Lucene search
K
PtsecurityMost viewed

184481 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.23 views

PT-2026-43571

The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo' shortcode attribute in the 'github' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.23 views

PT-2026-43790

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The catc probe function fills three USB Request Blocks URBs with hardcoded endpoint pipes without verifying the endpoint descriptors. Specifically, it uses usb sndbulkpipeusbdev, 1 and u...

5.5CVSS5.5AI score0.0016EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.23 views

PT-2026-43189

Missing password field masking vulnerability in Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe modules, Hitachi Ops Center Analyzer viewpoint, Hitachi Infrastructure Analytics Advisor Data Center Analytics, Analytics probe modules. This issu...

4.6CVSS5.8AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.23 views

PT-2026-43627

Name of the Vulnerable Software and Affected Versions tmp affected versions not specified Description The tmp npm package contains a path traversal issue that allows escaping the intended temporary directory when untrusted data is passed into the prefix, postfix, or dir options. By embedding...

8.7CVSS5.4AI score0.00354EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.23 views

PT-2026-43441

Name of the Vulnerable Software and Affected Versions netty incubator codec.bhttp versions prior to 0.0.21.Final Description The HKDF expand function returns a non-NULL byte array filled with zeros upon failure, making it impossible to distinguish between a successful operation and a failure. Thi...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.23 views

PT-2026-43190

Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silently dropped from the execution chain when the router prefix contains path parameters. Depending on what the skipped middleware was supposed to protect, an...

7.3CVSS5.9AI score0.0036EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.23 views

PT-2026-42984

A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly availabl...

5.3CVSS4.2AI score0.00263EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.23 views

PT-2026-43017

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

5.5CVSS5.7AI score0.00324EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.23 views

PT-2026-43074

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 151.1 Description Firefox for iOS incorrectly displayed specially crafted right-to-left RTL and internationalized domain names IDNs within link preview UI surfaces. A crafted RTL hostname could visually reorde...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.23 views

PT-2026-43069

Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0 through 4.0.0 Description Improper Neutralization of CRLF Sequences, also known as CRLF Injection, allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney ws.erl copies the host, path, headers...

7.5CVSS6AI score0.00506EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.23 views

PT-2026-42944

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.23 views

PT-2026-43115

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.15 Roundcube Webmail versions 1.7.0 through 1.7.0 Description An unsanitized subject field in the draft restored value allows for stored Cross-Site Scripting XSS, HTML, and CSS injection on shared...

4.4CVSS5.8AI score0.00239EPSS
Exploits1References30
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.23 views

PT-2026-42881

A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...

6.5CVSS6.3AI score0.00237EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.23 views

PT-2026-42716

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authorization bypass exists in certain SSH server configurations. The issue occurs when a callback other than a public key is used, causing the source-address...

10CVSS5.8AI score0.0044EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.23 views

PT-2026-42396

Name of the Vulnerable Software and Affected Versions Avada Builder fusion-builder versions prior to 3.15.3 Description The Avada Builder plugin for WordPress allows unauthenticated remote code execution through PHP Function Injection. The issue occurs because the wp conditional tags case within...

9.8CVSS6.4AI score0.02163EPSS
Exploits4References18
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.23 views

PT-2026-42474

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS5.8AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.23 views

PT-2026-42145

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

3.7CVSS5.8AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.23 views

PT-2026-42196

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

5.8AI score0.00198EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.23 views

PT-2026-42099

Name of the Vulnerable Software and Affected Versions mailcow-dockerized version 2026-03b Description A stored cross-site scripting issue exists in the administrator Queue Manager. The Queue Manager retrieves mail queue entries from the endpoint '/api/v1/get/mailq/all' and copies server-controlle...

7.4CVSS5.8AI score0.0032EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.23 views

PT-2026-42125

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.19.1 through 1.25.0 Description A flaw in the DNSSEC validator allows for denial of service and potential remote code execution. The issue occurs during the deep copying of a data structure when DS sub-queries...

10CVSS6.3AI score0.01272EPSS
Exploits0References83
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.23 views

PT-2026-41933

Name of the Vulnerable Software and Affected Versions Eclipse GlassFish version 8.0.0 Eclipse GlassFish versions prior to 7.1.0 Description A critical Expression Language EL injection issue exists in the server-side template rendering mechanism used by the GlassFish gadget handler. The applicatio...

9.6CVSS6.2AI score0.00628EPSS
Exploits2References9
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.23 views

PT-2026-42016

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description The web-based installer at the endpoint "public/installer/index.php" allows unauthenticated Remote Code Execution RCE, which is the ability to execute arbitrary commands on a remote machine. The...

10CVSS6.2AI score0.00821EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.23 views

PT-2026-41874

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer underflow exists in the mpi read raw from sgl function. This occurs when the number of leading zeros in a scatterlist exceeds the nbytes parameter, causing an underflow during...

8.8CVSS5.9AI score0.00354EPSS
Exploits0References423
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.23 views

PT-2026-41724

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description The hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links. This causes the extension to make authenticated daemon requests using stored...

7.4CVSS5.8AI score0.0033EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.23 views

PT-2026-41583

Name of the Vulnerable Software and Affected Versions Crypt::OpenSSL::PKCS12 versions prior to 1.95 Description The software truncates passwords containing embedded NULL characters. In the PKCS12.xs file, password parameters are declared as char , which utilizes Perl's default typemap SvPV nolen,...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.23 views

PT-2026-41527

Name of the Vulnerable Software and Affected Versions EMQX versions prior to 6.2.0 Description A race condition exists in the QoS 2 PUBLISH Packet Handler component within the apps/emqx/src/emqx persistent session ds.erl file. This issue allows a remote attacker to trigger a race condition, which...

