Lucene search
K
PtsecurityMost viewed

184508 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.22 views

PT-2026-43915

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A reference count leak occurs in the ALSA caiaq component of the Linux kernel during probe failure. The create card function increases the reference count of the USB device using usb get de...

9.8CVSS5.9AI score0.00501EPSS
Exploits7References458
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43249

A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43433

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21.1 Description A Server-Side Request Forgery SSRF allows an attacker to force the server to send HTTP requests to internal services through the security advisories package lookup feature. By...

7CVSS5.2AI score0.00386EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43204

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43277

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description IBM Db2 for Linux, UNIX, and Windows, including DB2 Connect Server, stores potentially sensitive information in log files. This data could be accessed an...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43238

Name of the Vulnerable Software and Affected Versions Security Gateway affected versions not specified Description An input-handling issue exists in the UserChoice flow of the UserCheck Web Portal when DLP is active. An attacker with access to the UserCheck Ask page can manipulate stored...

5.6CVSS5.9AI score0.04356EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43326

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has...

7.5CVSS6.6AI score0.00288EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43415

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-45147

Name of the Vulnerable Software and Affected Versions MariaDB server versions 11.4.1 through 11.4.10 MariaDB server versions 11.8.1 through 11.8.6 MariaDB server version 12.3.1 Description A user granted EXECUTE access to a stored routine through a role can view the routine definition, even if th...

8CVSS5.2AI score0.00967EPSS
Exploits0References39
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43437

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the vfs worm module, which is designed to provide write-once, read-many WORM protections by preventing file modifications after a specific grace period. Due to insufficient...

7.5CVSS5.8AI score0.02669EPSS
Exploits0References85
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43188

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.4AI score0.01803EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-43453

Name of the Vulnerable Software and Affected Versions Kata Containers version 3.28.0 Description Kata Containers allows pod creators to inject arbitrary command-line arguments into the virtiofsd process via the io.katacontainers.config.hypervisor.virtio fs extra args pod annotation. Because the...

6.5CVSS6AI score0.00057EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.22 views

PT-2026-43090

A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation of the attack is...

10CVSS7AI score0.01909EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.22 views

PT-2026-43089

A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirm logged in of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...

7.5CVSS6.8AI score0.00319EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.22 views

PT-2026-43031

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit customer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed ...

5.8CVSS5.7AI score0.00258EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.22 views

PT-2026-42980

A flaw has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This affects an unknown part of the file /user of the component User Management Handler. This manipulation of the argument role causes improper authorization. It is possible to initiate the attack...

5.3CVSS5.4AI score0.00198EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.22 views

PT-2026-43066

Name of the Vulnerable Software and Affected Versions hackney versions 0.9.0 through 4.0.0 Description Improper Neutralization of CRLF Sequences, also known as CRLF Injection, allows HTTP Response Splitting. The setcookie/3 function in src/hackney cookie.erl validates Name and Value arguments...

5.3CVSS6AI score0.00374EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.22 views

PT-2026-42992

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

8.5CVSS6.3AI score0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.22 views

PT-2026-42906

A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check all command guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is public...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.22 views

PT-2026-42937

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.22 views

PT-2026-42849

Name of the Vulnerable Software and Affected Versions Microsoft Entra ID affected versions not specified Description An origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about ...

10CVSS5.8AI score0.00301EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.22 views

PT-2026-42821

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.15.3 Description An incomplete fix in the bot-engine runtime allows authenticated users to use credentials from any workspace via the preview chat endpoint. The getCredentials utility function employs a falsy check...

7.1CVSS5.8AI score0.00271EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.22 views

PT-2026-42766

Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.4 Description The quote function fails to validate object-token inputs against the operator model used by parse. Specifically, the .op field is escaped using a regular expression that does not match line...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References58
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.22 views

PT-2026-42491

Name of the Vulnerable Software and Affected Versions VillaTheme HAPPY versions prior to 1.0.11 Description A missing authorization issue in VillaTheme HAPPY allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to version 1.0.11 or later...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.22 views

PT-2026-42662

Name of the Vulnerable Software and Affected Versions LMDeploy versions 0.12.3 and earlier Description LMDeploy is a toolkit for compressing, deploying, and serving large language models. The software hardcodes trust remote code=True in multiple HuggingFace model-loading call sites, specifically...

7.8CVSS6.2AI score0.00142EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.22 views

PT-2026-42076

Name of the Vulnerable Software and Affected Versions Games Catalog versions prior to 1.2.1 Description The Games Catalog plugin for WordPress is susceptible to Cross-Site Request Forgery, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs because...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.22 views

PT-2026-42259

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.105.0 Frappe versions prior to 16.15.0 Description Frappe is a full-stack web application framework. A path traversal issue allows unauthenticated arbitrary file read on internet-facing surfaces, such as ERPNext. Ov...

