Lucene search
K
PtsecurityMost viewed

184269 matches found

Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.35 views

PT-2026-53154

The WhatsApp and Linear bot adapters verify the inbound webhook HMAC signature only when a secret is configured. When the secret environment variable is unset — the default on a fresh install and common in development — verification is skipped entirely and the webhook body is parsed and dispatche...

8.6CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.35 views

PT-2026-50560

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The unarchive internal module's archive extraction commands lack code-level validation for extracted file paths. This causes the module to rely on the behavior o...

5.3CVSS5.2AI score0.00208EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.35 views

PT-2026-48436

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a config file name form field that is passed straight through to config mod.master slave upload and restart... as the destination path. The validati...

9.9CVSS5.5AI score0.00372EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.35 views

PT-2026-48437

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

9.9CVSS6.5AI score0.00439EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.35 views

PT-2026-47148

Name of the Vulnerable Software and Affected Versions Protocol::HTTP2 versions prior to 1.13 Description The software is susceptible to an HTTP/2 Bomb, where a small request can expand into large server memory consumption. This occurs because the inbound HPACK path lacks a header-list size limit...

7.5CVSS5.7AI score0.00414EPSS
Exploits0References26
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.35 views

PT-2026-46301

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.32.0 Axios versions prior to 1.16.0 Description The Node.js HTTP adapter in Axios may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This occurs when an...

8.2CVSS5.5AI score0.00689EPSS
Exploits1References44
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.35 views

PT-2026-45268

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handle webhook request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.6AI score0.00372EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.35 views

PT-2026-41585

Name of the Vulnerable Software and Affected Versions Kilo-Org kilocode versions prior to 7.0.48 Description A path traversal issue exists in the File Diff API Endpoint within the Bun.file function of the packages/opencode/src/kilocode/review/worktree-diff.ts file. A remote attacker can trigger...

5.3CVSS5.8AI score0.0058EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.35 views

PT-2026-39536

Name of the Vulnerable Software and Affected Versions D-Link DCS-935L versions prior to 1.10.01 Description A buffer overflow can be triggered remotely via the HNAP Service. The issue exists in the SetDeviceSettings function within the '/web/cgi-bin/hnap/hnap service' endpoint when manipulating t...

9CVSS7.5AI score0.00997EPSS
Exploits2References12
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.35 views

PT-2026-38641

Name of the Vulnerable Software and Affected Versions AsusPTPFilter affected versions not specified Description An exposed IOCTL Input/Output Control with insufficient access control allows a local user to bypass driver security mechanisms. This can lead to the unauthorized acquisition of...

2CVSS5.8AI score0.00092EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.35 views

PT-2026-35704

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description Uncontrolled Recursion occurs in the Node.js bindings of Apache Thrift. Uncontrolled recursion is a condition where a function calls itself without a proper termination condition, potentially...

8.7CVSS5.9AI score0.01163EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.35 views

PT-2026-35273

Name of the Vulnerable Software and Affected Versions choieastsea simple-openstack-mcp versions prior to 767b2f4a8154cca344344b9725537a58399e6036 Description An OS command injection flaw exists that allows remote attackers to execute arbitrary commands. The issue is located within the exec...

7.5CVSS7.8AI score0.01338EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.35 views

PT-2026-27788

Name of the Vulnerable Software and Affected Versions Cisco IOS Software affected versions not specified Cisco IOS XE Software affected versions not specified Cisco Secure Firewall Adaptive Security Appliance ASA Software affected versions not specified Cisco Secure Firewall Threat Defense FTD...

8.6CVSS5.8AI score0.00354EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.35 views

PT-2026-5803

Name of the Vulnerable Software and Affected Versions Amiti Antivirus version 25.0.640 Description Amiti Antivirus contains an unquoted service path vulnerability in its Windows service configurations. This allows attackers to inject and execute malicious code with elevated LocalSystem privileges...

8.5CVSS5.6AI score0.00329EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.35 views

PT-2026-1860

Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2 Description A stored Cross-Site Scripting XSS issue exists in Perch CMS. An attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The...

6.1CVSS5.6AI score0.00187EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.35 views

PT-2025-48222

The Soundslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the soundslides shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS5AI score0.00195EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.35 views

PT-2025-38853

Name of the Vulnerable Software and Affected Versions javothemes Javo Core versions through 3.0.0.266 Description An authorization issue exists in javothemes Javo Core due to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendations Update...

5.3CVSS6.6AI score0.00258EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.35 views

PT-2026-45416

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference exists in the gf ac4 pres b 4 back channels present function within the /media tools/av parsers.c file. This issue allows an attacker to cause a Denial of...

