Lucene search
K
PtsecurityMost viewed

184419 matches found

Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.23 views

PT-2026-47285

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS5.4AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.23 views

PT-2026-47472

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in ViewTransitions, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free i...

9.6CVSS6.7AI score0.01654EPSS
Exploits4References85
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.23 views

PT-2026-47320

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A heap-based buffer overflow occurs when processing untrusted content using the mod xml2enc module and the xml2StartParse function. A heap-based buffer overflow is a memory corruptio...

7.5CVSS6.1AI score0.0071EPSS
Exploits0References154
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.23 views

PT-2026-47446

Name of the Vulnerable Software and Affected Versions Nginx Proxy Manager versions 2.9.14 through 2.15.1 Description An authenticated remote code execution issue exists via OS command injection in the setupCertbotPlugins function located in backend/setup.js. Attackers with certificates:manage...

7.7CVSS6.6AI score0.00921EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.23 views

PT-2026-47364

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.12-1.1 Description A flaw exists in the generic power domain genpd core where the detach procedure for virtual devices is incomplete. When a device is attached via genpd dev pm attach by id, the system calls ...

9.8CVSS5.3AI score0.00457EPSS
Exploits0References80
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.23 views

PT-2026-47169

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS5.1AI score0.01582EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.23 views

PT-2026-47137

Name of the Vulnerable Software and Affected Versions Smart Slider 3 versions prior to 3.5.1.37 Description The Smart Slider 3 plugin for WordPress contains a Directory Traversal flaw within the replaceHTMLImage function. This allows authenticated attackers with administrator-level access or high...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.23 views

PT-2026-47155

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 3.0 Description Cursor runs agent terminal commands in a sandbox by default. Before performing a write operation, the agent canonicalizes the target path to ensure it remains within the workspace. However, if...

9.8CVSS6.3AI score0.00638EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.23 views

PT-2026-47138

Name of the Vulnerable Software and Affected Versions Ad Inserter – Ad Manager & AdSense Ads versions prior to 2.8.16 Description The plugin is subject to Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper validation, allowing...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.23 views

PT-2026-46997

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The shared-view password check used strict-equality === comparison for legacy plaintext passwords. This creates a timing oracle, allowing a network-positioned attacker to leak the password length...

6.9CVSS5.9AI score0.00253EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.23 views

PT-2026-46963

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliative lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptid key parameter lines 26, 42 in...

5.6AI score0.00199EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.23 views

PT-2026-46953

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description A path traversal issue exists in the web server context, allowing unauthenticated attackers to read arbitrary files. By manipulating file path parameters, an attacker can access sensitive files...

8.7CVSS5.6AI score0.0064EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.23 views

PT-2026-46175

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The '/v1/Plan' service relies on a shared global API token for full administrative management. This allows for the arbitrary creation of zero-cost network access...

9.8CVSS5.6AI score0.00167EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.23 views

PT-2026-46182

Name of the Vulnerable Software and Affected Versions Forcepoint VPN Client versions prior to 6.11.4 Description A local privilege escalation issue in Forcepoint VPN Client for Windows allows a non-administrative user to gain SYSTEM privileges...

8.5CVSS5.9AI score0.00104EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.23 views

PT-2026-46256

bacnet stack 1.3.1 contains an Out-of-bounds Read in bacnet tag number decode which allows attackers to cause a denial of service...

5.8AI score0.00278EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.23 views

PT-2026-46372

Unauthenticated Local File Inclusion in Spike = 1.2 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.23 views

PT-2026-46307

Am I affected? You are affected if all of the following are true: - You use better-auth at a version = 1.6.0, 1.6.11. - The deviceAuthorization plugin is enabled in your auth config deviceAuthorization in your plugins array. - A third party can observe a pending user code before the legitimate us...

7.6CVSS6AI score0.00017EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.23 views

PT-2026-45919

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The ugw-logstop method contains a flaw where insufficient validation of user-controlled input allows a remote attacker with user privileges to delete arbitrary...

8.1CVSS6.1AI score0.0037EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45678

A weakness has been identified in elunez eladmin up to 2.7. This vulnerability affects unknown code of the file App.java of the component Application Deployment Module. This manipulation of the argument uploadPath causes command injection. Remote exploitation of the attack is possible. The exploi...

6.5CVSS6.3AI score0.01067EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45761

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 15.2.x through 15.2.8440 Progress Sitefinity versions 15.3.x through 15.3.8530 Progress Sitefinity versions 15.4.x through 15.4.8629 Description An authorization bypass exists in web services where a user-controlle...

8.8CVSS5.5AI score0.00348EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45825

Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE SCHEMA, Memo Rendering Component, and Public/Private Memo View pages...

