Lucene search
K
PtsecurityMost viewed

184269 matches found

Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.40 views

PT-2026-42966

A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...

6.3CVSS5.1AI score0.00268EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.40 views

PT-2025-52605

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...

9.8CVSS5.9AI score0.00331EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.40 views

PT-2025-45031

Name of the Vulnerable Software and Affected Versions Salesforce Mulesoft Anypoint Code Builder versions prior to 1.11.6 Description An issue exists in Salesforce Mulesoft Anypoint Code Builder related to improper neutralization of input used for LLM prompting, which allows manipulation of writab...

5.3CVSS6.7AI score0.00216EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.39 views

PT-2026-53645

A heap-based buffer overflow exists in the qr reader match centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...

9.8CVSS6.3AI score0.01542EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.39 views

PT-2026-51580

Name of the Vulnerable Software and Affected Versions @rtk-ai/rtk-rewrite version 1.0.0 Description The @rtk-ai/rtk-rewrite OpenClaw plugin fails to properly escape input passed to a shell-backed execSync function. While JSON.stringify is used to wrap values in double quotes, it does not neutrali...

6.3CVSS6.2AI score0.00288EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.39 views

PT-2026-50223

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS5.6AI score0.00094EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.39 views

PT-2026-48692

Name of the Vulnerable Software and Affected Versions @grpc/grpc-js versions prior to 1.9.16 @grpc/grpc-js versions prior to 1.10.12 @grpc/grpc-js versions prior to 1.11.4 @grpc/grpc-js versions prior to 1.12.7 @grpc/grpc-js versions prior to 1.13.5 @grpc/grpc-js versions prior to 1.14.4...

7.5CVSS5.8AI score0.00052EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.39 views

PT-2026-44800

Name of the Vulnerable Software and Affected Versions Acer Wave 7 router affected versions not specified Description The upload.cgi binary, which processes device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, which can...

10CVSS5.8AI score0.00262EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.39 views

PT-2026-41842

There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface...

6.3CVSS5.8AI score0.00252EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.39 views

PT-2026-39112

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the netfilter nfnetlink queue component. The nfqnl recv verdict function calls find dequeue entry to remove a queue entry, taking ownership of it. For PF BRIDGE...

5.8AI score0.00123EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.39 views

PT-2026-22146

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 25H1 and below Description A flaw exists in VMware Workstation that could allow a user with limited access within a guest virtual machine to disrupt the host system. Specifically, an out-of-bounds write issue can le...

5CVSS5.9AI score0.00156EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.39 views

PT-2024-35332 · Unknown · Sanil Shakya Sticky Social Icons

Name of the Vulnerable Software and Affected Versions: Sanil Shakya Sticky Social Icons versions 1.2.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. Recommendations: For...

5.9CVSS9.3AI score0.00274EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.39 views

PT-2022-21749 · Qualcomm · Qualcomm Ipc

Name of the Vulnerable Software and Affected Versions: Qualcomm IPC in Snapdragon Mobile affected versions not specified Description: The issue is related to memory corruption in Qualcomm IPC due to a buffer copy without checking the size of the input while starting communication with a compromis...

7.8CVSS7.7AI score0.00116EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.38 views

PT-2026-51259

Name of the Vulnerable Software and Affected Versions Radware Cyber Controller versions prior to 10.11.0 Description An issue exists within the HTML Report Generation component that allows for HTML injection. This flaw can be exploited remotely to inject malicious HTML code into reports...

5.1CVSS5.9AI score0.00195EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.38 views

PT-2026-50852

Summary When DOMPurify.sanitizeroot, IN PLACE: true is called on an attacker-supplied live DOM node, DOMPurify still trusts currentNode.nodeName for non-form nodes in the main sanitizeElements pipeline. A real child node whose observable nodeName is attacker-controlled can therefore be...

5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.38 views

PT-2026-48614

Name of the Vulnerable Software and Affected Versions Spring Web Flow version 4.0.0 Spring Web Flow versions 3.0.0 through 3.0.1 Spring Web Flow versions 2.5.0 through 2.5.1 Description The JavaScript RemotingHandler renders the body of an error response as HTML, regardless of whether the respons...

