Lucene search
K
PtsecurityMost viewed

184491 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50597

Name of the Vulnerable Software and Affected Versions Filament versions 3.0.0 through 3.3.52 Description A disabled RichEditor field renders its raw state without sanitizing HTML. If the data stored in the field's state was not previously sanitized when the form state was filled, an attacker can...

7.6CVSS5.8AI score0.00168EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50430

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw exists in the aclp normalize acltxt function within aclparse.c. A malformed Access Control Instruction ACI string can trigger heap-buffer-overflow writes and reads during...

5.4CVSS5.8AI score0.00226EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50296

Unauthenticated Broken Access Control in MetForm Pro = 3.9.1 versions...

9.1CVSS5.2AI score0.00437EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50439

Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.31.0 through 1.31.1 NGINX Ingress Controller affected versions not specified NGINX Gateway Fabric affected versions not specified NGINX Instance Manager affected versions not specified Description A use-after-free...

9.2CVSS6.7AI score0.03225EPSS
Exploits3References85
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50607

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description Drupal core contains a gadget chain, which is a sequence of existing code fragments that can be leveraged during the deserialization of untrusted data. While this issue is not directly...

6.6AI score0.00161EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50612

Name of the Vulnerable Software and Affected Versions Drupal Plotly.js Graphing versions 0.0.0 through 3.0.2 Description Improperly controlled modification of dynamically-determined object attributes allows object injection. The module stores certain data as PHP-serialized strings, and if malicio...

6.1AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50606

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description An attacker with appropriate JSON:API write permissions could potentially inject a malicious payload in certain rare circumstances, leading to PHP Object Injection. PHP Object Injection...

6AI score0.00161EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50325

Unauthenticated Cross Site Scripting XSS in Kapee 1.7.1 versions...

7.1CVSS5.2AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50472

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.23.1rc0 Description Integer truncation of tensor dimensions in GGUF dequantize kernels within csrc/quantization/gguf/gguf kernel.cu leads to partial tensor processing. The output tensor is allocated at full size...

7.5CVSS5.8AI score0.00281EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50212

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use-after-free issue exists in the Media component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A remote...

9.6CVSS6.2AI score0.00601EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49759

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where workspace .env files can influence the Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can manipulate...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-50006

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions V15 through V16 Description An issue exists in the Core component of the Oracle Enterprise Command Center Framework. A low privileged attacker with network access via HTTP can compromise the...

9.6CVSS5.9AI score0.00344EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49662

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description A use-after-free issue exists in the Graphics: WebGPU component. Use-after-free is a memory corruption flaw that occurs when an application continues to use a pointer...

9.8CVSS5.7AI score0.00476EPSS
Exploits0References45
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49812

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description A memory corruption issue in the Modem component can be triggered during a SIP REFER request. This flaw allows for remote code execution without requiring additional execution privileg...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-50159

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.0 Description An authorized user can manipulate the value passed to the git diff command to bypass the target directory and write the result of a comparison to an arbitrary path. This path traversal issue occurs...

8.5CVSS6AI score0.0035EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-50062

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Universal Work Queue versions 12.2.3 through 12.2.15 Description An issue exists in the Work Provider Site Level Administration component of the Oracle Universal Work Queue. A low privileged attacker with network...

9.9CVSS5.9AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49799

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer overflow in the decodePacket function of RtpPacket can lead to an out-of-bounds read. This issue may result in remote information disclosure without...

4.3CVSS6.1AI score0.00178EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-53031

Summary The Docker API server let a request control where LLM calls were sent and which environment variable an LLM token resolved from. Both could be abused to exfiltrate server-held secrets. The Docker API is unauthenticated by default. Vector 1 - attacker base url /md, /llm, and /llm/job...

8.2CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49895

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. A low privileged...

8.8CVSS5.9AI score0.00402EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49622

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr ttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49876

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Centralized Third Party Jars. The supported version that is affected is 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence...

9.3CVSS5.2AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49818

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description An integer overflow in the numberOfReportBlocks of RtpSession.cpp can lead to an out-of-bounds write. This issue allows for remote escalation of privilege without requiring user...

8.8CVSS5.7AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49784

Name of the Vulnerable Software and Affected Versions vpu ioctl.c affected versions not specified Description A race condition in multiple functions of vpu ioctl.c can lead to a use after free, which is a scenario where a program continues to use a pointer after it has been freed. This issue may...

7CVSS5.9AI score0.00067EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49798

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00277EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49846

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. A high privileged...

9.1CVSS5.8AI score0.00486EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49981

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system,...

7.5CVSS5.8AI score0.00114EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49787

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer overflow in the decodeRtcpFbPacket function of RtcpFbPacket can lead to an out-of-bounds read. This issue may result in remote information disclosure...

6.5CVSS6.1AI score0.00182EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-50137

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An authorization bypass exists in three API endpoints that allow users to read specific files from a private repository's default branch even if they lack the required Code unit permissions. Th...

