Lucene search
K
PtsecurityMost viewed

184484 matches found

Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.23 views

PT-2024-1613 · Zhicms · Zhicms

Name of the Vulnerable Software and Affected Versions: ZhiCms versions up to 4.0 Description: A critical vulnerability has been found in ZhiCms, affecting an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the mylike argument leads to deserialization. It is...

10CVSS7.5AI score0.00857EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/12/04 12:0 a.m.23 views

PT-2023-18475 · Qualcomm · Qualcomm Chipsets

Name of the Vulnerable Software and Affected Versions: Qualcomm Chipsets affected versions not specified Description: The issue is related to memory corruption in the camera while installing a file descriptor for a particular DMA buffer. This can potentially lead to code execution. Recommendation...

7.8CVSS7.9AI score0.0014EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.23 views

PT-2023-15305 · Unknown · Wpdevart Booking Calendar

Name of the Vulnerable Software and Affected Versions: WpDevArt Booking calendar, Appointment Booking System versions 3.2.7 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQ...

9.8CVSS9.7AI score0.00675EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.23 views

PT-2023-27993 · WordPress · Woocommerce Pdf Invoice Builder

Name of the Vulnerable Software and Affected Versions: WooCommerce PDF Invoice Builder plugin for WordPress versions up to, and including, 1.2.90 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This...

4.8CVSS5.4AI score0.00412EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/18 12:0 a.m.23 views

PT-2023-25407 · Logitech · Logitec Lan-Wh300An/Dgp +3

Name of the Vulnerable Software and Affected Versions: LOGITEC LAN-W300N/DR all versions LOGITEC LAN-WH300N/DR all versions LOGITEC LAN-W300N/P all versions LOGITEC LAN-WH450N/GP all versions LOGITEC LAN-WH300AN/DGP all versions LOGITEC LAN-WH300N/DGP all versions LOGITEC LAN-WH300ANDGPE all...

9.8CVSS7.6AI score0.00604EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/08/15 12:0 a.m.23 views

PT-2023-4485 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome on Android versions prior to 116.0.5845.96 Description: The issue is related to an inappropriate implementation in the WebShare component of Google Chrome for Android, which can allow a remote attacker to spoof the contents of a...

9.8CVSS6.4AI score0.99735EPSS
Exploits131References1163
Positive Technologies
Positive Technologies
added 2023/08/09 12:0 a.m.23 views

PT-2023-26311 · Softing · Softing Edgeaggregator

Name of the Vulnerable Software and Affected Versions: Softing edgeAggregator affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this issue. The specif...

7.2CVSS7.2AI score0.68611EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.23 views

PT-2025-8523 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists around the sysctl igmp llm reports variable in the Linux kernel. This occurs because the variable can be changed concurrently while being read, potentially...

8.8CVSS7.2AI score0.13036EPSS
Exploits13References501
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.23 views

PT-2023-17326 · Avira · Avira Endpoint Security

Name of the Vulnerable Software and Affected Versions: Avira Endpointprotection.exe versions prior to 1.0.2303.633 Description: A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap...

7.8CVSS5.3AI score0.00299EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/02/23 12:0 a.m.23 views

PT-2023-20329 · Apache · Apache Httpd

Name of the Vulnerable Software and Affected Versions: Mod gnutls versions 0.9.0 through 0.12.0 Description: Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. It did not properly fail blocking read operations on TLS connections when the transport hit timeouts, entering an endless loop...

7.5CVSS7.2AI score0.01091EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/02/16 12:0 a.m.23 views

PT-2023-13012 · Intel · Intel Processors

Name of the Vulnerable Software and Affected Versions: IntelR Processors affected versions not specified Description: The issue is related to a use after free in the BIOS firmware for some IntelR Processors, which may allow a privileged user to potentially enable escalation of privilege via local...

