Lucene search
K
PtsecurityMost viewed

184481 matches found

Positive Technologies
Positive Technologies
•added 2026/01/07 12:0 a.m.•23 views

PT-2026-1580

Name of the Vulnerable Software and Affected Versions Key Figures plugin for WordPress versions prior to 1.2 Description The Key Figures plugin for WordPress is susceptible to Stored Cross-Site Scripting through the kf field figure default color render function. Insufficient input sanitization an...

4.4CVSS5.2AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/01/01 12:0 a.m.•23 views

PT-2026-8168

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0 156 Description The Linux kernel contained a flaw in the net/mlx5e module related to Traffic Control TC steering flows. Specifically, the issue occurred during the deletion of TC steering flows, where the...

5.5CVSS6.4AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2025/12/30 12:0 a.m.•23 views

PT-2025-53946

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.0-00396-g81ef9e7-dirty Description The Linux kernel contains a stack-out-of-bounds write issue in the strncpy function within the zynqmp clock driver. This occurs when the clock name exceeds 15 bytes, leading...

7.8CVSS6.8AI score0.00462EPSS
Exploits2References896
Positive Technologies
Positive Technologies
•added 2025/12/24 12:0 a.m.•23 views

PT-2025-53111

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to improper handling of device nodes in the tegra-video driver. Specifically, a use-after-free condition can occur during device removal. The iss...

7.8CVSS6.6AI score0.00462EPSS
Exploits2References894
Positive Technologies
Positive Technologies
•added 2025/12/09 12:0 a.m.•23 views

PT-2025-49632

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc7 Description The Linux kernel contains a flaw in the 'uio dmem genirq' component related to interrupt handling. A missing unlock within the interrupt configuration process can lead to a...

7.8CVSS6.3AI score0.00462EPSS
Exploits2References899
Positive Technologies
Positive Technologies
•added 2025/12/04 12:0 a.m.•23 views

PT-2025-49123

A vulnerability has been identified in Genexis Platinum P4410 router Firmware P4410-V2–1.41 that allows a local network attacker to achieve Remote Code Execution RCE with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs...

7.4AI score0.00348EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 2025/10/15 12:0 a.m.•23 views

PT-2025-42259

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a use-after-free issue identified through syzbot reporting. The issue occurs after commit e6d5dbdd20aa, which added multi-buff support for XDP running in gener...

7.8CVSS6.4AI score0.08942EPSS
Exploits4References987
Positive Technologies
Positive Technologies
•added 2025/10/07 12:0 a.m.•23 views

PT-2025-41116

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where extra debug information is output if an inline backref cannot be found during a lookup operation. This was identified through reports from Syzbot...

7.8CVSS6.3AI score0.08942EPSS
Exploits4References992
Positive Technologies
Positive Technologies
•added 2025/10/07 12:0 a.m.•23 views

PT-2025-41062

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the BTRFS file system. Specifically, the issue involves the handling of reloc trees, which are used for managing shared tree blocks between...

7.8CVSS6.2AI score0.08942EPSS
Exploits4References990
Positive Technologies
Positive Technologies
•added 2025/09/15 12:0 a.m.•23 views

PT-2025-37814

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Tahoe 26 Description: An application may be able to access sensitive user data due to insufficient checks preventing unauthorized actions. Recommendations: Update to macOS Tahoe 26...

4CVSS6.2AI score0.00177EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2025/09/05 12:0 a.m.•23 views

PT-2025-36150

Name of the Vulnerable Software and Affected Versions: WP CodeUs Ultimate Client Dash versions through 4.6 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. Recommendations: Update WP CodeUs...

5.9CVSS5.5AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2025/08/18 12:0 a.m.•23 views

PT-2025-33666 · Unknown · Namelessmc

Name of the Vulnerable Software and Affected Versions: NamelessMC versions prior to 2.2.4 Description: NamelessMC is a website software for Minecraft servers. A cross-site scripting XSS issue exists in NamelessMC before version 2.2.4, allowing authenticated attackers to inject arbitrary web scrip...

7.2CVSS5.8AI score0.00367EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2025/08/16 12:0 a.m.•23 views

PT-2025-33522 · WordPress · School Management System For Wordpress

Name of the Vulnerable Software and Affected Versions: School Management System for WordPress plugin versions prior to 93.2.0 Description: The School Management System for WordPress plugin is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file. This...