5.5CVSS5.8AI score0.00143EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/05/27 12:0 a.m.35 views

PT-2025-23483 · Undefined · Undefined

Ubuntu is one of the most widely used Linux distributions, renowned for its security, stability, and performance. However, like any operating system, it’s not immune to vulnerabilities. With cybersecurity threats escalating in sophistication and scale, timely patching is essential to safeguard...

9.8CVSS7.6AI score0.02177EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.35 views

PT-2025-15635 · Dnn · Dnn

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.2 Description: The issue allows uploading files with malicious content by renaming them to have an allowed file extension, such as renaming an executable file to have a .jpg extension. This could...

7.5CVSS6.6AI score0.0017EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/10/13 12:0 a.m.35 views

PT-2023-20534 · Node-Qpdf · Node-Qpdf

Name of the Vulnerable Software and Affected Versions: node-qpdf versions all Description: The issue arises from the encrypt method failing to sanitize its parameter input, which later flows into a sensitive command execution API. This allows attackers to inject malicious commands once they can...

9.8CVSS9.7AI score0.02079EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2022/08/28 12:0 a.m.35 views

PT-2022-23571 · Unknown · Ingredients Stock Management System

Name of the Vulnerable Software and Affected Versions: Ingredients Stock Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the Id parameter at the "/stocks/manage stockout.php" API endpoint. There is no...

9.8CVSS9.5AI score0.00891EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2019/04/08 12:0 a.m.35 views

PT-2019-12140 · Thinkadmin · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 4.0 Description: The issue concerns the applicationadmincontrollerUser.php file in ThinkAdmin V4.0, where it fails to prevent the continued use of an administrator's cookie-based credentials after a password change. This...

9.8CVSS9.3AI score0.01394EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.34 views

PT-2026-48619

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description Wss4jSecurityInterceptor sets the...

4.8CVSS5.8AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.34 views

PT-2026-45583

Name of the Vulnerable Software and Affected Versions Android Framework affected versions not specified Description Improper input validation in multiple functions of DevicePolicyManagerService.java allows a system critical package to be hidden. This can result in a local denial of service withou...

5.5CVSS5.9AI score0.00071EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.34 views

PT-2026-37659

Name of the Vulnerable Software and Affected Versions JohnsonControls AC2000 versions 10.6 through 10 JohnsonControls AC2000 versions 11.0 through 9 JohnsonControls AC2000 versions 12 through 3 Description An uncontrolled search path element issue allows for the manipulation of configuration file...

8.4CVSS5.7AI score0.00108EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.34 views

PT-2026-5887

Name of the Vulnerable Software and Affected Versions Chapa Payment Gateway Plugin for WooCommerce versions up to and including 1.0.3 Description The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is susceptible to sensitive information disclosure. An unauthenticated attacker c...

5.3CVSS5.4AI score0.00282EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/05 12:0 a.m.34 views

PT-2025-31959 · Undefined · Undefined

Hi, I run a following script for a vulnerability test for my home network; nmap 192.168.1.1/24 -n -sP |rg -o "192." scan.txt nmap -sV --script vulners --script-args mincvss=7.0 -iL scan.txt Then I get this Vulner output in port 80; Nmap scan report for 192.168.1.5 Host is up 0.00021s latency. Not...

9.1CVSS6.1AI score0.04409EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/05/27 12:0 a.m.34 views

PT-2025-22907 · WordPress · The Essential Blocks – Page Builder Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 5.4.0 Description: The issue is related to Stored Cross-Site Scripting via HTML attributes in Slider and Post...

6.4CVSS6AI score0.00319EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.34 views

PT-2025-6483 · Intel · Intel Server Board S2600Bp +3

Name of the Vulnerable Software and Affected Versions: IntelR Server Board S2600WF versions prior to 02.01.0017 IntelR Server Board S2600ST versions prior to 02.01.0017 IntelR Server Board S2600BP versions prior to 02.01.0017 IntelR Server Board M50CYP versions prior to R01.01.0009 IntelR Server...

7.3CVSS7.4AI score0.00186EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.34 views

PT-2023-36414 · Mitsubishi · Gs21 +7

Уязвимость функции Data Transfer Security программного обеспечения создания и управления графическими интерфейсами операторов на промышленных панелях управления GT Designer3, GOT2000 Series, GOT SIMPLE Series, GT SoftGOT2000 связана со слабой криптографией паролей. Эксплуатация уязвимости может...

