted input. attacker returns malicious prompt in tool result. agent executes it as instruction. investigating. 🧵...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.47 views

PT-2024-8746 · Siemens · Tecnomatix Plant Simulation +1

Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter Visualization versions prior to V2312.0008 Teamcenter Visualization versions prior to V2406.0005 Tecnomatix Plant Simulatio...

7.8CVSS7.5AI score0.00272EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/06/12 12:0 a.m.47 views

PT-2023-24676 · Srs · Srs

Name of the Vulnerable Software and Affected Versions: SRS versions prior to 5.0.157 SRS versions prior to 5.0-b1 SRS versions prior to 6.0.48 Description: The issue concerns a drive-by command injection in the api-server server. An attacker can send a request to the "/api/v1/snapshots" endpoint...

7.5CVSS8.1AI score0.0876EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.46 views

PT-2026-42142

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

7.2CVSS5.8AI score0.00349EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.46 views

PT-2026-41441

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts...

6.9CVSS5.8AI score0.00146EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.46 views

PT-2026-40780

Name of the Vulnerable Software and Affected Versions @strapi/upload versions prior to 5.33.3 Description In the Upload plugin, Content API endpoints failed to enforce administrator-configured MIME type restrictions defined in plugin.upload.security.allowedTypes and deniedTypes. While these...

5.3CVSS5.9AI score0.00195EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.46 views

PT-2022-20570 · Sourcegraph · Sourcegraph

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 3.41.0 Description: The issue allows an attacker to delete other users’ saved searches due to a bug in the authorization check. It does not allow the reading of other users’ saved searches, only overwriting them...

4.3CVSS4.4AI score0.00417EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/06/22 12:0 a.m.46 views

PT-2021-19867 · Ory · Ory Oathkeeper

Name of the Vulnerable Software and Affected Versions: ORY Oathkeeper versions prior to v0.38.12-beta.1 Description: The issue arises when a request is made to an endpoint requiring a specific scope, and the access token is granted with that scope, making introspection valid and caching the token...

7.5CVSS7AI score0.01298EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.45 views

PT-2026-53359

NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query packets and insert functions...

9.8CVSS5.8AI score0.00603EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.45 views

PT-2026-49921

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content. A high privileged attacker with network access via HTTP can compromise the system, potentially leading to a fu...

8.4CVSS5.8AI score0.00398EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.45 views

PT-2026-48933

Name of the Vulnerable Software and Affected Versions apptainer versions prior to 1.5.1 Description Incorrect path matching occurs within the limit container paths directive. This issue specifically affects SUID installations where paths listed in limit container paths are string prefixes of othe...

4.8CVSS5.9AI score
Exploits0References39
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.45 views

PT-2026-37351

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking form page url' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6AI score0.0045EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.45 views

PT-2026-21948

Name of the Vulnerable Software and Affected Versions Cisco UCS Manager Software affected versions not specified Description A flaw exists in the NX-OS CLI privilege levels of Cisco UCS Manager Software that could allow an authenticated, local attacker with read-only privileges to modify files an...

4.4CVSS5.2AI score0.00095EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/25 12:0 a.m.45 views

PT-2025-26855 · Microsens · Microsens Nmp Web+

Name of the Vulnerable Software and Affected Versions: MICROSENS NMP Web+ versions prior to 3.3.0 Description: The issue allows an unauthenticated attacker to generate forged JSON Web Tokens JWT to bypass authentication. This could potentially lead to full system control. Organizations worldwide...

9.3CVSS9.4AI score0.00536EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.45 views

PT-2023-3288 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Designer versions 12.4.1 and earlier Description: The issue is related to an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th...

7.8CVSS7.7AI score0.00313EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2021/09/14 12:0 a.m.45 views

PT-2021-22382 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.19.0 Description: The issue allows remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the "/rest/api/1.0/render" endpoint...

5.3CVSS7AI score0.01422EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.44 views

PT-2026-48908

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

9.6CVSS5.3AI score0.00244EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.44 views

PT-2026-46196

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.44 views

PT-2026-46054

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software uses deprecated SHA-1 hashing for IWF CSAM URL matching and CIPA blocklist matching. SHA-1 is a cryptographic hash function that is no longer considered secure against well-funded...

5.8AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.44 views

PT-2026-37991

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

3.1CVSS5.8AI score0.00553EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.44 views

PT-2026-1014

Name of the Vulnerable Software and Affected Versions code-projects Online Guitar Store version 1.0 Description A SQL injection issue exists in code-projects Online Guitar Store version 1.0. The issue is located in an unknown function within the /admin/Create product.php file. Manipulating the dr...

9.8CVSS7.2AI score0.00329EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.44 views

PT-2022-27518 · Acronis +1 · Acronis Cyber Protect Home Office +4

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Home Office Windows versions prior to build 40173 Acronis Agent Windows versions prior to build 30600 Acronis Cyber Protect 15 Windows versions prior to build 30984 Description: The issue is related to local privilege...

