Lucene search
K
PtsecurityMost viewed

184496 matches found

Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•22 views

PT-2026-45801

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

5.3CVSS5.9AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•22 views

PT-2026-46638

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds read exists in ANGLE, which allows a remote attacker to perform an out of bounds memory read by using a crafted HTML page. Recommendations Update to version 149.0.7827....

9.6CVSS5.8AI score0.00985EPSS
Exploits0References434
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•22 views

PT-2026-45753

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•22 views

PT-2026-46816

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Side-channel information leakage in Paint allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Side-channel leakage occurs when information is...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References439
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•22 views

PT-2026-45726

Name of the Vulnerable Software and Affected Versions Tiled Gallery Carousel Without JetPack versions prior to 3.2 Description The plugin is subject to stored cross-site scripting due to insufficient input sanitization and output escaping. Authenticated attackers with contributor level access or...

5.4CVSS5.8AI score0.00134EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•22 views

PT-2026-45854

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2026.2.3 Description The WS-Federation provider in this open-source identity provider validates the user-supplied wreply parameter using a raw string prefix check instead of proper URL parsing. An attacker can craft...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•22 views

PT-2026-46738

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in DevTools allows an attacker to leak cross-origin data. This occurs when a user is convinced to install a crafted malicious Chrome Extension...

9.6CVSS5.8AI score0.00985EPSS
Exploits0References434
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•22 views

PT-2026-45884

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45427

A vulnerability was identified in itsourcecode Content Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit topic.php. Such manipulation of the argument topic id leads to sql injection. The attack may be launched remotely. The exploit is publicly...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45276

Name of the Vulnerable Software and Affected Versions Assimp versions prior to 6.0.5 Description A use after free issue exists in the ASE File Parser component within the aiNode::aiNode function of the scene.cpp file. This flaw allows a local attacker to execute a manipulation that leads to the u...

5.3CVSS5.9AI score0.00115EPSS
Exploits0References26
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45585

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6AI score0.00094EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45525

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 32.0.0 through 32.0.8 Nextcloud Server versions 33.0.0 through 33.0.2 Nextcloud Enterprise Server versions prior to 33.0.3 Nextcloud Enterprise Server versions prior to 32.0.9 Nextcloud Enterprise Server versions prio...

8.1CVSS5.8AI score0.00284EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45251

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely...

7.5CVSS6.7AI score0.01336EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45445

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal one fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45573

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00068EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45570

In bta jv rfcomm connect of bta jv act.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00083EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45258

In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480851; Issue ID: MSV-6338...

5.9AI score0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45511

Name of the Vulnerable Software and Affected Versions OpenAirInterface5G version 2.4.0 Description An issue exists in the E2SM-KPM RAN Function's PRB utilization metric calculation within the nr-softmodem component. The functions fill RRU PrbTotDl and fill RRU PrbTotUl compute PRB usage percentag...

8.6CVSS5.5AI score0.00393EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45465

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from n/a through 4.14.5...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45643

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

8.2CVSS5.8AI score0.00071EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45578

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A heap buffer overflow exists in multiple functions within sdp discovery.cc. This flaw allows for remote code execution in proximal or adjacent network environments without requiring addition...

8CVSS6.5AI score0.00114EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45661

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper model load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public an...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45502

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

7.5CVSS5.5AI score0.0041EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45640

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage course.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS5.7AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45542

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description An issue exists that allows for identity spoofing, where an attacker can impersonate another user or system identity. Recommendations At the...

9.1CVSS5.8AI score0.0033EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45560

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...

5.3CVSS5.8AI score0.00287EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/01 12:0 a.m.•22 views

PT-2026-45584

In getPreferredSize of LauncherProcessImageListener.kt, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00071EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•22 views

PT-2026-44850

Name of the Vulnerable Software and Affected Versions Indian Motorcycle Scout Bobber + Tech 2025 model year Description An expected behavior violation in the in-vehicle network allows an adjacent-network attacker to bypass the anti-theft shutdown. By using a CAN error-frame injection technique...

4.6CVSS5.8AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•22 views

PT-2026-44826

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.24.1 Description A Server-Side Template Injection SSTI exists in the prompt generator located in rag/prompts/generator.py. This issue allows authenticated users to execute arbitrary operating system commands on the...

9.9CVSS6.2AI score0.00294EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•22 views

PT-2026-45034

Description The Twilio SMS notifier bridge ships a webhook request parser used to authenticate and decode the status callbacks Twilio POSTs to an application's webhook endpoint. Its doParseRequest $request, SensitiveParameter string $secret method receives the configured webhook secret but never...