7.8CVSS7.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.33 views

PT-2026-51127

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in print attribute UTF8STRING path. print attribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen ...

6.1AI score0.00354EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.33 views

PT-2026-49562

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description A Denial of Service DoS issue exists in the @angular/common package. The formatNumber...

8.2CVSS5.8AI score0.00161EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.33 views

PT-2026-48990

Name of the Vulnerable Software and Affected Versions sanitize-html versions prior to 2.17.5 Description The software uses the allowedSchemesAppliedToAttributes variable to control the naughtyHref function, which is designed to block dangerous URI schemes such as javascript: and vbscript:. Howeve...

5.4CVSS5.2AI score0.00136EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.33 views

PT-2026-48509

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is a Kubernetes-native serverless framework. The Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.33 views

PT-2026-48303

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description An issue exists in the $ internalApplyOplogUpdate aggregation pipeline stage where an authenticated user with access to the aggregate command can execute a document diff containing a malforme...

8.1CVSS5.6AI score0.00298EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.33 views

PT-2026-50758

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if condition in modules/preprocs/nasm/nasm-pp.c...

5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.33 views

PT-2026-46978

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub 41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may...

6.5CVSS6.4AI score0.03133EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.33 views

PT-2026-46265

Name of the Vulnerable Software and Affected Versions Etsy::StatsD versions prior to 1.002002 Description Etsy::StatsD for Perl allows metric injections because metric names and values are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted sources to inject...

7.5CVSS5.4AI score0.00262EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.33 views

PT-2026-44238

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description The biovec phys mergeable function, used in request merge, DMA mapping, and integrity merge paths, fails to verify if physically contiguous bvec segments belong to different dev pagemaps...

9.8CVSS5.9AI score0.00491EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.33 views

PT-2026-52217

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.3 Description Incomplete Server-Side Request Forgery SSRF protection exists within the webhook and migration allow-list filtering. SSRF is a flaw that allows an attacker to induce the server-side application to mak...

9.6CVSS7.2AI score0.00464EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.33 views

PT-2026-41197

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description Multiple endpoints accept a user-supplied file id and attach the referenced file to a resource controlled by the caller, such as folder knowledge or knowledge-base contents, without verifying if t...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.33 views

PT-2026-36543

Name of the Vulnerable Software and Affected Versions bandit versions 0.5.0 through 1.10.x Description An allocation of resources without limits or throttling allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in the handle frame/3 function within...

8.7CVSS5.8AI score0.00549EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.33 views

PT-2026-28426

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where an administrator possessing manage-clients permission can exploit a misconfiguration. This misconfiguration arises when the manage-clients permission is...

6.5CVSS5.9AI score0.00471EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.33 views

PT-2026-27174

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...

9CVSS5.9AI score0.00321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.33 views

PT-2025-47968

Name of the Vulnerable Software and Affected Versions Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 Description A Directory Traversal issue exists in the Application Server of the software, allowing an attacker to write arbitrary files under certain conditions. The issue enables...

9.9CVSS6.7AI score0.00627EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/04/19 12:0 a.m.33 views

PT-2025-30076 · Git +1 · Pcapplusplus

Name of the Vulnerable Software and Affected Versions: cppc affected versions not specified Description: The software contains a heap-buffer-overflow read issue. The crash occurs within the toString function of the TelnetLayer class, triggered through toStringList and toString functions of the...

6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.33 views

PT-2024-41: Bypass authentication in PT MaxPatrol SIEM, PT MaxPatrol VM, PT MaxPatrol EDR, PT MaxPatrol Carbon и PT MaxPatrol O2

The vulnerability was identified in PT MaxPatrol SIEM, PT MaxPatrol VM, PT MaxPatrol EDR, PT MaxPatrol Carbon и PT MaxPatrol O2 that affects versions that include component PT MC version earlier than 101.4.8813 and component MPX version earlier than 27.2.14850. The discovered vulnerability allows...

9.5CVSS7.3AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.32 views

PT-2026-53483

A SQL injection vulnerability exists in the duckdb retriever component of the run-llama/llama index repository, specifically in llama-index-retrievers-duckdb-retriever prior to v0.4.0. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an...

9.8CVSS6.5AI score0.01311EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.32 views

PT-2026-51630

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Git LFS storage is content-addressed by OID Object Identifier alone, while per-repository authorization is managed in the lfs object table. The serveUpload function skips the re-upload process when an...

7.1CVSS5.8AI score0.00236EPSS
Exploits0References10
Total number of security vulnerabilities5000