Lucene search
K
PtsecurityMost viewed

184427 matches found

Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45462

Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hydra Booking: from n/a through 1.1.41...

7.3CVSS5.8AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45354

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

8.5CVSS7.1AI score0.00097EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45468

Name of the Vulnerable Software and Affected Versions CloudPirates Open Source Helm Charts versions prior to commit fcf9302 Description A GitHub Actions workflow named 'generate-schema.yaml' exposes sensitive credentials, specifically a Personal Access Token and an SSH signing key, to code...

10CVSS5.3AI score0.0026EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45377

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Description Incomplete authorization in the server allows authenticated connections to remove existing destinations when they possess the proper permissions...

4.3CVSS5.4AI score0.00335EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45378

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description The Event Log detail endpoint "GET /api/v2/eventLogs/event log id" fetches audit-log rows directly by numeric ID after performing only a generic Audit Log permission check. This differs from t...

4.3CVSS5.4AI score0.00352EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45406

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/update ss img.php. The manipulation of the argument topic id results in sql injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS5.7AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45555

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description A reflected Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript code. Cross-Site Scripting is a flaw where...

8.2CVSS5.6AI score0.00289EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45533

Name of the Vulnerable Software and Affected Versions Nextcloud versions 0.7.0 through 0.7.6 Nextcloud versions 0.8.0 through 0.8.9 Nextcloud versions 0.9.0 through 0.9.7 Nextcloud versions 1.0.0 through 1.0.3 Description An authenticated attacker with access to the Tables app can execute arbitra...

8.2CVSS6AI score0.00318EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45247

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api holidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be...

5.3CVSS5.3AI score0.00259EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45269

A vulnerability was detected in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file login check.php of the component Login. Performing a manipulation of the argument Username results in sql injection...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45579

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A persistent denial of service issue exists in the updateState function of GraphicsDriverEnableAngleAsSystemDriverController.java. This flaw allows for a local...

5.5CVSS5.6AI score0.00071EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45473

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS5.7AI score0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45500

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm executor.ts of the component switch pane/write to specific pane. The manipulation of the argument request.params.arguments.pane id leads to os command injection...

6.5CVSS5.6AI score0.01088EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45589

Name of the Vulnerable Software and Affected Versions ubsan throwing runtime.cpp affected versions not specified Description An integer overflow in multiple functions of ubsan throwing runtime.cpp can lead to a persistent local denial of service. This issue can be exploited without requiring...

5.5CVSS6AI score0.00071EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45616

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions v76.12.0 through v78.12.0 CF Deployment versions v30.0.0 through v56.0.0 Description Private key exposure occurs when the server inadvertently reveals Elliptic Curve EC private keys through the public '/token keys'...

10CVSS5.8AI score0.00346EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45592

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•23 views

PT-2026-45597

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description Obfuscation in multiple locations may result in a misleading user interface. This issue allows for local escalation of privilege without requiring additional execution privileges or...

7.8CVSS5.9AI score0.00073EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/31 12:0 a.m.•23 views

PT-2026-45221

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated remotely...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/31 12:0 a.m.•23 views

PT-2026-45209

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An out-of-bounds read can occur in the iavb parse key data function within avb rsa.c due to improper input validation. This issue allows for local information...

3.3CVSS5.5AI score0.00069EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/30 12:0 a.m.•23 views

PT-2026-45136

Name of the Vulnerable Software and Affected Versions Totolink N300RH version 6.1c.1353 B20190305 Description A stack-based buffer overflow exists in the Web Management Interface component within the wireless.so file. The issue occurs in the setWiFiBasicConfig function when the KeyStr argument is...

10CVSS9.2AI score0.01425EPSS
Exploits1References20
Positive Technologies
Positive Technologies
•added 2026/05/30 12:0 a.m.•23 views

PT-2026-45095

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.4 through 6.12.67 Description A race condition in the epoll subsystem leads to a use-after-free UAF scenario. The ep remove function via ep remove file clears file-f ep under file-f lock but continues to use the @file...

7.8CVSS6.9AI score0.00125EPSS
Exploits2References456
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•23 views

PT-2026-44994

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

8.8CVSS5.8AI score0.0044EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•23 views

PT-2026-44810

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 Description The Console WebUI contains an OS Command Injection issue, which occurs when special elements used in an OS command are not properly neutralized. This allows remote...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•23 views

PT-2026-44747

Name of the Vulnerable Software and Affected Versions Breeze versions prior to 2.5.3 Description Improper verification of the wordpress logged in cookie in the inc/cache/execute-cache.php file occurs when the "Cache Logged-in Users" setting is enabled. The plugin uses the substr function to parse...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•23 views

PT-2026-44946

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2026.1.1 Description Command injection is possible through the filename completion feature. Recommendations Update to version 2026.1.1...

7.8CVSS5.8AI score0.00455EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•23 views

PT-2026-44904

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.29.2 Description An authenticated user can execute arbitrary OS commands on the host system through the Docker file upload functionality. The issue occurs because the destinationPath parameter is not properly...

9.9CVSS6.2AI score0.00866EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44273

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the fanotify system allows the fsnotify get mark safe function to return false for a mark on an unrelated group. This behavior leads to the bypassing of permission checks. The...