8.8CVSS7.1AI score0.00519EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2025/08/15 12:0 a.m.•23 views

PT-2025-33497

Name of the Vulnerable Software and Affected Versions: Wulkano KAP version 3.6.0 Description: Improper Control of Generation of Code 'Code Injection' in Wulkano KAP on MacOS allows TCC Bypass. Recommendations: At the moment, there is no information about a newer version that contains a fix for th...

6.9CVSS6.1AI score0.00186EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2025/06/18 12:0 a.m.•23 views

PT-2025-25938 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the initialization of jump labels on 64-bit systems. Specifically, calling jump label init in setup featu...

7.8CVSS5.6AI score0.12746EPSS
Exploits16References587
Positive Technologies
Positive Technologies
•added 2025/06/18 12:0 a.m.•23 views

PT-2025-25966

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow issue has been identified in the Linux kernel, specifically in the sja1105 setup devlink regions function. This occurs when an error happens in dsa devlink region creat...

7.8CVSS8.2AI score0.12746EPSS
Exploits16References1215
Positive Technologies
Positive Technologies
•added 2025/06/12 12:0 a.m.•23 views

PT-2025-25348 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Citizen versions prior to 3.3.1 Description: The issue affects the Citizen MediaWiki skin, where system messages in menu headings using the Menu.mustache template are inserted as raw HTML. This allows users with the editinterface right to...

6.5CVSS6.3AI score0.00345EPSS
Exploits1References11
Positive Technologies
Positive Technologies
•added 2025/05/25 12:0 a.m.•23 views

PT-2025-22871 · H3C · H3C Seccenter Smp-E1114P02

Name of the Vulnerable Software and Affected Versions: H3C SecCenter SMP-E1114P02 up to 20250513 Description: A vulnerability was found in the function Download of the file /cfgFile/1/download. The manipulation of the argument Name leads to path traversal. The attack may be initiated remotely...

7.5CVSS4.3AI score0.00651EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2025/05/08 12:0 a.m.•23 views

PT-2025-20383

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.5, 16.9, 15.13, 14.18, and 13.21 Description The vulnerability is related to a buffer over-read in PostgreSQL's GB18030 encoding validation. This issue allows a database input provider to achieve temporary denia...

8.8CVSS6.8AI score0.00709EPSS
Exploits1References187
Positive Technologies
Positive Technologies
•added 2025/05/07 12:0 a.m.•23 views

PT-2025-20154 · Wedevs · Webmail

Name of the Vulnerable Software and Affected Versions: weDevs weMail versions 1.14.13 and earlier Description: The issue allows exposure of sensitive system information to an unauthorized control sphere, enabling the retrieval of embedded sensitive data. Recommendations: For weDevs weMail version...

7.5CVSS6AI score0.00336EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2025/05/02 12:0 a.m.•23 views

PT-2025-18895 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns a server shutdown leak in the SUNRPC component of the Linux kernel. It involves a race condition where kthread stop may prevent threadfn from being called, resulting...

8.8CVSS5AI score0.0129EPSS
Exploits3References652
Positive Technologies
Positive Technologies
•added 2025/05/02 12:0 a.m.•23 views

PT-2025-18905 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability in the Linux kernel has been resolved, where the ila xlat nl cmd get mapping function generates an empty message, triggering a sanity check. This issue is resolved ...

7.8CVSS7.4AI score0.0129EPSS
Exploits1References376
Positive Technologies
Positive Technologies
•added 2025/04/07 12:0 a.m.•23 views

PT-2025-15134 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.2 Description: The issue allows a local attacker to cause a denial of service DOS through an out-of-bounds write. Recommendations: For versions prior to 5.0.2, update to a version that contains a fix for this...

3.3CVSS6.1AI score0.00137EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2025/03/20 12:0 a.m.•23 views

PT-2025-12385 · Microsoft · Dataverse

Name of the Vulnerable Software and Affected Versions: Microsoft Dataverse affected versions not specified Description: Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. Recommendations: At the moment, there is no information...

8.8CVSS6.3AI score0.01246EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2025/03/13 12:0 a.m.•23 views

PT-2025-11143 · Pagelayer · Pagelayer

Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer versions up to, and including, 1.9.8 Description: The issue is related to insufficient validation on the pagelayer save content function, allowing authenticated attackers with Contributor-level access and above to...

