Lucene search
K
PtsecurityMost viewed

184419 matches found

Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.24 views

PT-2026-23554

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description The software uses SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations. SHA-1 is a deprecated cryptographic hash function with known collision weaknesses. A...

8.7CVSS5.7AI score0.00179EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.24 views

PT-2026-3696

Name of the Vulnerable Software and Affected Versions Oracle JD Edwards versions 9.2.0.0 through 9.2.26.0 Description A flaw exists within the Web Runtime SEC component of Oracle JD Edwards EnterpriseOne Tools that allows an unauthenticated attacker with network access via HTTP to compromise the...

6.1CVSS7.3AI score0.002EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.24 views

PT-2026-3747

Name of the Vulnerable Software and Affected Versions Drupal Microsoft Entra ID SSO Login versions prior to 1.0.4 Description The Microsoft Entra ID SSO Login module for Drupal does not properly validate responses received from the Microsoft Entra ID service. This insufficient validation can lead...

6.5CVSS5.3AI score0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.24 views

PT-2026-2387

Name of the Vulnerable Software and Affected Versions Bitrix24 affected versions not specified Description A logged-in attacker can execute arbitrary system commands through the PHP command line admin interface, leading to remote code execution. The attacker leverages this by sending crafted POST...

8.8CVSS8.3AI score0.00162EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.24 views

PT-2026-1876

Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2 Description The software contains multiple Hibernate Query Language injection flaws. A user with limited privileges can exploit these to obtain passwords of other users and access sensitive data...

5.4CVSS6.9AI score0.00195EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.24 views

PT-2026-2178

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. Prior to version 4.2, a flaw exists in the theme import functionality that allows an attacker with...

8.6CVSS8AI score0.03076EPSS
Exploits3References12
Positive Technologies
Positive Technologies
added 2025/10/25 12:0 a.m.24 views

PT-2025-43724

Name of the Vulnerable Software and Affected Versions Fast Velocity Minify versions prior to 3.5.1 Description The Fast Velocity Minify plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticate...

4.4CVSS5.3AI score0.00221EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.24 views

PT-2025-41822

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.5.0 Description WeGIA is a Web Manager for Institutions focused on Portuguese language users. A flaw exists that allows redirection to arbitrary external domains via the nextPage parameter in the ''control.php''...

4.8CVSS6.6AI score0.00208EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/10/11 12:0 a.m.24 views

PT-2025-41638

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A security issue exists in CodeAstro Gym Management System 1.0. The issue involves the manipulation of the ID argument in the file /admin/actions/delete-member.php, leading to a SQL...

6.5CVSS6.2AI score0.00311EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.24 views

PT-2025-40844

Name of the Vulnerable Software and Affected Versions Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 version 1.0 Description A security issue exists in the Tipray Data Leakage Prevention System. The findRolePage function within the findSingConfigPage.do file is susceptible to SQL...

7.5CVSS7.6AI score0.00462EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/10/04 12:0 a.m.24 views

PT-2025-40690

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 Description The usbnet driver in the Linux kernel has an issue where it trusts the bulk endpoint addresses received during the probe routine without verifying their...

7.8CVSS6.4AI score0.08942EPSS
Exploits4References999
Positive Technologies
Positive Technologies
added 2025/09/27 12:0 a.m.24 views

PT-2025-39731

Name of the Vulnerable Software and Affected Versions westboy CicadasCMS version 1.0 Description A cross site scripting issue exists in an unknown functionality of the file /system/cms/category/save. The manipulation of the categoryName argument can lead to the execution of remote scripts. The...

4.8CVSS3.6AI score0.00272EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.24 views

PT-2025-38126

Name of the Vulnerable Software and Affected Versions N-Reporter affected versions not specified N-Cloud affected versions not specified N-Probe affected versions not specified Description The N-Reporter, N-Cloud, and N-Probe developed by N-Partner are susceptible to an OS Command Injection issue...