8.7CVSS5.9AI score0.01279EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.22 views

PT-2026-42148

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description The BaseHandler.set trap in bridge.js ignores the receiver parameter and unconditionally writes to the host target object. According to the Proxy set trap specification, when the receiver is not the pro...

8.6CVSS5.2AI score0.00287EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.22 views

PT-2026-41984

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for clean start=0...

5.9CVSS5.7AI score0.00401EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.22 views

PT-2026-41911

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 Description Privilege escalation exists in the Enterprise Policies component. Recommendations Update...

9.8CVSS5.8AI score0.00532EPSS
Exploits0References193
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.22 views

PT-2026-42009

Name of the Vulnerable Software and Affected Versions Kieback & Peter DDC building controllers affected versions not specified Description Cross-site scripting XSS allows JavaScript to be executed by the victim's browser, enabling an attacker to control the browser. Recommendations At the moment,...

5.3CVSS5.7AI score0.00271EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.22 views

PT-2026-41513

Name of the Vulnerable Software and Affected Versions The AI Engine – The Chatbot, AI Framework & MCP for WordPress version 3.4.9 Description Missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path allows authenticated users with Subscriber privileges or higher t...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.22 views

PT-2026-41420

Name of the Vulnerable Software and Affected Versions Essential Chat Support versions prior to 1.0.2 Description The Essential Chat Support plugin for WordPress contains an authorization bypass. The plugin fails to properly verify if a user is authorized to perform specific actions, allowing...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.22 views

PT-2026-41436

NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.22 views

PT-2026-41198

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description A Stored Cross-Site Scripting XSS issue exists in the Banner component due to an improper sanitization order where DOMPurify.sanitize is executed before marked.parse. This allows a malicious...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.22 views

PT-2026-41118

Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to th...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.22 views

PT-2026-40976

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the tool update endpoint. This occurs when the server does not restrict which properties a client can modify, allowing user-controlled request bodies to include fiel...

7.6CVSS5.6AI score0.00195EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.22 views

PT-2026-41158

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description In federated rooms, malicious homeservers can craft room events that prevent the server from providing full history to paginating clients. This can result in clients failing to display the room...

6.9CVSS5.8AI score0.00369EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.22 views

PT-2026-41136

Summary Any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The RoutinePermission class grants read access to any authenticated user when a routine has is...

7.5CVSS5.8AI score0.00051EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.22 views

PT-2026-41163

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.3.16 Description A missing permission check in API endpoints related to files allows any authenticated user to list, access, and delete every file uploaded by any user to the platform. The issue exists because th...

8.1CVSS5.8AI score0.00273EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.22 views

PT-2026-40708

Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP InertialSensor ADIS1647x.cpp, ArduRover, ADIS1647x Sensor component...

5.8AI score0.00106EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.22 views

PT-2026-40729

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description SiYuan's publish-mode Reader can modify configuration and SQL index data through eight ungated APIs. These endpoints are registered with model.CheckAuth but lack model.CheckAdminRole and...

7.2CVSS5.8AI score0.00207EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.22 views

PT-2026-40841

Four CVEs CVE-2026-29103, CVE-2026-29104, CVE-2026-29892, CVE-2026-30441 shared the same root cause. An MCP server's response to the client includes free-form text fields — tool descriptions, resource summaries, prompt argument hints. These fields are surfaced into the…...

9.1CVSS5.8AI score0.00497EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.22 views

PT-2026-40713

Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description An authentication bypass exists in the Cloud Authentication Service CAS component of PAN-OS due to incorrect cryptographic signature verification. This allows an unauthenticated attacker with...

10CVSS5.8AI score0.0044EPSS
Exploits3References20
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.22 views

PT-2026-40700

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.22 views

PT-2026-39951

The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS6AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.22 views

PT-2026-40071

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions prior to 7.0.0 Description An...

10CVSS5.8AI score0.01339EPSS
Exploits2References79
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.22 views

PT-2026-44975

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.43.4 Description A flaw exists in the way the library handles chunked Transfer-Encoding. The read payload function in httplib.h uses std::strtoul to parse the chunk-size field. Because std::strtoul accepts leadi...

7.8CVSS5.8AI score0.00327EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.22 views

PT-2026-40096

Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially...

8.8CVSS6.1AI score0.00478EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.22 views

PT-2026-40091

Buffer overflow for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

6.9CVSS5.8AI score0.001EPSS
Exploits0References2
Total number of security vulnerabilities5000