Lucene search
K
PtsecurityMost viewed

184419 matches found

Positive Technologies
Positive Technologies
•added 2022/09/16 12:0 a.m.•24 views

PT-2022-33591 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue is related to the removal of AES hwcap for COMPAT tasks on arm64. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior to v5.19.2...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
•added 2022/05/02 12:0 a.m.•24 views

PT-2022-11526 · Suse · Suse Rancher

Name of the Vulnerable Software and Affected Versions: SUSE Rancher versions prior to 2.5.13 SUSE Rancher versions prior to 2.6.4 Description: A vulnerability in SUSE Rancher allows write access to the Catalog for any user when the restricted-admin role is enabled. This issue affects customers...

8.1CVSS5.3AI score0.00566EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2022/04/05 12:0 a.m.•24 views

PT-2022-6506 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw in the Linux kernel's X86 CPU Power management options functionality was found, related to the speculative execution behavior kind of attacks. This issue arises when a user...

9.8CVSS6.2AI score0.93838EPSS
Exploits61References1475
Positive Technologies
Positive Technologies
•added 2022/03/22 12:0 a.m.•24 views

PT-2022-4818 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference flaw in the diFree function in fs/jfs/inode.c in the Journaled File System JFS of the Linux kernel could allow a local attacker to crash the system or leak...

9.8CVSS7.2AI score0.67994EPSS
Exploits212References1485
Positive Technologies
Positive Technologies
•added 2022/02/24 12:0 a.m.•24 views

PT-2022-2366 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.12 Description: The issue is related to the Linux kernel's USB gadget driver, specifically in the udc-xilinx.c file. It involves an array index that is not properly validated, potentially allowing a remote...

10CVSS7.5AI score0.67994EPSS
Exploits197References1110
Positive Technologies
Positive Technologies
•added 2022/02/09 12:0 a.m.•24 views

PT-2022-7628 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the btrfs filesystem in the Linux kernel. When using the flushoncommit mount option, a warning is triggered during almost every transaction commit due t...

8.8CVSS6.6AI score0.0193EPSS
Exploits16References1649
Positive Technologies
Positive Technologies
•added 2021/12/29 12:0 a.m.•24 views

PT-2021-7030 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17-rc1 Description: The issue is related to a NULL pointer dereference flaw in the Linux kernel's BPF subsystem, specifically in the way a user triggers the map get next key function of the BPF bloom filter...

9.8CVSS7.2AI score0.67994EPSS
Exploits194References851
Positive Technologies
Positive Technologies
•added 2021/12/13 12:0 a.m.•24 views

PT-2021-8215 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.0-rc4-syzkaller Description: The vulnerability is related to the MPTCP component in the Linux kernel, which can cause a NULL pointer dereference when deleting an endpoint. This can lead to a general...

9.1CVSS6.5AI score0.03681EPSS
Exploits9References1718
Positive Technologies
Positive Technologies
•added 2021/10/14 12:0 a.m.•24 views

PT-2021-7118 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15-rc1 Description: The issue is related to the io-workqueue implementation in the Linux kernel, which lacks protection of internal data. This can be exploited to cause a denial of service. A local user with...

9.8CVSS7.5AI score0.89063EPSS
Exploits317References1061
Positive Technologies
Positive Technologies
•added 2020/06/29 12:0 a.m.•24 views

PT-2020-6721 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the Linux kernel, specifically in the ext4 filesystem, where a corrupted extent tree can cause a denial of service problem. This issue is related to an integer...

9.8CVSS7.1AI score0.78684EPSS
Exploits200References1696
Positive Technologies
Positive Technologies
•added 2020/06/19 12:0 a.m.•24 views

PT-2020-8419

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 4.3.0 Mattermost Server version 4.2.1 Mattermost Server version 4.1.2 Description: The issue allows attackers to cause a denial of service, resulting in channel invisibility, via a misformatted post...

9.9CVSS5.5AI score0.27661EPSS
Exploits45References117
Positive Technologies
Positive Technologies
•added 2009/01/27 12:0 a.m.•24 views

PT-2009-2954 · Tftputil · Tftputil Gui

Name of the Vulnerable Software and Affected Versions: TFTPUtil GUI versions 1.2.0 through 1.3.0 Description: A directory traversal issue allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request, such as "/../" or "/../../"...

