Lucene search
K
PtsecurityMost viewed

184379 matches found

Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.24 views

PT-2026-45093

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs sbi xact add in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...

5.3CVSS5.4AI score0.00391EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.24 views

PT-2026-45091

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle scp info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been...

5.3CVSS5.4AI score0.00276EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.24 views

PT-2026-44953

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 Description Remote code execution is possible through the Perforce connection settings. Recommendations Update to version 2026.1...

8.8CVSS6.2AI score0.00411EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.24 views

PT-2026-44908

Name of the Vulnerable Software and Affected Versions Froxlor versions 2.3.6 and earlier Description DNS record content is concatenated directly into bind9 zone files in the DnsEntry.php file, which allows for zone file injection. The issue stems from incomplete validation of LOC, RP, SSHFP, and...

8.6CVSS6AI score0.00269EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.24 views

PT-2026-44754

The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the showmodule shortcode in versions up to, and including, 1.2 This is due to insufficient input sanitization and output escaping in the showmodule shortcode function, which...

6.4CVSS6AI score0.00197EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44228

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the mpt3sas SCSI driver where the HBA firmware reports NVMe MDTS Maximum Data Transfer Size values based ...

9.8CVSS6.2AI score0.03663EPSS
Exploits17References279
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44265

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libwx network component where a Virtual Function VF attempts to access the WX CFG PORT ST register. Because this is a Physical Function PF restricted register, the...

9.8CVSS5.8AI score0.03663EPSS
Exploits17References282
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44331

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the batman-adv module, TP meter sessions remain linked on bat priv-tp list after a netlink request finishes. When the mesh interface is removed, the batadv mesh free function tears do...

9.8CVSS6AI score0.00501EPSS
Exploits3References294
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44317

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the f2fs file system between the destruction of extent nodes and the writeback process. The function f2fs destroy extent node fails to set the FI NO EXTENT fla...

9.8CVSS5.9AI score0.00514EPSS
Exploits10References288
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44291

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the Multipath TCP mptcp implementation where the use of lock sock fast an atomic context around the sock...

9.8CVSS5.9AI score0.03663EPSS
Exploits17References283
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-46076

Уязвимость программного обеспечения Blitz Identity Provider связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить межсайтовые сценарные атаки XSS...

4CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44397

Name of the Vulnerable Software and Affected Versions PyJWT versions 2.8.0 through 2.12.1 Description When verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, the software performs Base64URL decoding of the compact-serialization payload segment before enforcin...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References237
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44296

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists where an exiting task that experiences an oops a kernel panic that does not require a full system reboot can be preempted during the execution of do task dead. This occur...

7.8CVSS6.1AI score0.00126EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.24 views

PT-2026-43951

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the RDMA mana ib component where the mana ib destroy qp rss function destroys RX WQ objects without disabling vPort RX steering in the firmware. This results in stale...

7.8CVSS5.8AI score0.00129EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.24 views

PT-2026-43962

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access issue exists in the check xattrs function of the ext4 file system. The bounds check for the next extended attribute xattr entry uses a comparison that allows the...

7.1CVSS5.9AI score0.00125EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.24 views

PT-2026-44155

TL;DR This vulnerability affects all Kirby sites that allow the use of the link: … KirbyTag, the link: parameter of the image: … KirbyTag, the built-in image block with a link or the HTML importer for blocks, when content is authored by users who may not be fully trusted. The attack requires an...

8.4CVSS5.9AI score0.00062EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.24 views

PT-2026-43292

Name of the Vulnerable Software and Affected Versions com finder affected versions not specified Description Improperly built filter clauses lead to a SQL injection in the search query. SQL injection is a type of vulnerability that allows an attacker to interfere with the queries that an...

9.8CVSS5.9AI score0.0031EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.24 views

PT-2026-43211

Name of the Vulnerable Software and Affected Versions Xibo CMS versions prior to 4.4.2 Description A vulnerability chain involving Stored Cross-Site Scripting XSS and Iframe Sandbox escape exists in the Xibo CMS. Users with DataSet permissions can utilize the Data Connector functionality to craft...

7.6CVSS5.5AI score0.0011EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.24 views

PT-2026-43425

Name of the Vulnerable Software and Affected Versions Vanetza versions 26.02 and earlier Description A denial-of-service issue exists in the cryptographic verification pipeline. When processing incoming V2X messages, the ASN.1 decoder accepts structures as syntactically valid even if semantic...

7.5CVSS5.8AI score0.00202EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.24 views

PT-2026-43070

Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0 through 4.0.0 Description The WebSocket client in src/hackney ws.erl lacks upper bounds on memory consumption across three code paths, allowing for flooding. First, the read handshake response/3 function accumulates...

8.7CVSS6AI score0.00825EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.24 views

PT-2026-42819

Name of the Vulnerable Software and Affected Versions Arm ArmNN versions prior to 2026-03-28 Description An integer overflow exists in the TensorShape::GetNumElements function within armnn/Tensor.cpp. This occurs when tensor dimensions are multiplied using 32-bit unsigned arithmetic without...

6.2CVSS6AI score0.00132EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.24 views

PT-2026-42460

Name of the Vulnerable Software and Affected Versions Divi Form Builder versions prior to 5.1.3 Description The Divi Form Builder plugin for WordPress allows unauthenticated attackers to create administrator accounts. This occurs because the plugin accepts a user-controlled role parameter from PO...

9.8CVSS5.8AI score0.00487EPSS
Exploits4References5
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.24 views

PT-2026-42454

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the udlfb component of the fbdev subsystem. The dlfb ops mmap function uses remap pfn range to map vmalloc framebuffer pages to userspace without setting...