9.8CVSS7.3AI score0.02244EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.24 views

PT-2025-38180

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's i2c designware driver related to the handling of device interrupts. A regression was introduced by commit c7b79a752871, causing system crashes NULL...

8CVSS6.7AI score0.21314EPSS
Exploits4References859
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.24 views

PT-2025-37267

Name of the Vulnerable Software and Affected Versions: erjinzhi 10OA version 1.0 Description: A vulnerability exists in erjinzhi 10OA version 1.0. The issue involves cross site scripting caused by manipulation of the Name argument in an unknown function of the /trial/mvc/catalogue file. This...

5.3CVSS4.1AI score0.00332EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.24 views

PT-2025-34761

Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-47.48, 13.1-59.22, and 13.1-37.241-FIPS, and 12.1-55.330-FIPS Description Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that allows for remo...

9.8CVSS8AI score0.18973EPSS
Exploits2References234
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.24 views

PT-2025-33487 · Autodesk · Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can trigger an uninitialized variable issue. A malicious actor can leverage this to cause a crash, read...

7.8CVSS6.9AI score0.00168EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.24 views

PT-2025-29698 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache Apache HTTP Server affected versions not specified Description: The reported issue concerns an authentication bypass. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information about a new...

6.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/11 12:0 a.m.24 views

PT-2025-29208 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The reported issue has been rejected as not used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.24 views

PT-2025-28895 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 and 9.0 Description: An authenticated user may be able to obtain sensitive information that should only be accessible to privileged users. Recommendations: Apply appropriate access controls to restrict...

4.3CVSS5.7AI score0.00194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.24 views

PT-2025-25517 · Unknown · Wukongopensource Wukongcrm

Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 9.0 Description: A vulnerability was found in the processing of the file AdminRoleController.java, leading to cross-site request forgery. The attack may be initiated remotely. Recommendations: For version 9....

5.3CVSS4.3AI score0.00237EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.24 views

PT-2025-24464 · Unknown · Snstheme Nitan

Name of the Vulnerable Software and Affected Versions: snstheme Nitan versions n/a through 2.9 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This...

8.1CVSS8AI score0.00519EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.24 views

PT-2025-18559 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue has been identified in the Linux kernel, specifically in the ASoC core. The issue arises when snd soc util init fails, but its return value is ignored, leading t...

8.8CVSS7.3AI score0.0129EPSS
Exploits4References668
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.24 views

PT-2025-18655 · Totolink · Totolink Cpe Cp900

Name of the Vulnerable Software and Affected Versions: TOTOLINK CPE CP900 version 6.3c.1144 B20190715 Description: A command injection issue was found in the setApRebootScheCfg function through the hour or minute parameters. This allows attackers to execute arbitrary commands via a manipulated...

6.5CVSS7.9AI score0.00884EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/02/15 12:0 a.m.24 views

PT-2025-6546 · WordPress · Team Members Showcase Plugin

Name of the Vulnerable Software and Affected Versions: The Team – Team Members Showcase Plugin plugin for WordPress versions up to, and including, 4.4.9 Description: The issue is related to unauthorized access due to a missing capability check on the response function. This allows authenticated...

4.3CVSS9.2AI score0.00304EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.24 views

PT-2025-3350 · Technitium · Technitium Dns Server

Name of the Vulnerable Software and Affected Versions: Technitium DNS Server versions = 13.2.2 Description: The issue allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads. This can lead to a deni...

5.3CVSS7.4AI score0.00429EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/01/03 12:0 a.m.24 views

PT-2025-3123 · Codeastro · Codeastro Complaint Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Complaint Management System version 1.0 Description: The issue allows a remote attacker to escalate privileges via the delete e.php component. Recommendations: For CodeAstro Complaint Management System version 1.0, consider disablin...