5CVSS6.5AI score0.02675EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/07/03 12:0 a.m.•23 views

PT-2026-55630

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper authorization allows an unauthorized attacker to execute code over a network. Recommendations At the moment, there is no information about a newer version that...

8.3CVSS6.1AI score0.00405EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/07/02 12:0 a.m.•23 views

PT-2026-55265

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS5.9AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/02 12:0 a.m.•23 views

PT-2026-55034

Name of the Vulnerable Software and Affected Versions Booked versions prior to 3.0.1 Description Broken access control allows users with subscriber privileges to perform unauthorized actions. Recommendations Update to a version newer than 3.0.0...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•23 views

PT-2026-54096

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description An out of bounds read exists in ANGLE, a compatibility layer that allows developers to use WebGL across different graphics APIs. A remote attacker who has already compromised the...

9.6CVSS6AI score0.00413EPSS
Exploits0References441
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•23 views

PT-2026-52494

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.5 Description LibreChat is an enhanced ChatGPT clone supporting multiple AI providers. The MCP OAuth implementation fails to validate that the resource parameter from OAuth Protected Resource metadata RFC 9728...

9.3CVSS5.8AI score0.00113EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•23 views

PT-2026-52431

Name of the Vulnerable Software and Affected Versions Post Snippets versions prior to 4.0.20 Description Remote attackers with contributor-level permissions can execute arbitrary code on the server. Recommendations Update Post Snippets to version 4.0.20 or later...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•23 views

PT-2026-52412

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•23 views

PT-2026-52517

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The tarball extraction worker in the pnpm package manager fails to perform integrity verification when the integrity field is missing from the lockfile resolution. This...

6.8CVSS5.8AI score0.00126EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/23 12:0 a.m.•23 views

PT-2026-51517

OpenRemote Manager before 1.24.2 contains an insecure direct object reference vulnerability in the removeAlarms method that allows authenticated users to delete alarms from other tenants by supplying arbitrary alarm IDs. The bulk deletion endpoint fails to validate that targeted alarm IDs belong ...

8.3CVSS6AI score0.00258EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•23 views

PT-2026-51393

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The parameterless MessagePackInputFormatter constructor uses default serializer options that resolve to MessagePackSerializerOptions.Standard wit...

9.1CVSS5.6AI score0.00236EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•23 views

PT-2026-51236

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.1 Description SiYuan fails to sanitize package metadata and README content within the Bazaar marketplace. This allows malicious authors to inject arbitrary HTML and JavaScript into the displayName, description, or...

9.6CVSS6.7AI score0.00391EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•23 views

PT-2026-51144

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The preview subdomain resolver uses ILIKE pattern matching instead of exact matching for app id lookup. This allows underscore characters within the app id to function as SQL wildcards. An attacker...

3.1CVSS5.9AI score0.00215EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•23 views

PT-2026-51133

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains a flaw where a missing authorization check on the frontmanage shortcode attribute allows authenticated attackers with contributor-level...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•23 views

PT-2026-51025

Name of the Vulnerable Software and Affected Versions Authelia versions 4.36.0 through 4.39.19 Description Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO. A lack of domain canonicalization in specific edge cases can...

2.3CVSS5.9AI score0.00283EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•23 views

PT-2026-50989

Name of the Vulnerable Software and Affected Versions Joomla! Component VMap version 1.9.6 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. This is achieved by sending GET requests to the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•23 views

PT-2026-50835

Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...

5CVSS5.9AI score0.00208EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•23 views

PT-2026-51122

Name of the Vulnerable Software and Affected Versions Symfony UX Icons affected versions not specified Description The ux icon Twig function is marked as safe for HTML, which prevents Twig from escaping its output. The Icon::toHtml function inlines SVG source code directly into the page. Because...

6.1CVSS5.5AI score0.00194EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•23 views

PT-2026-50849

Name of the Vulnerable Software and Affected Versions STRABL – A checkout solution plugin for WordPress versions prior to 4.6 Description The plugin contains a missing authentication flaw in the REST API webhook endpoint "/wp-json/strabl/webhook/order". The endpoint uses a permission callback set...

5.3CVSS5.9AI score0.00382EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•23 views

PT-2026-51040

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Improper access control exists in the SECURITY DEFINER PostgREST RPC function public.record build time. This function is granted to the anon role and can be called using only the public Supabase...