7.3CVSS5.9AI score0.00113EPSS
Exploits0References26
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.24 views

PT-2026-42073

Name of the Vulnerable Software and Affected Versions Read More & Accordion versions prior to 3.5.8 Description The plugin is subject to privilege escalation because the RadMoreAjax::importData function fails to restrict which database tables can be written to during import and does not properly...

8.8CVSS5.8AI score0.00357EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.24 views

PT-2026-42378

free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/subId crashes the BSF process via concurrent map read/write on Subscriptions in github.com/free5gc/bsf...

5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.24 views

PT-2026-42220

Name of the Vulnerable Software and Affected Versions CryptPad versions prior to 2026.2.0 Description The HTML sanitizer in Diffmarked.js contains a flaw where it fails to properly filter attributes on restricted tags. While the sanitizer validates the src attribute for , , and elements, it does...

6.1CVSS5.9AI score0.00242EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.24 views

PT-2026-42127

Name of the Vulnerable Software and Affected Versions Unbound versions 1.16.2 through 1.25.0 Description An issue exists within the ghost domain names family of attacks that allows an adversary who controls a ghost zone and can query the system to extend the ghost domain window by up to one cache...

8.7CVSS5.7AI score0.00842EPSS
Exploits0References56
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.24 views

PT-2026-41862

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.24 views

PT-2026-41824

Name of the Vulnerable Software and Affected Versions Samsung Open Source Walrus version f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9 Description A NULL pointer dereference occurs when the software processes a crafted WebAssembly module containing deeply nested instructions, which allows an attacker ...

7.5CVSS5.4AI score0.00193EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.24 views

PT-2026-41723

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A missing authorization issue allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. By using malicious page or...

5.4CVSS5.9AI score0.00227EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.24 views

PT-2026-41516

A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs sbi nf instance set id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfInstanceId can lead to denial of service. The attack may be performed from remote. The exploit has...

5.3CVSS5.4AI score0.0038EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.24 views

PT-2026-41181

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.9 Description When a non-administrative user logs into the application, a web request to the '/api/models?' endpoint is initiated. The response from this request reveals the system prompts of available models...

6.5CVSS5.8AI score0.00281EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.24 views

PT-2026-41173

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description A Server-Side Request Forgery SSRF issue exists in the process picture url function within backend/open webui/utils/oauth.py. The function fetches URLs from OAuth picture claims without using the...

7.7CVSS5.8AI score0.00381EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.24 views

PT-2026-41130

Name of the Vulnerable Software and Affected Versions Hedera Guardian versions prior to 3.5.2 Description An authentication bypass exists in the 'GET /api/v1/demo/registered-users' endpoint. This allows unauthenticated attackers to retrieve sensitive user information, including usernames, Hedera...

6.9CVSS5.8AI score0.00356EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.24 views

PT-2026-41166

Name of the Vulnerable Software and Affected Versions CodeWhale versions 0.3.0 through 0.8.22 Description The run tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, allowing it to run without user approval. Because cargo test compiles and executes arbitrary...

9.6CVSS6AI score0.00375EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.24 views

PT-2026-41123

Name of the Vulnerable Software and Affected Versions python-utcp versions prior to 1.1.3 Description The substitute utcp args method in cli communication protocol.py inserts user-controlled tool args values directly into shell command strings without sanitization or escaping. These commands are...

10CVSS6.4AI score0.00272EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.24 views

PT-2026-40787

Three CVEs CVE-2026-29774, CVE-2026-30015, CVE-2026-30221 exploited the fact that the protocol did not, in version 1.2, canonicalize tool names. Multiple servers in the same session could expose tools named, respectively: readfile the legitimate filesystem server…...

8.2CVSS5.8AI score0.00323EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.24 views

PT-2026-40639

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description An authenticated iControl SOAP user can obtain information regarding other accounts through a privilege assignment issue...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.24 views

PT-2026-40835

Name of the Vulnerable Software and Affected Versions Strapi versions prior to 5.33.3 Description Changing or resetting a user's password does not invalidate existing refresh-token sessions by default. In the users-permissions and admin authentication controllers, the invalidation process depends...

2.1CVSS5.8AI score0.00272EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.24 views

PT-2026-39929

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...

4.3CVSS5.8AI score0.0029EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.24 views

PT-2026-39921

Name of the Vulnerable Software and Affected Versions SAP S/4HANA SAP Enterprise Search for ABAP affected versions not specified Description An authenticated attacker can inject malicious SQL statements through user-controlled input. The application directly concatenates this input into SQL queri...

9.6CVSS5.9AI score0.00466EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.24 views

PT-2026-40078

Improper input validation for some Intel Endpoint Management Assistant EMA software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation...

8.7CVSS5.7AI score0.00188EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.24 views

PT-2026-40431

PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...

5.5CVSS5.8AI score0.00268EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.24 views

PT-2026-39884

Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where the $g show user realname variable is set to ON, leading to Cross-site scripting XSS...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.24 views

PT-2026-39891

Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description A missing authorization check in the file visibility function allows any authenticated user with REPORTER level access or higher to download attachments from private bugnotes they are not...

7.2CVSS5.8AI score0.0026EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.24 views

PT-2026-39568

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smf nsmf handle create sm context of the component SMF. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The project...

5.3CVSS5.4AI score0.00471EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.24 views

PT-2026-39634

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its make parquet list.py data processing tool. The script loads PyTorch .pt files utterance embeddings, speaker embeddings, speech tokens using torch.load withou...

6.1AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.24 views

PT-2026-39716

Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...

8.9CVSS5.9AI score0.00596EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.24 views

PT-2026-39546

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase save. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.24 views

PT-2026-39501

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file...

6.4CVSS5.8AI score0.00239EPSS
Exploits0References5
Total number of security vulnerabilities5000