8.2CVSS5.8AI score0.00026EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•22 views

PT-2026-44860

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•22 views

PT-2026-45022

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description NodeVM allows the exclusion of public network builtins from the wildcard builtin option, which blocks direct access to modules such as 'http', 'https', 'http2', 'net', 'dgram', 'tls', 'dns', and...

8.6CVSS5.3AI score0.00282EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•22 views

PT-2026-44964

Name of the Vulnerable Software and Affected Versions JetBrains PyCharm versions prior to 2025.3.4 Description Stored Cross-Site Scripting XSS is possible within Jupyter notebook Markdown cells. Cross-Site Scripting is a type of security flaw where malicious scripts are injected into trusted...

6.1CVSS5.8AI score0.00181EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•22 views

PT-2026-44989

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description The planar bitmap decoder contains an out-of-bounds heap write when decoding RLE planar data. In the libfreerdp/codec/planar.c file, the freerdp bitmap decompress planar function validates the X...

9.8CVSS5.9AI score0.0049EPSS
Exploits1References49
Positive Technologies
Positive Technologies
•added 2026/05/29 12:0 a.m.•22 views

PT-2026-45043

Summary Commit d37ca6b27b9674238e58491cf7ba292e66898f15 "Delete item not check admin rights 2024", 2026-04-12 added a missing isAdministratorInventory gate to case 'item delete': in modules/inventory.php. The same fix was not applied to the sibling case 'field delete': handler, which destroys an...

6.5CVSS5.8AI score0.00029EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•22 views

PT-2026-44216

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...

5.3CVSS5.9AI score0.00561EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•22 views

PT-2026-44225

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

8.5CVSS5.8AI score0.00526EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•22 views

PT-2026-44172

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $ SERVER'PHP SELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$ SERVER'PHP SELF' in the login...

7.2CVSS6AI score0.00346EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•22 views

PT-2026-44252

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the btrfs module within the create space info function error path. When kobject init and add fails, the system executes a call chain that leads to space inf...

9.8CVSS5.9AI score0.00574EPSS
Exploits1References291
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•22 views

PT-2026-44256

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An out-of-bounds read exists in the RDMA Soft RoCE rxe driver. A single unauthenticated UDP packet containing an unknown opcode can trigger a kernel panic. The issue occurs because the driv...

7.5CVSS6.1AI score0.00574EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•22 views

PT-2026-44287

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the Linux kernel within the create space info sub group function. When kobject init and add fails, the execution flow triggers kobject put&sub group-kobj,...

9.1CVSS5.9AI score0.00514EPSS
Exploits9References292
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•22 views

PT-2026-44271

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the microchip-core-qspi driver where the built-in chip select is automatically operated by hardware. When multiple devices are attached to the QSPI controller, the...

9.8CVSS5.9AI score0.03663EPSS
Exploits11References288
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•22 views

PT-2026-44269

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ALSA usb-audio component within the convert chmap v3 function. The function contains a loop that uses the cs desc-wLength variable to determine the increment size...

9.8CVSS6AI score0.03663EPSS
Exploits11References293
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•22 views

PT-2026-44174

This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation...

7.3CVSS7.1AI score0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•22 views

PT-2026-44333

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the iris media driver. A race condition occurs because the inst-lock protects individual instance internals while the core-lock protects the active instance...

9.8CVSS5.8AI score0.005EPSS
Exploits1References285
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•22 views

PT-2026-44286

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the b43legacy rx function within the b43legacy WiFi driver. The firmware-controlled key index can exceed the dev-max nr keys limit. Because the existing...

9.8CVSS6AI score0.03663EPSS
Exploits17References284
Positive Technologies
Positive Technologies
•added 2026/05/28 12:0 a.m.•22 views

PT-2026-44276

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A memory leak occurs in the 8021q module when vlan dev set egress priority is used. The system keeps cleared egress priority...

9.8CVSS5.9AI score0.00525EPSS
Exploits0References349
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•22 views

PT-2026-44010

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation...

5.8AI score0.0027EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•22 views

PT-2026-47215

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 6.4 Symfony versions prior to 7.4 Symfony versions prior to 8.0 Symfony versions prior to 8.1 Description The UrlSanitizer::parse function fails to properly reject certain characters, allowing for visual spoofing of...

5.3AI score0.00025EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•22 views

PT-2026-43554

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files mb24confi getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References2
Total number of security vulnerabilities5000