5.8AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45751

A stack-based buffer overflow in the export language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/export language.cgi endpoint. The handler passes the...

6.5AI score0.00261EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45683

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm state security mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an...

3.1CVSS5AI score0.00224EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45781

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS5.7AI score0.00236EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-46686

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An uninitialized use in Skia allows a remote attacker to leak cross-origin data by using a crafted HTML page. Recommendations Update to version 149.0.7827.53 or later...

9.6CVSS5.8AI score0.00985EPSS
Exploits0References434
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45693

Name of the Vulnerable Software and Affected Versions Kirki versions 6.0.0 through 6.0.6 Description The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress contains a flaw allowing unauthenticated privilege escalation and account takeover. The issue occurs because th...

9.8CVSS5.5AI score0.0126EPSS
Exploits5References41
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45861

Name of the Vulnerable Software and Affected Versions Dräger Protector Software versions prior to 6.4.2 Description Insecure file system permissions allow local attackers to execute arbitrary code with elevated privileges. This is achieved by replacing binaries or loaded modules on the host syste...

8.3CVSS6.2AI score0.00107EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45469

Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be used to bypass the Nextcloud Files app PIN. This issue has been patched in version 33.1.0...

4.6CVSS5.7AI score0.00153EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45568

In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00068EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45277

A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read sequence infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs ...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45462

Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hydra Booking: from n/a through 1.1.41...

7.3CVSS5.8AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45354

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

8.5CVSS7.1AI score0.00097EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45377

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Description Incomplete authorization in the server allows authenticated connections to remove existing destinations when they possess the proper permissions...

4.3CVSS5.4AI score0.00335EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45378

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description The Event Log detail endpoint "GET /api/v2/eventLogs/event log id" fetches audit-log rows directly by numeric ID after performing only a generic Audit Log permission check. This differs from t...

4.3CVSS5.4AI score0.00352EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45406

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update ss img.php. The manipulation of the argument topic id results in sql injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS5.7AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45555

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description A reflected Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript code. Cross-Site Scripting is a flaw where...

8.2CVSS5.6AI score0.00289EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45533

Name of the Vulnerable Software and Affected Versions Nextcloud versions 0.7.0 through 0.7.6 Nextcloud versions 0.8.0 through 0.8.9 Nextcloud versions 0.9.0 through 0.9.7 Nextcloud versions 1.0.0 through 1.0.3 Description An authenticated attacker with access to the Tables app can execute arbitra...

8.2CVSS6AI score0.00318EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45247

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api holidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be...

5.3CVSS5.3AI score0.00259EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45269

A vulnerability was detected in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file login check.php of the component Login. Performing a manipulation of the argument Username results in sql injection...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45579

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A persistent denial of service issue exists in the updateState function of GraphicsDriverEnableAngleAsSystemDriverController.java. This flaw allows for a local...

5.5CVSS5.6AI score0.00071EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45659

Name of the Vulnerable Software and Affected Versions Strongbox affected versions not specified Description A buffer overflow leads to memory corruption when using Strongbox. A buffer overflow occurs when a program writes more data to a block of memory, or buffer, than it is allocated to hold,...

8.8CVSS6AI score0.00074EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45566

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00072EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45473

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS5.7AI score0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45500

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm executor.ts of the component switch pane/write to specific pane. The manipulation of the argument request.params.arguments.pane id leads to os command injection...

6.5CVSS5.6AI score0.01088EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45589

Name of the Vulnerable Software and Affected Versions ubsan throwing runtime.cpp affected versions not specified Description An integer overflow in multiple functions of ubsan throwing runtime.cpp can lead to a persistent local denial of service. This issue can be exploited without requiring...

5.5CVSS6AI score0.00071EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45616

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions v76.12.0 through v78.12.0 CF Deployment versions v30.0.0 through v56.0.0 Description Private key exposure occurs when the server inadvertently reveals Elliptic Curve EC private keys through the public '/token keys'...

10CVSS5.8AI score0.00346EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45592

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.23 views

PT-2026-45221

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated remotely...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.23 views

PT-2026-45209

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An out-of-bounds read can occur in the iavb parse key data function within avb rsa.c due to improper input validation. This issue allows for local information...

3.3CVSS5.5AI score0.00069EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.23 views

PT-2026-45136

Name of the Vulnerable Software and Affected Versions Totolink N300RH version 6.1c.1353 B20190305 Description A stack-based buffer overflow exists in the Web Management Interface component within the wireless.so file. The issue occurs in the setWiFiBasicConfig function when the KeyStr argument is...

10CVSS9.2AI score0.01425EPSS
Exploits1References20
Total number of security vulnerabilities5000