4.3CVSS5.9AI score0.00283EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49898

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content. A low privileged attacker with network access via HTTPS can...

7.6CVSS5.9AI score0.0027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49939

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebCenter Content...

8.2CVSS5.2AI score0.00317EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49296

Name of the Vulnerable Software and Affected Versions Tenda 5G03 version V05.03.02.04 Version 1.0 Description Command injection is possible in the action ims on with apn function through the ims apn parameter. Recommendations At the moment, there is no information about a newer version that...

9.8CVSS5.8AI score0.01345EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49179

Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U affected versions not specified Description A stack-based buffer overflow exists in the Web FastCGI Service. The issue occurs within the StartReportInformation function located in the '/api/inner/beforewifitest' endpoint. An...

8.6CVSS7.9AI score0.00371EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49315

Name of the Vulnerable Software and Affected Versions kanishka-linux Reminiscence version 0.3.0 Description An OS command injection allows attackers to execute arbitrary commands by supplying crafted input to the '/manage/features/media' endpoint. OS command injection is a flaw where an applicati...

8.1CVSS6.2AI score0.01119EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49308

Discuz! X5.0 releases 20260320 through 20260501 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical...

6.9CVSS5.3AI score0.00359EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49225

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate quote invoice an...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49569

Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.30 Description The parse options header function parsed Content-Disposition and Content-Type headers using email.message.Message, which applies RFC 2231/5987 decoding. This allows extended parameter synta...

5.3CVSS5.8AI score0.00177EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49305

Name of the Vulnerable Software and Affected Versions Spring AI versions prior to 1.0.9 Spring AI versions prior to 1.1.8 Description Special characters can be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. This issue affects the...

8.6CVSS6.1AI score0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49261

Name of the Vulnerable Software and Affected Versions Valhalla versions prior to 3.6.4 Description Reflected cross-site scripting XSS occurs due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, the value is reflected directly into the...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49597

Name of the Vulnerable Software and Affected Versions Starlette affected versions not specified FastAPI affected versions not specified Description A Denial of Service DoS issue exists in the request.form function when processing application/x-www-form-urlencoded requests. While limits for max...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49595

Name of the Vulnerable Software and Affected Versions @nestjs/platform-fastify versions prior to 11.1.24 Description An authentication bypass exists in the Fastify adapter when middleware is registered through the MiddlewareConsumer.forRoutes API. An unauthenticated client can bypass registered...

8.7CVSS5.4AI score0.00285EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.22 views

PT-2026-49110

Name of the Vulnerable Software and Affected Versions GL.iNet GL-MT3000 versions prior to 4.7 Description An issue in the Online Firmware Upgrade Handler component allows for remote command injection via the /usr/bin/one click upgrade file. Command injection is a flaw that allows an attacker to...

9CVSS8.4AI score0.0194EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.22 views

PT-2026-49138

Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U version 108.86.0.118 Description A stack-based buffer overflow exists in the Web FastCGI Service component within the mod webd.BlueToothTest function of the /api/inner/bttest endpoint. This issue occurs when manipulating the...

8.6CVSS8.1AI score0.00371EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-48956

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-48961

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.8.0 through 9.9.1-alpha.4 Description Applications that enable Multi-Factor Authentication MFA and restrict the get permission on the User class via Class-Level Permissions CLP may expose sensitive user data. The issue...

5.9CVSS5.3AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-48950

Name of the Vulnerable Software and Affected Versions form-data versions prior to 2.5.6 form-data versions prior to 3.0.5 form-data versions prior to 4.0.6 Description The field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header withou...

8.7CVSS5.2AI score0.00409EPSS
Exploits0References32
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-49062

Name of the Vulnerable Software and Affected Versions Radius versions 0.57.1 and earlier Description A configuration-validation issue in the Radius Kubernetes controller allows for a Confused Deputy attack. The controller deserializes JSON data from the radapp.io/status annotation on Kubernetes...

7.7CVSS5.9AI score0.00051EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-49001

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions prior to 2.0.13 Description The dashboard's NoRoute handler contains a flaw in the fallbackToFrontend function. The system uses strings.HasPrefix to identify admin-frontend asset requests by checking if a URL starts...

9.1CVSS5.2AI score0.00451EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-48879

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0 and 16.16.0...

6.9CVSS5.2AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-48963

Name of the Vulnerable Software and Affected Versions Actual Budget sync-server versions prior to 26.5.0 Description The POST /openid/config endpoint exposes the complete OpenID Connect configuration, which includes the OAuth2 client secret. This information is accessible to any user who possesse...

9.1CVSS5.2AI score0.004EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-48863

Name of the Vulnerable Software and Affected Versions MobaXterm Personal Edition Portable version 26.3 Build 5154 Description The application allows arbitrary code execution by loading malicious DLLs from a predictable temporary directory that can be modified by the user. During startup, the...

8.5CVSS5.9AI score0.00108EPSS
Exploits0References4
Total number of security vulnerabilities5000