4.8CVSS5.8AI score0.00201EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.38 views

PT-2026-48038

Name of the Vulnerable Software and Affected Versions Azure Stack Edge affected versions not specified Description External control of a file name or path allows an unauthorized attacker to execute arbitrary code over a network. Recommendations At the moment, there is no information about a newer...

10CVSS6.2AI score0.00753EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.38 views

PT-2026-45602

In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00068EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.38 views

PT-2026-40382

Name of the Vulnerable Software and Affected Versions AOS-8 affected versions not specified Description A session management issue allows previously authenticated users to maintain network access after their accounts have been administratively disabled. Because existing sessions are not invalidat...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.38 views

PT-2026-39923

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS6.3AI score0.00255EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.38 views

PT-2026-34596

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.5.0 Description A Stored DOM XSS Cross-Site Scripting issue exists in the backup module. An attacker can manipulate the filename field using an SQL file to inject a hidden XSS payload, potentially leading to full...

9.1CVSS5.9AI score0.00331EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/08/16 12:0 a.m.38 views

PT-2025-33518 · WordPress · Ithemes Serverbuddy

Name of the Vulnerable Software and Affected Versions: iThemes ServerBuddy versions n/a through 1.0.5 Description: A Cross-Site Request Forgery CSRF vulnerability exists in iThemes ServerBuddy by PluginBuddy.Com, allowing Object Injection. Recommendations: At the moment, there is no information...

8.8CVSS6.3AI score0.00143EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/03/25 12:0 a.m.38 views

PT-2025-12805 · Appsmith · Appsmith

Name of the Vulnerable Software and Affected Versions: Appsmith versions prior to 1.51 Description: The issue concerns an information disclosure where users invited as "App Viewer" can access development information of a workspace, specifically getting a list of datasources. This does not expose...

4.8CVSS5.9AI score0.00233EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/03/31 12:0 a.m.38 views

PT-2023-17234 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises when processing an email invite to a private channel on a team. Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite...

5.4CVSS5.1AI score0.00317EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.37 views

PT-2026-53626

Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...

9.8CVSS5.8AI score0.00372EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.37 views

PT-2026-52471

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...

7.2CVSS6.4AI score0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.37 views

PT-2026-51119

Name of the Vulnerable Software and Affected Versions @cyclonedx/cyclonedx-npm versions 2.1.0 through 4.x Description Command injection occurs when the CLI is invoked with the --workspace option while the environment variable npm execpath is unset or empty. In this scenario, user-supplied values...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.37 views

PT-2026-50850

Name of the Vulnerable Software and Affected Versions Dell Server Hardware Manager versions prior to 3.2.2 Description Improper Access Control allows a low privileged attacker with local access to potentially achieve Elevation of privileges, which is the act of gaining higher-level permissions th...

7.8CVSS5.9AI score0.001EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.37 views

PT-2026-52216

Name of the Vulnerable Software and Affected Versions Gitea Docker image versions prior to 1.26.3 Description Official Gitea Docker images contain a configuration flaw in the app.ini file where the REVERSE PROXY TRUSTED PROXIES variable is set to a wildcard by default. When reverse-proxy...

9.8CVSS7.2AI score0.00783EPSS
Exploits4References88
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.37 views

PT-2026-48938

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11.6.2 Mattermost versions prior to 11.5.5 Mattermost versions prior to 10.11.17 Description Authenticated users with delegated user-management permissions can escalate privileges by altering built-in role...

7.2CVSS5.9AI score0.00257EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.37 views

PT-2026-48821

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device...

9.9CVSS5.6AI score0.00825EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.37 views

PT-2026-48532

Name of the Vulnerable Software and Affected Versions UpdraftPlus: WP Backup & Migration Plugin versions prior to 1.26.5 Description An authentication bypass exists in the UpdraftPlus Remote Communications V2::wp loaded function due to insufficient validation of the remote communications message...