3.1CVSS5.8AI score0.00282EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.23 views

PT-2026-41469

Name of the Vulnerable Software and Affected Versions qs versions 6.11.1 through 6.15.1 Description The stringify function throws a TypeError when called with the options arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined elements. This occurs because the...

6.3CVSS5.8AI score0.00351EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.23 views

PT-2026-41261

Name of the Vulnerable Software and Affected Versions Rapid7 Metasploit Pro affected versions not specified Description Rapid7 Metasploit Pro on Windows is subject to a local privilege escalation. During startup, the metasploitPostgreSQL service and the subsequent postgres.exe service attempt to...

9.3CVSS5.9AI score0.0017EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.23 views

PT-2026-41211

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the CustomTemplate create and update processes. The application uses Object.assign to copy the request body into a CustomTemplate entity without an explicit field...

8.8CVSS5.5AI score0.00335EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.23 views

PT-2026-41210

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the assistant create and update processes. The application uses Object.assign to copy the request body into the Assistant entity without an explicit field allowlist,...

8.8CVSS5.5AI score0.00335EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.23 views

PT-2026-41108

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to perform an out of bounds memory write via a crafted print file...

8.8CVSS5.8AI score0.00498EPSS
Exploits0References86
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.23 views

PT-2026-41133

Name of the Vulnerable Software and Affected Versions devalue affected versions not specified Description The devalue.parse function may allocate excessive memory when deserializing sparse arrays due to specific behaviors in some JavaScript engines. This can lead to high memory consumption...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.23 views

PT-2026-40961

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager versions prior to 26.0.1 Description A flaw in the web UI of Cisco Catalyst SD-WAN Manager allows an authenticated remote attacker with read-only permissions to elevate their privileges to those of a high-privileg...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.23 views

PT-2026-40821

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 16.9.1 Description Certain endpoints in this open source Enterprise Resource Planning tool fail to enforce proper authorization checks, which allows users to modify data beyond the permissions assigned to their role...

9.9CVSS5.8AI score0.00279EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.23 views

PT-2026-40719

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description The Webhook data model and associated feature set can be configured by users with sufficient access to perform requests to unauthorized hosts and IP addresses. This...

8.5CVSS5.8AI score0.00235EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.23 views

PT-2026-40726

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The endpoint "/api/tag/getTag" is registered using only the model.CheckAuth middleware, missing the model.CheckAdminRole and model.CheckReadonly checks. This allows any authenticated user, including...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.23 views

PT-2026-39938

ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if a...

6.7CVSS5.8AI score0.00096EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.23 views

PT-2026-40536

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description protobufjs allows certain schema option paths to traverse inherited object properties during option application. A crafted protobuf schema or JSON descriptor can...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.23 views

PT-2026-39993

A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process...

7.8CVSS6AI score0.00106EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.23 views

PT-2026-39550

Name of the Vulnerable Software and Affected Versions WebAssembly Binaryen versions prior to 118 Description An issue exists in the BrOn Parser component within the IRBuilder::makeBrOn function of the src/wasm/wasm-ir-builder.cpp file. A specific manipulation can lead to a reachable assertion,...

5.5CVSS5.6AI score0.00159EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.23 views

PT-2026-39564

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get log file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The explo...

5.8CVSS5.6AI score0.04412EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.23 views

PT-2026-39765

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service...

5.8AI score0.00461EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.23 views

PT-2026-39454

A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan conf/Channel/skiplist/ieee 80211h leads to os command injection. The attack may be launched remotely. The exploit has be...

6.5CVSS6.4AI score0.04807EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.23 views

PT-2026-39327

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description Cache Middleware fails to skip caching for responses that declare per-user variance using the Vary: Authorization or Vary: Cookie headers. While the middleware correctly skips caching for Vary: ,...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References170
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.23 views

PT-2026-38833

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux parse trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this...

7.5CVSS5.9AI score0.01072EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.23 views

PT-2026-39290

Summary MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters Platform.getSearchJsonPropertyKey, quoteJsonKey did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When...

7.6CVSS6.1AI score0.01252EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.23 views

PT-2026-38664

Name of the Vulnerable Software and Affected Versions Totolink X5000R version 9.1.0u.6369 B20230113 Description A buffer overflow occurs in the sub 458E40 function within the '/boafrm/formDdns' file. This issue is triggered by the manipulation of the submit-url argument, allowing for remote...

9CVSS7.4AI score0.00463EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.23 views

PT-2026-38956

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the dm driver, the failure to implement its own timeout handler while relying on slave devices leads to an issue where requests are leaked and never completed if an io-timeout-fail...

5.5CVSS5.8AI score0.00138EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.23 views

PT-2026-39207

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.12 Description The isInternalAddress function in packages/service/common/system/utils.ts is susceptible to DNS rebinding, a Time-of-Check to Time-of-Use TOCTOU issue. The function validates a hostname by resolvin...

6.3CVSS5.8AI score0.00148EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.23 views

PT-2026-39252

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF in free5GC contains a nil-pointer dereference issue within the PatchIndividualApplicationPFDManagement function. This occurs when a PATCH request is sent to the...

7.5CVSS5.8AI score0.0039EPSS
Exploits1References10
Total number of security vulnerabilities5000