7.1CVSS6AI score0.00142EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44579

Name of the Vulnerable Software and Affected Versions glib-networking affected versions not specified Description A flaw exists where a remote attacker can cause a denial of service for an affected process or worker. This occurs when an application uses glib-networking with the GnuTLS backend...

4.3CVSS5.2AI score0.00184EPSS
Exploits0References25
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-45159

Name of the Vulnerable Software and Affected Versions libsolv-demo versions prior to 0.7.38-1.1 Description Security issues were identified in the libsolv-demo package. Recommendations Update to version 0.7.38-1.1...

6.5CVSS5.8AI score0.00399EPSS
Exploits0References58
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44721

Name of the Vulnerable Software and Affected Versions Capsule versions prior to 0.13.0 Description The Capsule Controller runs with cluster-admin privileges. A flaw exists in the HandleSection function within the internal/controllers/resources/processor.go file, where the processing logic for...

9.1CVSS5.8AI score0.0043EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44731

A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher. do fetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...

6.7CVSS6AI score0.00012EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44388

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists due to unsanitized data-mce- attributes, specifically data-mce-href, data-mce-src, and...

8.7CVSS5.4AI score0.00281EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44203

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

7.2CVSS6AI score0.00436EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44176

This vulnerability in Veeam Service Provider Console allows for remote code execution...

9.4CVSS6.1AI score0.00403EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44290

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A heap leak exists in the usblp driver. The usblp read status function requests 1 byte of data, but if a malicious printer responds with zero bytes, the usblp ctrl msg function discards the...

9.8CVSS5.9AI score0.00501EPSS
Exploits2References352
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44277

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A Use-After-Free UAF issue exists in the sched ext component. The functions scx group set weight, scx group set idle, and sc...

9.8CVSS6AI score0.00501EPSS
Exploits0References286
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44341

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bounds checking issue exists in the Linux kernel DRM AMD GPU driver. The uvd, vce, and vcn components access the Indirect Buffer IB at predefined offsets without verifying if the IB is...

9.8CVSS5.8AI score0.03663EPSS
Exploits17References284
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44250

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the RDMA/ocrdma component within the ocrdma copy pd uresp function. The issue arises because pd-uctx is not initialized until late in the function...

9.8CVSS5.9AI score0.00513EPSS
Exploits5References293
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44278

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the smb2 compound op function. This occurs when a server sends a truncated response with a large OutputBufferLength and terminates the EA list early. In...

9.1CVSS5.9AI score0.00478EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•23 views

PT-2026-44336

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab use-after-free issue exists in the appletb-kbd driver. The problem occurs during driver tear-down in the appletb kbd probe and appletb kbd remove functions due to improper...

9.8CVSS5.9AI score0.03663EPSS
Exploits17References279
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•23 views

PT-2026-47217

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 5.4.48 Symfony versions prior to 6.4.15 Symfony versions prior to 7.4.0 Symfony versions prior to 8.0.0 Symfony versions prior to 8.1.0 Description The doGenerate function in SymfonyComponentRoutingGeneratorUrlGenerat...

6.9CVSS5.2AI score0.00026EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•23 views

PT-2026-43848

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the css alloc subchannel function where device initialize is called before the DMA masks are configured. If the dma set coherent mask or dma set mask functions fail, t...

5.5CVSS5.4AI score0.00126EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•23 views

PT-2026-43788

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the mtd parser tplink safeloader parse function. The function allocates a buffer buf using mtd parser tplink safeloader read table. If the allocation for...

5.5CVSS5.7AI score0.00122EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•23 views

PT-2026-44109

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.8.7 Description pam usb provides hardware authentication for Linux using removable media. The pamusb-pinentry component reads the PINENTRY FALLBACK APP environment variable and executes it without validation. A...

7.8CVSS6AI score0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•23 views

PT-2026-44130

Name of the Vulnerable Software and Affected Versions CrowdSec LAPI affected versions not specified Description The LAPI router utilizes the gin-contrib/gzip middleware with DefaultDecompressHandle globally in pkg/apiserver/controllers/controller.go. This middleware decompresses incoming request...

8.2CVSS5.3AI score0.00115EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•23 views

PT-2026-43571

The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo' shortcode attribute in the 'github' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•23 views

PT-2026-44019

Jenkins Job Import Plugin 143.v044a 2e819b 27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

5.8AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•23 views

PT-2026-43189

Missing password field masking vulnerability in Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules, Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor Data Center Analytics, Analytics probe modules. This issu...

4.6CVSS5.8AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•23 views

PT-2026-43627

Name of the Vulnerable Software and Affected Versions tmp affected versions not specified Description The tmp npm package contains a path traversal issue that allows escaping the intended temporary directory when untrusted data is passed into the prefix, postfix, or dir options. By embedding...

8.7CVSS5.4AI score0.00354EPSS
Exploits1References16
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•23 views

PT-2026-43441

Name of the Vulnerable Software and Affected Versions netty incubator codec.bhttp versions prior to 0.0.21.Final Description The HKDF expand function returns a non-NULL byte array filled with zeros upon failure, making it impossible to distinguish between a successful operation and a failure. Thi...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References6
Total number of security vulnerabilities5000