7.5CVSS6.8AI score0.00211EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/27 12:0 a.m.23 views

PT-2023-12375 · Unknown · Openmage Lts

Name of the Vulnerable Software and Affected Versions: OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 Description: The issue allows a layout block to bypass the block blacklist, enabling the execution of remote code. This is a significant problem for an e-commerce...

8.8CVSS8.8AI score0.01166EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/12/05 12:0 a.m.23 views

PT-2022-25618 · Lewei Cam · Lewei Cam

Name of the Vulnerable Software and Affected Versions: lewei cam binary version 2.0.10 Description: A buffer overflow issue in the firmware of the lewei cam binary allows an attacker to gain remote code execution as a root user. This can be achieved by sending a specially crafted UDP packet...

9.8CVSS9.9AI score0.01753EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/11/24 12:0 a.m.23 views

PT-2022-7688 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the mlx5 eswitch add termtbl rule function in the Linux kernel, which is associated with the reuse of previously freed memory. This can potentially allow an...

9.1CVSS6.5AI score0.03702EPSS
Exploits13References1853
Positive Technologies
Positive Technologies
added 2022/11/22 12:0 a.m.23 views

PT-2022-25595 · Parallels · Parallels Remote Application Server

Name of the Vulnerable Software and Affected Versions: Parallels Remote Application Server version 18.0 Description: The issue allows attackers to execute arbitrary commands via a crafted payload injected into the Host header, which is a result of a Host Header Injection attack. This enables...

8.1CVSS8.6AI score0.01048EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.23 views

PT-2022-27270 · WordPress · 4Ecps Web Forms

Name of the Vulnerable Software and Affected Versions: 4ECPS Web Forms plugin versions 0.2.17 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. It affects the 4ECPS Web Forms plugin on WordPress...

4.8CVSS4.8AI score0.00412EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/29 12:0 a.m.23 views

PT-2022-5202 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to the use of memory after it has been freed in the unix sock destructor and unix release sock functions of the BPF subsystem in Linux operating systems. This can ...

9.8CVSS7.4AI score0.67994EPSS
Exploits202References932
Positive Technologies
Positive Technologies
added 2022/09/07 12:0 a.m.23 views

PT-2022-23489 · Tenda · Tenda G3

Name of the Vulnerable Software and Affected Versions: Tenda G3 version US G3V3.0br V15.11.0.67663 EN TDE Description: The issue is caused by a buffer overflow in the addDhcpRule function due to sscanf in the httpd binary. Recommendations: For Tenda G3 version US G3V3.0br V15.11.0.67663 EN TDE, a...

9.8CVSS9.5AI score0.00814EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/12/15 12:0 a.m.23 views

PT-2021-1521 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to the version that includes the fix for the double free bug in packet set ring Description: A double free bug in the packet set ring function in net/packet/af packet.c can be exploited by a local user through...

9.8CVSS6.8AI score0.89063EPSS
Exploits330References1278
Positive Technologies
Positive Technologies
added 2021/11/10 12:0 a.m.23 views

PT-2021-1522 · Arm +8 · Arm Cortex +9

Name of the Vulnerable Software and Affected Versions: Arm Cortex and Neoverse processors versions prior to 2022-03-08 Description: The issue is related to a hardware flaw that allows for cache speculation, also known as Spectre-BHB. An attacker can leverage the shared branch history in the Branc...

9.1CVSS7AI score0.89063EPSS
Exploits195References856
Positive Technologies
Positive Technologies
added 2021/11/09 12:0 a.m.23 views

PT-2021-6242 · Mentor Graphics +1 · Nucleus Net +11

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions all SIMOTICS CONNECT 400 versions prior to V0.5.0.0 APOGEE MBC versions all APOGEE MEC versions all APOGE...

9.4CVSS6.7AI score0.02106EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2021/05/19 12:0 a.m.23 views

PT-2021-6126 · Gcc +6 · Gcc +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.16.10 Description: The issue is related to a buffer overflow in the Linux kernel, which can be exploited by a remote attacker to execute arbitrary code. Certain binary files built around 2003, for example with...