4.3CVSS9.1AI score0.00269EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2025/02/26 12:0 a.m.•23 views

PT-2025-12: Deserialization of Untrusted Data in HTML2PDF

The vulnerability was identified in HTML2PD, version 5.3.0. The discovered vulnerability allows an attacker to create objects of arbitrary classes, fully controlling their properties, thus modify the logic of the web application. Vulnerability status: Confirmed by vendor Date of vulnerability...

8.8CVSS7.4AI score
Exploits0
Positive Technologies
Positive Technologies
•added 2025/02/20 12:0 a.m.•23 views

PT-2025-17285

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the iio component. The issue involves an out-of-bounds access in the veml6075 read int time ms function, where the...

7.8CVSS7.2AI score0.28222EPSS
Exploits13References505
Positive Technologies
Positive Technologies
•added 2025/01/01 12:0 a.m.•23 views

PT-2026-3230

Name of the Vulnerable Software and Affected Versions versions prior to TLS 1.3 Description A flaw exists in the TLS 1.3 handshake process where messages spanning encryption level boundaries can be processed prematurely. This can lead to minor information disclosure if a network-local attacker...

9.8CVSS6.7AI score0.00276EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2024/12/30 12:0 a.m.•23 views

PT-2024-10184 · D Link · Dir-816A2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816A2 version 1.10CNB05 R1B011D88210 Description: The issue is related to an access control problem in the form2PortriggerRule.cgi component, allowing unauthenticated attackers to set the port trigger of the device via a crafted PO...

10CVSS9.5AI score0.00492EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2024/12/11 12:0 a.m.•23 views

PT-2025-13206 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved by adding shadow buffering for deferred I/O in the drm/fbdev-dma module. This change addresses driver errors related to kernel NUL...

7.8CVSS7.8AI score0.13036EPSS
Exploits3References825
Positive Technologies
Positive Technologies
•added 2024/12/10 12:0 a.m.•23 views

PT-2024-36017 · Undefined · Undefined

MS-ISAC CYBERSECURITY ADVISORYMS-ISAC CYBERSECURITY ADVISORY MS-ISAC ADVISORY NUMBER: 2024-134 DATES ISSUED: 12/10/2024 SUBJECT: Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution OVERVIEW: Multiple vulnerabilities have been discovered in Adobe products, the most...

9.3CVSS10AI score0.0104EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2024/09/16 12:0 a.m.•23 views

PT-2024-31041 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15 Description: The issue allows an app to bypass certain Privacy preferences due to inadequate state management. This has been addressed through improved state management. Recommendations: For versions prior to 15,...

7.5CVSS6.6AI score0.00389EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2024/09/05 12:0 a.m.•23 views

PT-2024-39038 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal versions affected versions not specified Description: A Cross-Site Scripting XSS issue exists due to insufficient encryption of user-controlled input. This could allow an attacker to retrieve the session details of an authenticated...

6.3CVSS5.6AI score0.00239EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2024/08/29 12:0 a.m.•23 views

PT-2024-29366

Name of the Vulnerable Software and Affected Versions openflights version 5234b5b Description The issue is related to a Cross-Site Scripting XSS vulnerability. It affects the php/alsearch.php file. No information is provided about the estimated number of potentially affected devices or real-world...

6.1CVSS5.9AI score0.00359EPSS
Exploits1References10
Positive Technologies
Positive Technologies
•added 2024/06/13 12:0 a.m.•23 views

PT-2024-27929 · Alcasar · Alcasar

Name of the Vulnerable Software and Affected Versions: ALCASAR versions prior to 3.6.1 Description: The issue allows for CSRF and remote code execution in the activity.php file. Recommendations: For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue...

9.6CVSS7.6AI score0.00352EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2024/05/02 12:0 a.m.•23 views

PT-2024-6083

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to the next release exact version not specified CPython version 3.9 and earlier Description The issue is related to the OpenSSL API function SSL select next proto which can cause a crash or memory contents to be sent to...

9.4CVSS8AI score0.73461EPSS
Exploits5References340
Positive Technologies
Positive Technologies
•added 2024/03/27 12:0 a.m.•23 views

PT-2024-23015 · Bizprint · Bizprint

Name of the Vulnerable Software and Affected Versions: BizPrint versions through 4.5.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Cross-Site Scripting XSS in BizPrint. Recommendations: For versions through 4.5.5, update to a version that...

7.1CVSS8.7AI score0.00195EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2024/03/11 12:0 a.m.•23 views

PT-2024-19962 · National Instruments · Labview

Name of the Vulnerable Software and Affected Versions: LabVIEW versions prior to 2024 Q1 Description: An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI...