9.8CVSS6.5AI score0.00598EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.24 views

PT-2025-3793 · Iobit · Iobit Protected Folder

Name of the Vulnerable Software and Affected Versions: IObit Protected Folder versions up to 13.6.0.5 Description: A vulnerability was found in the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to nu...

6.8CVSS6.8AI score0.00349EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2024/12/05 12:0 a.m.24 views

PT-2024-41036 · Stalker · Communigate Pro

Name of the Vulnerable Software and Affected Versions: CommuniGate Pro affected versions not specified Description: The issue is related to a buffer overflow on the stack in the CommuniGate Pro mail server. Exploitation of this issue may allow a remote attacker to execute arbitrary code...

10CVSS8.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.24 views

PT-2024-16347 · Kognetiks · Kognetiks Chatbot For Wordpress

Name of the Vulnerable Software and Affected Versions: Kognetiks Chatbot for WordPress plugin versions up to, and including, 2.1.7 Description: The Kognetiks Chatbot for WordPress plugin has a vulnerability that lets users change data without permission due to a missing capability check on the ad...

4.3CVSS9.3AI score0.00438EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/10/19 12:0 a.m.24 views

PT-2024-43: Remote code execution (RCE) in MediaCMS

The vulnerability was identified in MediaCMS, versions 4.1.0. Discovered vulnerability allows an attacker to execute OS commands on a vulnerable host, gain control over resources, and penetrate the internal network. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...

9.9CVSS7.1AI score0.00679EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.24 views

PT-2024-7334 · Google · Google Cloud Migrate To Containers

Name of the Vulnerable Software and Affected Versions: Google Cloud Migrate to Containers versions 1.1.0 through 1.2.2 Description: The issue is related to an insecure default user permission in Google Cloud Migrate to containers. A local user m2cuser is created with administrator privileges,...

7.8CVSS7.1AI score0.00073EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.24 views

PT-2024-32821 · Jenkins · Credentials Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Plugin versions 1380.va 435002fa 924 and earlier, except version 1371.1373.v4eb fa b 7161e9 Description: The issue concerns the Jenkins Credentials Plugin, which does not redact encrypted values of credentials using the...

7.5CVSS7AI score0.00591EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/09/23 12:0 a.m.24 views

PT-2024-31673 · Zimbra · Zimbra Collaboration +2

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions prior to 10.1.1 Description: A Cross-Site Scripting XSS issue exists due to insufficient sanitization of the packages parameter in one of the endpoints of Zimbra Webmail. This allows attackers to bypass...

5.4CVSS6.1AI score0.00645EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.24 views

PT-2024-38700 · Unknown · Itsourcecode Project Expense Monitoring System

Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical issue affects some unknown functionality of the file print.php. The manipulation of the map id argument leads to SQL injection. This issue can be exploited...

9.8CVSS8.2AI score0.00484EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.24 views

PT-2024-21813 · Zohocorp · Manageengine Ddi Central

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine DDI Central versions 4001 and prior Description: The issue allows a user to upload new files to the server folder due to a directory traversal vulnerability. Recommendations: For versions 4001 and prior, consider...

8.8CVSS6.9AI score0.01459EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.24 views

PT-2024-25830 · Hamid Alinia · Idehweb Login With Phone Number

Name of the Vulnerable Software and Affected Versions: Hamid Alinia – idehweb Login with phone number versions 1.7.18 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Login with phone number feature. This vulnerability allows unauthorized access,...

4.3CVSS6.4AI score0.00396EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.24 views

PT-2024-13409 · Itop +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 3.1.1 iTop versions prior to 3.2.0 Description: The issue allows an XSS attack to be performed when an object is displayed as an n:n relation item in another object, by filling malicious code in an object friendlyname o...

9.8CVSS7AI score0.25573EPSS
Exploits11References68
Positive Technologies
Positive Technologies
added 2024/01/10 12:0 a.m.24 views

PT-2024-13804 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo dev master commit 15fed957fb Description: A login attempt restriction bypass issue exists in the checkLoginAttempts functionality. This can be triggered by a specially crafted HTTP request, leading to captcha bypass. An attacker c...