9.8CVSS8.1AI score0.67994EPSS
Exploits200References1116
Positive Technologies
Positive Technologies
added 2021/02/09 12:0 a.m.23 views

PT-2021-2035 · Microsoft · Office Web Apps Server +4

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Microsoft Office affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Microsoft Office Web Apps Server affected versions not specified Microsoft Offi...

7.8CVSS7.6AI score0.02321EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2021/02/01 12:0 a.m.23 views

PT-2021-2217 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.13 Description: A local privilege escalation issue is present in the Linux kernel due to multiple race conditions in the AF VSOCK implementation. These conditions are caused by incorrect locking in the...

10CVSS6.4AI score0.98745EPSS
Exploits292References349
Positive Technologies
Positive Technologies
added 2020/12/15 12:0 a.m.23 views

PT-2020-6135 · Thoughtworks +3 · Xstream +3

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.15 Description: The issue allows a remote attacker to delete arbitrary files on the host as long as the executing process has sufficient rights, by manipulating the processed input stream. This can be done when...

9.9CVSS6.6AI score0.98124EPSS
Exploits32References162
Positive Technologies
Positive Technologies
added 2020/10/15 12:0 a.m.23 views

PT-2021-3378 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.9-rc1 Description: The issue is related to an out-of-bounds memory write flaw in the Linux kernel's joystick devices subsystem. This flaw occurs when a user calls the ioctl JSIOCSBTNMAP function. It allows a...

9.8CVSS7.6AI score0.78684EPSS
Exploits202References1491
Positive Technologies
Positive Technologies
added 2020/10/06 12:0 a.m.23 views

PT-2020-6177 · Linux +8 · Linux +8

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. This issue allows a local user to increase their privileges to that of a running kernel on a...

9.8CVSS7.5AI score0.78684EPSS
Exploits172References2248
Positive Technologies
Positive Technologies
added 2020/06/26 12:0 a.m.23 views

PT-2020-14372 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue is related to the use of GET request method with sensitive query strings for /cnr requests. This could potentially expose sensitive information. Recommendations: F...

5.3CVSS5.1AI score0.00759EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2020/05/14 12:0 a.m.23 views

PT-2020-5392 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.13 Description: The issue is related to the VFIO PCI driver in the Linux kernel, which mishandles attempts to access disabled memory space. This can be exploited to cause a denial of service. Recommendations:...

10CVSS7.3AI score0.98745EPSS
Exploits176References2184
Positive Technologies
Positive Technologies
added 2019/11/25 12:0 a.m.23 views

PT-2019-4661 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.4.2 Description: The issue is related to the io uring feature in the Linux kernel, which can lead to requests being executed with UID 0 and full capabilities, even when initiated by an unprivileged user. This...

10CVSS6.1AI score0.16908EPSS
Exploits115References860
Positive Technologies
Positive Technologies
added 2019/11/19 12:0 a.m.23 views

PT-2019-4253 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.3.12 Description: The issue in the Linux kernel's btrfs free extent function allows local users to obtain potentially sensitive information about register values via the dmesg program in a certain ENOENT case...

10CVSS5.8AI score0.16908EPSS
Exploits122References871
Positive Technologies
Positive Technologies
added 2019/08/19 12:0 a.m.23 views

PT-2019-17791 · Rapid7 · Insightappsec

Name of the Vulnerable Software and Affected Versions: Rapid7 InsightAppSec versions 2019.06.24 and prior Description: The issue is related to a DLL injection vulnerability in the 'prunsrv.exe' component. A local user who is already authenticated to the operating system can exploit this to elevat...

9.3CVSS7.4AI score0.0106EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/08/14 12:0 a.m.23 views

PT-2020-6552 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions after 4.5-rc1 Description: A flaw was found in the Linux Kernel in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system...