8.8CVSS8.2AI score0.00469EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.43 views

PT-2026-53004

Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description The in http and in forward plugins support gzip-compressed data but only enforce size limits on the compressed payloads via settings like body size limit and chunk size limit. Because no limit is...

7.5CVSS7.1AI score0.0063EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.43 views

PT-2026-40607

Name of the Vulnerable Software and Affected Versions bandit versions 1.4.0 through 1.11.0 Description An unauthenticated remote attacker can cause a denial of service via memory exhaustion. The read data/2 function in Elixir.Bandit.HTTP1.Socket ignores the :length option when processing HTTP/1...

8.7CVSS5.8AI score0.00642EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.43 views

PT-2026-36635

Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 2.5.9 Apache OpenNLP versions prior to 3.0.0-M3 Description The DictionaryEntryPersistor class initializes a static SAXParserFactory without enabling FEATURE SECURE PROCESSING or disabling DTD processing. When...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.43 views

PT-2026-2109

Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to commit 55d4206c9 Description llama.cpp is an inference engine for several Large Language Models LLMs implemented in C/C++. The software parses the n discard parameter directly from JSON input in its completion...

9.8CVSS7.7AI score0.00438EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2024/12/03 12:0 a.m.43 views

PT-2024-27461 · Matrix · Synapse

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.106 Description: Synapse, an open-source Matrix homeserver, allows unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. This...

8.7CVSS6.6AI score0.00715EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2021/12/14 12:0 a.m.43 views

PT-2021-24346 · Openzeppelin · Openzeppelin Contracts

Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 3.2.0 through 4.4.0 Description: The issue concerns initializer functions that are invoked separate from contract creation, such as minimal proxies, which may be reentered if they make an untrusted non-view...

5.6CVSS5.5AI score0.00494EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.42 views

PT-2026-47172

An autonomous AI security agent just found 21 zero-days in FFmpeg for $1,000. Some were 23 years old. All came with working PoCs. CVE-2026-39210 through 39218 assigned. 12 more fixed, not yet numbered. This is what commodity AI vulnerability research https://t.co/zpeiwGSVQh https://t.co/ad6T1JxzD...

5.7AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.42 views

PT-2026-46951

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description A stored cross-site scripting issue exists where attackers can inject malicious scripts through media file metadata tags, specifically GENRE, ARTIST, and ALBUM. These payloads execute within the we...

7.2CVSS5.2AI score0.00197EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.42 views

PT-2026-45586

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description An out-of-bounds read exists in the validateNode function within ResourceTypes.cpp due to an incorrect bounds check. This flaw allows for local escalation of privilege without requiring...

7.8CVSS5.9AI score0.00079EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.42 views

PT-2026-34090

Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft component: Absence Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft...

6.5CVSS5.7AI score0.00373EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.42 views

PT-2026-22404

Name of the Vulnerable Software and Affected Versions nimiq/core-rs-albatross versions prior to 1.2.2 Description A malicious or compromised validator, if elected as a proposer, could publish a macro block proposal where the header.body root does not match the actual macro body hash. Proposal...

7.1CVSS6AI score0.00204EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.41 views

PT-2026-34182

A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to...

5.3CVSS5.4AI score0.00267EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/29 12:0 a.m.41 views

PT-2024-25366 · Unknown · Profaceoff Ssu

Name of the Vulnerable Software and Affected Versions: ProFaceOff SSU versions 1.5.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in ProFaceOff SSU. Recommendations: For ProFaceOff SSU versions 1.5.0 and earlier, at the moment, there is no information abo...

7.5CVSS6.5AI score0.00566EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.40 views

PT-2026-50029

🚨 CVE-2026-46925 Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segmen...

8.3CVSS5.9AI score0.00265EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.40 views

PT-2026-48511

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description An issue exists in the Kubernetes-native serverless framework where a tenant with environments.fission.io create/update RBAC permissions can deploy containers with privileged access,...

9.9CVSS5.8AI score0.0029EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.40 views

PT-2026-42966

A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...

6.3CVSS5.1AI score0.00268EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.40 views

PT-2025-40514

Name of the Vulnerable Software and Affected Versions Zabbix Agent versions 6.0.0 through 6.0.40 Zabbix Agent versions 7.0.0 through 7.0.17 Zabbix Agent versions 7.2.0 through 7.2.11 Zabbix Agent versions 7.4.0 through 7.4.1 Zabbix Agent 2 versions 6.0.0 through 7.4.1 Description The Zabbix Agent...

7.3CVSS6.1AI score0.00325EPSS
Exploits2References15
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.40 views

PT-2024-33043 · Mipjz · Mipjz

Name of the Vulnerable Software and Affected Versions: mipjz version 5.0.5 Description: A Server-side request forgery SSRF vulnerability exists due to the improper handling of the postAddress parameter in the mipPost method of the ApiAdminTool.php file. This allows an attacker to read server file...

4.9CVSS7.2AI score0.00489EPSS
Exploits1References3
Total number of security vulnerabilities5000