7.8CVSS8AI score0.00591EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2024/03/11 12:0 a.m.•23 views

PT-2024-21269 · Google · Android

Name of the Vulnerable Software and Affected Versions: TBD affected versions not specified Description: The issue is related to a missing bounds check in the tmu reset tmu trip counter function, which could lead to a possible out of bounds write. This could result in local escalation of privilege...

8.4CVSS6.7AI score0.00125EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2024/03/06 12:0 a.m.•23 views

PT-2024-22141

Name of the Vulnerable Software and Affected Versions RSSHub versions 1.0.0-master.cbbd829 through 1.0.0-master.d8ca915 Description RSSHub is an open source RSS feed generator. When a specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS...

6.1CVSS6.2AI score0.00521EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2024/01/16 12:0 a.m.•23 views

PT-2024-1613 · Zhicms · Zhicms

Name of the Vulnerable Software and Affected Versions: ZhiCms versions up to 4.0 Description: A critical vulnerability has been found in ZhiCms, affecting an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the mylike argument leads to deserialization. It is...

10CVSS7.5AI score0.00857EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2023/12/04 12:0 a.m.•23 views

PT-2023-18475 · Qualcomm · Qualcomm Chipsets

Name of the Vulnerable Software and Affected Versions: Qualcomm Chipsets affected versions not specified Description: The issue is related to memory corruption in the camera while installing a file descriptor for a particular DMA buffer. This can potentially lead to code execution. Recommendation...

7.8CVSS7.9AI score0.0014EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2023/11/06 12:0 a.m.•23 views

PT-2023-15305 · Unknown · Wpdevart Booking Calendar

Name of the Vulnerable Software and Affected Versions: WpDevArt Booking calendar, Appointment Booking System versions 3.2.7 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQ...

9.8CVSS9.7AI score0.00675EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2023/08/31 12:0 a.m.•23 views

PT-2023-27993 · WordPress · Woocommerce Pdf Invoice Builder

Name of the Vulnerable Software and Affected Versions: WooCommerce PDF Invoice Builder plugin for WordPress versions up to, and including, 1.2.90 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This...

4.8CVSS5.4AI score0.00412EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2023/08/18 12:0 a.m.•23 views

PT-2023-25407 · Logitech · Logitec Lan-Wh300An/Dgp +3

Name of the Vulnerable Software and Affected Versions: LOGITEC LAN-W300N/DR all versions LOGITEC LAN-WH300N/DR all versions LOGITEC LAN-W300N/P all versions LOGITEC LAN-WH450N/GP all versions LOGITEC LAN-WH300AN/DGP all versions LOGITEC LAN-WH300N/DGP all versions LOGITEC LAN-WH300ANDGPE all...

9.8CVSS7.6AI score0.00604EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2023/08/09 12:0 a.m.•23 views

PT-2023-26311 · Softing · Softing Edgeaggregator

Name of the Vulnerable Software and Affected Versions: Softing edgeAggregator affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this issue. The specif...

7.2CVSS7.2AI score0.68611EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2023/05/09 12:0 a.m.•23 views

PT-2025-8523 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists around the sysctl igmp llm reports variable in the Linux kernel. This occurs because the variable can be changed concurrently while being read, potentially...

8.8CVSS7.2AI score0.13036EPSS
Exploits13References501
Positive Technologies
Positive Technologies
•added 2023/04/19 12:0 a.m.•23 views

PT-2023-17326 · Avira · Avira Endpoint Security

Name of the Vulnerable Software and Affected Versions: Avira Endpointprotection.exe versions prior to 1.0.2303.633 Description: A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap...

7.8CVSS5.3AI score0.00299EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2023/04/13 12:0 a.m.•23 views

PT-2023-14581 · Apache · Apache Sling Engine

Name of the Vulnerable Software and Affected Versions: Apache Sling Engine versions prior to 2.14.0 Description: The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API, resulting in include-based cross-site scripting issues on the Apache Sling level. An attacker who can...

9CVSS8.8AI score0.01121EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2023/03/23 12:0 a.m.•23 views

PT-2023-3345 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.2 Description: A use-after-free issue was found in the renesas usb3 remove function in the drivers/usb/gadget/udc/renesas usb3.c module of the Linux kernel's USB device driver. This issue is related to a rac...

10CVSS6.6AI score0.71737EPSS
Exploits73References1690
Total number of security vulnerabilities5000