Lucene search
K
PtsecurityMost viewed

184508 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50553

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resize image, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS5.3AI score0.00747EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50461

Name of the Vulnerable Software and Affected Versions Cisco Umbrella Virtual Appliance affected versions not specified Description An issue in the vmadmin CLI of Cisco Umbrella Virtual Appliance allows an authenticated, local attacker to elevate privileges. This is caused by insufficient validati...

6.2CVSS5.9AI score0.00104EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50221

Name of the Vulnerable Software and Affected Versions OpenBSD versions prior to 076e2b1 Description The sppp pap input function in sys/net/if spppsubr.c allows authentication bypass when certain zero values are used for lengths. Real-world offensive activities targeting this issue have been...

5.8CVSS5.3AI score0.00211EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50386

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS5.2AI score0.00426EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50525

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.93.0 Description An authorization bypass exists in the proxy repository configuration. This issue allows a delegated repository administrator to disclose stored upstream proxy credentials...

5.9CVSS5.2AI score0.0026EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50388

Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection. This issue affects Creatify: from n/a through 1.5...

9.8CVSS5.2AI score0.00313EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50425

A stack-based buffer overflow exists in the raw to header function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width...

8.8CVSS6.2AI score0.00635EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50494

Name of the Vulnerable Software and Affected Versions @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 @mariozechner/pi-coding-agent versions 0.50.0 through 0.73.1 Description Pi is a minimal terminal coding harness that used predictable paths under the operating system temporary...

7.3CVSS6.2AI score0.00115EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50444

Name of the Vulnerable Software and Affected Versions Azuriom CMS versions prior to 1.2.11 Description Missing authorization in the server management routes allows an authenticated attacker with the admin.access permission to create AzLink server tokens. This can lead to the takeover of non-admin...

8.6CVSS5.2AI score0.00348EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50609

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The Media module supports oEmbed, which utilizes two discovery mechanisms: providers.json and URL discovery. The URL discovery code can be exploited to trick the system into making...

5.5AI score0.00133EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50527

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.1 Description A pre-authentication denial of service issue exists in the SSH MSG EXT INFO handler within src/packet.c. A malicious SSH server can trigger a CPU exhaustion loop on the client by sending a crafted...

9.2CVSS5.9AI score0.00732EPSS
Exploits11References42
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50248

Three NVIDIA NeMo vulnerabilities CVE-2026-24155, CVE-2026-24252, CVE-2026-24228 enable code execution. Update NeMo Framework to v2.7.3 now. NVIDIA NeMo CVE202624155 AISecurity InfoSec https://t.co/VykvC24Ed4 https://t.co/93wJfksSbS...

7.8CVSS5.4AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50186

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...

6.8CVSS5.3AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50225

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.5AI score0.0008EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50370

Cross-Site request forgery CSRF vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0...

4.3CVSS5.2AI score0.00127EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50337

Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...

9.3CVSS5.7AI score0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50318

Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50257

Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network-based attacker can cause a Denial of Service DoS on the web interface of the device using a Slow Loris attack. This technique involves sending partial HTTP requests...

6.9CVSS6AI score0.00394EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49946

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Portal version 12.2.1.4.0 Oracle WebCenter Portal version 14.1.2.0.0 Description An issue exists in the Security Framework component of the Oracle WebCenter Portal product of Oracle Fusion Middleware. A low privileged attacker...

9.9CVSS5.9AI score0.00402EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49980

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Install. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle...

9CVSS5.1AI score0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49767

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description A control scope enforcement bypass exists in the focus command. This allows authenticated callers to execute the command without proper authorization checks, enabling them to change the focus...

6.8CVSS5.5AI score0.00093EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49766

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description The allowFrom feature improperly validates Discord account identity by using mutable display names instead of immutable user IDs. This allows an attacker to change their display or global name...

8.6CVSS5.5AI score0.00267EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49775

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where the STATE DIRECTORY variable in a workspace .env file can influence bundled runtime dependency roots. This allows attackers to manipulate STATE...

7.1CVSS5.6AI score0.00124EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49844

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware Identity Manager version 12.2.1.4.0 Oracle Fusion Middleware Identity Manager version 14.1.2.1.0 Description An issue exists in the Core component of the Identity Manager product. A low privileged attacker with network...

9.9CVSS5.8AI score0.00432EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49864

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Oracle Fusion Middleware WebLogic Server versions 15.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. An unauthenticated attacker with network...

10CVSS5.9AI score0.00483EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49790

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer overflow in the decodePacket function of RtpPacket can lead to out-of-bounds access. This issue may allow a local escalation of privilege without...

7.3CVSS6AI score0.00072EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49710

Name of the Vulnerable Software and Affected Versions Zephyr affected versions not specified Description A use-after-free issue exists in the mld send function within the IPv6 Multicast Listener Discovery MLD implementation. The function attempts to read the packet interface using net pkt ifacepk...