8.7CVSS6AI score0.00242EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•23 views

PT-2026-51029

Name of the Vulnerable Software and Affected Versions Quarkus versions prior to 3.37.0 Quarkus versions prior to 3.36.3 Quarkus versions prior to 3.33.3 Quarkus versions prior to 3.33.2.1 Quarkus versions prior to 3.27.5 Quarkus versions prior to 3.27.4.1 Quarkus versions prior to 3.20.6.2...

7.5CVSS5.9AI score0.00463EPSS
Exploits1References16
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•23 views

PT-2026-50888

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An untrusted pointer dereference exists in the sideband streaming API. This issue allows an attacker to trigger an arbitrary memory dereference, which could lead to remote code execution...

9.8CVSS6.3AI score0.00549EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•23 views

PT-2026-50869

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network...

8.8CVSS5.7AI score0.00282EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•23 views

PT-2026-50912

Name of the Vulnerable Software and Affected Versions AnyDesk version 2.5.0 Description An unquoted service path issue exists in the service installation, allowing local users to execute arbitrary code with SYSTEM privileges. This occurs when a service path contains spaces and is not enclosed in...

8.5CVSS6.2AI score0.00181EPSS
Exploits1References7
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•23 views

PT-2026-50658

Name of the Vulnerable Software and Affected Versions ibaPDA affected versions not specified ibaDatCoordinator affected versions not specified Description Remote, unauthenticated attackers can exploit a deserialization of untrusted data issue to achieve remote code execution, potentially gaining...

9.8CVSS6.4AI score0.00553EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•23 views

PT-2026-50770

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description An issue exists in the pusb is loginctl local function where a NULL dereference crash can occur when parsing loginctl output. The function utilizes popen to read results; if the Remote field contains...

5.5CVSS5.9AI score0.00113EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•23 views

PT-2026-50651

Name of the Vulnerable Software and Affected Versions Fancy Testimonials versions prior to 1.1 Description The Fancy Testimonials plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the author attribute o...

6.4CVSS6AI score0.00187EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•23 views

PT-2026-50802

Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description A missing authentication flaw in a critical function allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no information about ...

9.8CVSS5.9AI score0.00578EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/18 12:0 a.m.•23 views

PT-2026-50705

Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...

6.9CVSS5.9AI score0.003EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50404

Name of the Vulnerable Software and Affected Versions ShiftUp versions 1.3 and earlier Description An unauthenticated PHP Object Injection issue exists in the software. PHP Object Injection occurs when user-supplied input is passed to the unserialize function without proper validation, potentiall...

8.1CVSS5.7AI score0.00308EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50261

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6...

5.5CVSS5.2AI score0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50502

Name of the Vulnerable Software and Affected Versions Splunk AI Toolkit versions prior to 5.7.4 Description A user with the "admin" Splunk role can execute arbitrary OS commands on the host running the Splunk Enterprise instance. This is caused by an unsafe shell execution pattern in the btool...

9.1CVSS5.9AI score0.00469EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50217

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in Extensions allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A use after free...

9.6CVSS5.6AI score0.00601EPSS
Exploits0References42
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50208

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in the Passwords component allows a remote attacker to leak cross-origin data. This occurs when a user is convinced to perform specific UI gestures on a...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References40
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50231

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS5.5AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50533

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description When configured using GRPCRoutes, an authenticated remote attacker with permissions to create or modify GRPCRoute resources can cause the control plane to terminate. This occurs ...

7.1CVSS5.9AI score0.00292EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50363

Name of the Vulnerable Software and Affected Versions WP Media folder Addon versions prior to 4.0.2 Description An unauthenticated arbitrary file download issue exists in the software, allowing an attacker to download files without providing credentials. Recommendations Update to version 4.0.2 or...

7.5CVSS6AI score0.00467EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/17 12:0 a.m.•23 views

PT-2026-50610

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The JSON:API and REST modules allow image file uploads to image fields. The validation rules verify the file extension but fail to check the file MIME type Multipurpose Internet Mail...

4.8AI score0.0015EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•23 views

PT-2026-50021

Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11.4 Description An issue exists in the Filesystem component of Oracle Solaris. A low-privileged attacker with logon access to the infrastructure where the system executes can compromise the environment. Successful...

7.1CVSS5.9AI score0.0015EPSS
Exploits0References3
Total number of security vulnerabilities5000