7.3CVSS6.6AI score0.00668EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.24 views

PT-2023-31088 · Captainform · Forms By Captainform

Name of the Vulnerable Software and Affected Versions: Forms by CaptainForm – Form Builder for WordPress versions through 2.5.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enable...

7.1CVSS6.6AI score0.00403EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/09/20 12:0 a.m.24 views

PT-2023-17473 · Amd · Amd Epyc™ Embedded 7003 +77

Name of the Vulnerable Software and Affected Versions: Insufficient information is provided to determine the specific software and versions affected. Description: The issue involves improper initialization of variables in the DXE driver, which may allow a privileged user to leak sensitive...

5.5CVSS5.1AI score0.00171EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/09/06 12:0 a.m.24 views

PT-2023-26883 · Quic +6 · Quic +6

Name of the Vulnerable Software and Affected Versions: QUIC affected versions not specified Description: The issue allows a malicious QUIC connection to cause unbounded memory growth due to the lack of an upper bound on the amount of data buffered when reading post-handshake messages. With the fi...

9.8CVSS7.6AI score0.99999EPSS
Exploits28References302
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.24 views

PT-2023-29736 · Zkteco · Zkteco Zem800

Name of the Vulnerable Software and Affected Versions: ZKTeco ZEM800 version 6.60 Description: An IDOR vulnerability has been found in the ZKTeco ZEM800 product. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or...

8.3CVSS6.7AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.24 views

PT-2023-23081 · Foundry · The Foundry Magritte Plugin Rest-Source

Name of the Vulnerable Software and Affected Versions: The Foundry Magritte plugin rest-source affected versions not specified Description: The issue is related to an XML external Entity attack XXE in the rest-source plugin. This type of attack allows an attacker to access local or remote content...

6.5CVSS6.2AI score0.00375EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.24 views

PT-2023-4318 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free vulnerability in the Linux kernel's netfilter: nf tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule,...

10CVSS6.8AI score0.71737EPSS
Exploits66References489
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.24 views

PT-2023-16821 · WordPress · Http Headers

Name of the Vulnerable Software and Affected Versions: HTTP Headers WordPress plugin versions prior to 1.18.11 Description: The issue allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution. Recommendations: For versions prior to 1.18.11, update to version 1.18....

7.2CVSS7.7AI score0.01716EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2023/03/15 12:0 a.m.24 views

PT-2023-20010 · Gfi · Gfi Kerioconnect

Name of the Vulnerable Software and Affected Versions: GFI Kerio Connect versions 9.4.1 patch 1 through 9.4.1 patch 1 Description: An issue was discovered in the webmail component's 2FASetup function, which is vulnerable to a stack-based Buffer Overflow. This occurs via an authenticated request...

8.8CVSS8.4AI score0.01047EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/02/27 12:0 a.m.24 views

PT-2023-10767 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about a specific vulnerability. It appears to be a rejection notice for a candidate number,...

6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/21 12:0 a.m.24 views

PT-2023-15661 · Mongodb · Mongodb .Net/C# Driver

Name of the Vulnerable Software and Affected Versions: MongoDB .NET/C Driver versions prior to and including v2.18.0 Description: Under very specific circumstances, a privileged user is able to cause arbitrary code to be executed, which may cause further disruption to services. This issue is...

7.2CVSS6.8AI score0.01049EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2022/09/20 12:0 a.m.24 views

PT-2022-24122 · Aruba · Aruba Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: Aruba ClearPass Policy Manager versions 6.10.x through 6.10.6 Aruba ClearPass Policy Manager versions 6.9.x through 6.9.11 Description: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated...

7.2CVSS7.2AI score0.01342EPSS
Exploits0References3
Total number of security vulnerabilities5000