7.1CVSS5.9AI score0.00299EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49911

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 Oracle WebCenter Enterprise Capture versions 14.1.2.0.0 Description An issue in the Client Bundle component of Oracle WebCenter Enterprise Capture allows an unauthenticated attacker with...

10CVSS5.2AI score0.00473EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49849

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft PeopleSoft Enterprise PT PeopleTools versions 8.61 through 8.62 Description A flaw in the Deployment Package component allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful...

8.2CVSS5.8AI score0.00392EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49795

Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description A missing bounds check in the software allows for an out-of-bounds read, which occurs when a program reads data past the end of the intended buffer. This can lead to a remote denial of service...

6.5CVSS6.1AI score0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-50050

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.8CVSS5.3AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49800

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing bounds check in the decodeAppPacket function within RtcpAppPacket.cpp allows for an out-of-bounds read. This condition can lead to remote information...

4.3CVSS6.1AI score0.002EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49851

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools versions 8.61 PeopleSoft Enterprise PT PeopleTools versions 8.62 Description An issue exists in the Application Server component of Oracle PeopleSoft. This flaw allows an unauthenticated attacker with netwo...

8.1CVSS5.8AI score0.00436EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-50019

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Web Runtime Security component of JD Edwards EnterpriseOne Tools. An unauthenticated attacker with network access via HTTP can compromise the...

9.3CVSS5.9AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49888

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0 Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of the Oracle WebCenter Content product within Oracle Fusion Middleware. A low privileged...

8.8CVSS5.9AI score0.00402EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-50084

Name of the Vulnerable Software and Affected Versions TL-WR940N version v6 Description An authenticated OS command injection exists in the BigPond Cable BPA WAN configuration module due to improper sanitization of user input. An attacker with administrative access can exploit this flaw to execute...

8.5CVSS6.2AI score0.02787EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-50078

Name of the Vulnerable Software and Affected Versions LangGraph Python SDK versions prior to 0.3.15 Description Unsafe URL path construction occurs due to unsanitized caller-supplied identifier values used in HTTP request paths for resource operations. Identifiers containing characters with speci...

4.2CVSS5.9AI score0.00216EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-49867

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

7.5CVSS5.3AI score0.00311EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49610

On Xtensa targets with CONFIG USERSPACE and CONFIG XTENSA MMU, the page-table code arch/xtensa/core/ptables.c maintains a global list, xtensa domain list, of active memory domains using a list node embedded inside the caller-owned struct k mem domain. When a domain is destroyed via k mem domain...

6.3CVSS5.5AI score0.00164EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49164

A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215. This affects an unknown part of the file /api/research/agents.csv of the component Research Export. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

6.9CVSS5AI score0.00402EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49469

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 3.0.0 Description Cursor Desktop allows the execution of workspace-defined Claude hook commands located in .claude/settings.local.json without requiring explicit user approval. A malicious workspace or a file created b...

8.5CVSS6.1AI score0.00144EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49297

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

6.3AI score0.00627EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49533

Name of the Vulnerable Software and Affected Versions grpc versions 0.4.0 through 0.9.x Description Deserialization of untrusted data and allocation of resources without limits or throttling allow unauthenticated attackers to crash the BEAM node or achieve remote code execution on the server. The...

9.2CVSS6.3AI score0.00573EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49298

Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description An issue in the code generation module allows an authenticated attacker with administrative privileges to access sensitive database information. This is possible through a SQL Injection in the...

9.8CVSS6AI score0.00393EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49151

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was...

5.3CVSS5AI score0.00103EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49580

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description An information disclosure issue exists in the @angular/service-worker package. When the Service Worker fetches assets, it preserve...

8.3CVSS5.9AI score0.00226EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49265

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49579

Name of the Vulnerable Software and Affected Versions Electron versions 42.3.1 through 42.3.2 Description Incorrect byte length calculations in the Node.js Buffer API cause heap underflow or overflow, which can lead to memory corruption or application crashes. This issue may result in incorrect...

9.3CVSS5.6AI score0.00253EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.21 views

PT-2026-49144

Name of the Vulnerable Software and Affected Versions GL.iNet GL-MT3000 versions prior to 4.7 Description A command injection flaw exists in the Tor Proxy Service Configuration Handler. The issue is located within the replace country function in the /usr/lib/oui-httpd/rpc/tor library, allowing a...

9CVSS8.4AI score0.01966EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.21 views

PT-2026-49137

Name of the Vulnerable Software and Affected Versions Yealink SIP-T46U version 108.86.0.118 Description A stack-based buffer overflow occurs in the Firmware Chunk Upload Handler component within the sprintf function of the file /api/upgrade/upgrade. This issue is triggered by manipulating the...

8.6CVSS8.1AI score0.00371EPSS
Exploits0References10
Total number of security vulnerabilities5000