10CVSS7.4AI score0.98745EPSS
Exploits179References2464
Positive Technologies
Positive Technologies
added 1997/01/01 12:0 a.m.23 views

PT-1997-1103 · Apache · Apache Httpd

Name of the Vulnerable Software and Affected Versions: Apache httpd affected versions not specified Description: The issue allows attackers to read CGI programs due to a problem with the ScriptAlias directory in NCSA and Apache httpd. Recommendations: At the moment, there is no information about ...

7.5CVSS7.5AI score0.25788EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.22 views

PT-2026-55504

Name of the Vulnerable Software and Affected Versions Apache Lucene.Net.Replicator versions 4.8.0-beta00005 through 4.8.0-beta00017 Description A path traversal issue exists in the Lucene.Net.Replicator library due to improper input validation and sanitization of filesystem paths. This allows...

8.9CVSS5.9AI score0.00616EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.22 views

PT-2026-55575

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.22 views

PT-2026-55445

Name of the Vulnerable Software and Affected Versions coder versions prior to 2.29.7 coder versions prior to 2.30.2 Description A command injection issue exists in the dotfiles registry module where unsanitized user input is passed to shell commands. An attacker can provide a crafted dotfiles uri...

8.8CVSS6.3AI score0.02642EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.22 views

PT-2026-54518

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege...

8.6CVSS7.1AI score0.01129EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.22 views

PT-2026-54843

Name of the Vulnerable Software and Affected Versions Apache HttpComponents Core versions prior to 5.4.3 Apache HttpComponents Core versions prior to 5.5-beta2 Description An issue exists in the HTTP/2 HPACK decoder where resources are allocated without limits or throttling. A remote attacker can...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.22 views

PT-2026-53487

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using pandas.read...

9.8CVSS6.5AI score0.006EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.22 views

PT-2026-53410

ID: NFLX-2024-002 Impact Authenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether full RCE is possible but it is unlikely. However, a specific flag allows authenticated users to read any...

9.6CVSS5.8AI score0.00928EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.22 views

PT-2026-53538

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT overwrite some content without needing write permission...

9.8CVSS5.8AI score0.02258EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.22 views

PT-2026-53325

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.22 views

PT-2026-52853

Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.2 Description An issue exists where the app name validation regex permits shell metacharacters. An authenticated user can exploit this by pushing to a git remote using a crafted app name. This name is embedded...

9CVSS6.2AI score0.00234EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.22 views

PT-2026-53018

Summary LinkifyIt.prototype.match — the package's primary public API — has ON² algorithmic complexity for inputs containing many fuzzy links or emails. This is not a regex backtrack bug; it's a structural issue in the JS-level scan loop that re-slices the input and re-runs unanchored regex search...

8.7CVSS5.8AI score0.02152EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.22 views

PT-2026-52667

Name of the Vulnerable Software and Affected Versions WSO2 API Manager affected versions not specified Description The message flow component fails to sufficiently validate or restrict user-controlled input within WS-Addressing headers. This allows an unauthenticated attacker to manipulate these...

10CVSS5.9AI score0.00222EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.22 views

PT-2026-52864

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

7.5CVSS5.9AI score0.00399EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.22 views

PT-2026-52625

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software is subject to Session Fixation because the session regenerate id function is not called after a successful login. In th...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.22 views

PT-2026-52613

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description Missing validation of the chatflowId and chatId parameters in file handling operations allows unauthenticated attackers to perform arbitrary file access. By using path-traversal values, an attacker c...

9.8CVSS6.1AI score0.00895EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.22 views

PT-2026-52653

Summary When verifying an uploaded certificate, lemur/certificates/verify.py extracts the CRL Distribution Point URL and the OCSP responder URL directly from the certificate's extensions and issues outbound requests to those URLs without scheme restriction or destination allow-listing. An...

6.3CVSS6AI score
Exploits0References4
Total number of security vulnerabilities5000