8.1CVSS6.5AI score0.03578EPSS
Exploits3References19
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.37 views

PT-2026-34667

Name of the Vulnerable Software and Affected Versions Pipecat versions 0.0.41 through 0.0.93 Description An issue exists in the LivekitFrameSerializer class, an optional and deprecated frame serializer used for LiveKit integration. The deserialize function in src/pipecat/serializers/livekit.py us...

9.8CVSS6AI score0.00701EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.37 views

PT-2026-25089

soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/03 12:0 a.m.37 views

PT-2023-10006 · Unknown · Fanzila Webfinance

Name of the Vulnerable Software and Affected Versions: fanzila WebFinance version 0.5 Description: A critical issue has been found in fanzila WebFinance, affecting an unknown function of the file htdocs/admin/save roles.php. The manipulation of the id argument leads to sql injection...

9.8CVSS6.3AI score0.00643EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.36 views

PT-2026-51138

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

5.9CVSS5.8AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.36 views

PT-2026-50769

Name of the Vulnerable Software and Affected Versions pam usb versions 0.9.1 and earlier Description The xfree memory release helper calls free without zeroing buffer contents first. This results in heap-allocated buffers containing sensitive data, such as one-time pad bytes read from disk, being...

4.7CVSS6AI score0.00109EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.36 views

PT-2026-50640

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS5.4AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.36 views

PT-2026-48284

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials versions c2pa-v0.80.1 and earlier Description An uncontrolled resource consumption issue allows an attacker to exhaust system resources, leading to an...

7.5CVSS5.2AI score0.00407EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.36 views

PT-2026-45648

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description Kiteworks is a private data network PDN. A reflected Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript...

8.2CVSS5.6AI score0.00283EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.36 views

PT-2026-39942

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

6.1CVSS5.9AI score0.00144EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.36 views

PT-2026-40079

Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

5.6CVSS5.7AI score0.00095EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.36 views

PT-2026-39426

Уязвимость компонентов xfrm и RxRPC ядра операционной системы Linux связана с отсутствием проверки корректности принимаемых запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии до уровня root...

6.8CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/05/08 12:0 a.m.36 views

PT-2025-22220

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue occurs when bpf redirect peer is used to redirect packets to a device in another network namespace, and the packet is not...

5.5CVSS6.7AI score0.00149EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.36 views

PT-2025-14163 · Beastthemes · Beastthemes Clockinator Lite

Name of the Vulnerable Software and Affected Versions: BeastThemes Clockinator Lite versions 1.0.0 through 1.0.7 Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For version...

5.3CVSS6.1AI score0.00421EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/03 12:0 a.m.36 views

PT-2025-1788 · WordPress · The Photo Gallery Slideshow & Masonry Tiled Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress versions up to, and including, 1.0.15 Description: The issue allows authenticated attackers with Subscriber-level access and above to make web requests to arbitrary...

4.3CVSS9.3AI score0.00379EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.36 views

PT-2024-7097 · Cisco · Cisco Routed Pon Controller +1

Name of the Vulnerable Software and Affected Versions: Cisco Routed PON Controller Software affected versions not specified Description: The issue exists due to insufficient validation of arguments passed to specific configuration commands, allowing an authenticated, remote attacker with...

9CVSS8.4AI score0.01098EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.36 views

PT-2024-23494 · Jnt Telecom · Jnt Liftcom Ums

Name of the Vulnerable Software and Affected Versions: JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 Description: An issue in the software allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. Recommendations: For JNT Telecom JNT Liftcom UMS V1.J...

6.3CVSS8.1AI score0.00554EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2009/08/31 12:0 a.m.36 views

PT-2009-5362 · Bingo! · Bingo!Cms

Name of the Vulnerable Software and Affected Versions: bingo!CMS versions 1.2 and earlier Description: A cross-site request forgery issue allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content. Recommendations: For versions 1.2...

6.8CVSS7.6AI score0.00991EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.35 views

PT-2026-53289

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References2
Total number of security vulnerabilities5000