Lucene search
K
PtsecurityMost viewed

184508 matches found

Positive Technologies
Positive Technologies
•added 2026/06/14 12:0 a.m.•21 views

PT-2026-49104

Name of the Vulnerable Software and Affected Versions LiteSpeed cPanel plugin versions prior to 2.4.8 LiteSpeed WHM PlugIn versions prior to 5.3.2.0 Description A privilege escalation issue exists where the software mishandles symbolic links symlinks provided by a user with FTP or web shell acces...

8.5CVSS6.1AI score0.01261EPSS
Exploits3References51
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•21 views

PT-2026-49072

Name of the Vulnerable Software and Affected Versions LWS Optimize – All-in-One Speed Booster & Cache Tools versions prior to 3.3.20 Description The plugin is subject to an arbitrary file read issue. This occurs because the combine current css function trusts values harvested from page HTML and...

4.9CVSS5.4AI score0.00336EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/13 12:0 a.m.•21 views

PT-2026-49091

Name of the Vulnerable Software and Affected Versions Bookly versions prior to 27.3 Description The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping...

7.2CVSS5.5AI score0.00312EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-48919

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS5.2AI score0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-48894

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-48943

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi search endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to...

8.7CVSS5.3AI score0.00336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-48891

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit discussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS5.2AI score0.00321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-48947

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.1 through 5.5.15 SimpleHelp versions 6.0 pre-release through 6.0 RC1 Description An authentication bypass exists in the OpenID Connect OIDC authentication flow. The server fails to verify the cryptographic signature of...

10CVSS6.2AI score0.0116EPSS
Exploits1References127
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-48882

Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...

9.8CVSS6.1AI score0.04591EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-49067

Name of the Vulnerable Software and Affected Versions File Browser affected versions not specified Description File Browser fails to properly validate symbolic links, allowing scoped users or unauthenticated public-share recipients to access files outside their intended directory boundaries. Whil...

7.5CVSS5.3AI score0.0046EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-49341

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A flaw exists in the WavPack audio decoder within gst-plugins-good. An integer overflow occurs during the buffer size calculation 4 block samples channels inside the gst wavpack dec handle...

7.6CVSS6.1AI score0.0031EPSS
Exploits0References39
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-49038

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.27 Description An authorization bypass exists in QQBot pre-dispatch slash commands. This issue allows authenticated senders to skip allowFrom policy checks, enabling them to invoke slash commands before...

8.2CVSS5.3AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-49029

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.7 Description The memory-wiki ingest feature allows authenticated Gateway operators with operator.write scope to read local files outside of the intended ingest sources. By specifying arbitrary local file path...

7.1CVSS5.4AI score0.00375EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-50785

Name of the Vulnerable Software and Affected Versions OpenBSD versions prior to commit 6a23123 Description An out-of-bounds read exists in the mpls do error function within sys/netmpls/mpls input.c. Remote attackers can disclose kernel stack memory by sending crafted MPLS frames containing 16...

6.9CVSS5.8AI score0.00423EPSS
Exploits2References23
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-48884

Name of the Vulnerable Software and Affected Versions WEOLL versions 2.0.9 through 3.2.45.32 Description An unrestricted file upload flaw allows the upload of dangerous file types. This issue enables attackers to access functionality that is not properly constrained by Access Control Lists ACLs,...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-48982

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The AI explain helper fails to verify the can see? permission on the reply to post of a post being explained. This allows an...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-48946

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6AI score0.00148EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•21 views

PT-2026-55697

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.1.3 Linux kernel versions prior to 6.18.38 Linux kernel versions prior to 6.12.95 Linux kernel versions prior to 6.6.144 Linux kernel versions prior to 6.1.177 Linux kernel versions prior to 5.15.211 Linux kern...

6CVSS7.3AI score0.00176EPSS
Exploits3
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•21 views

PT-2026-48616

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.6 Spring Boot versions 3.5.0 through 3.5.14 Spring Boot versions 3.4.0 through 3.4.16 Description Mail auto-configuration does not enable hostname verification, which is the process of verifying that the...

5CVSS5.8AI score0.00123EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•21 views

PT-2026-48633

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•21 views

PT-2026-48656

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.10 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue exists where insufficient validation of secondary URLs could allow an authenticated user to...

6.5CVSS5.4AI score0.00247EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•21 views

PT-2026-48682

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description The RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

8.7CVSS5.3AI score0.005EPSS
Exploits0References55
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•21 views

PT-2026-48695

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

4.9CVSS5.4AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•21 views

PT-2026-48699

Name of the Vulnerable Software and Affected Versions WordPress Toolkit versions prior to 6.11.0 Description An argument injection issue exists in the software as used in cPanel & WHM. This allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI...

9.9CVSS5.8AI score0.00409EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/11 12:0 a.m.•21 views

PT-2026-48748

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.24 Description An authorization bypass exists in the MCP loopback feature. This allows non-owner callers to circumvent owner-only tool policies and before-tool-call hooks. When the feature is enabled and...

6.9CVSS6AI score0.00096EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48372

Name of the Vulnerable Software and Affected Versions File Station 5 versions prior to 5.5.6.5208 Description A buffer overflow occurs when a program writes more data to a memory buffer than it can hold, potentially overwriting adjacent memory. A remote attacker with a user account can exploit th...

8.7CVSS5.7AI score0.00292EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48507

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description An issue exists in the Kubernetes-native serverless framework where the Environment.spec.runtime.podSpec and spec.builder.podSpec passthrough lacks validation. This allows the MergePodSpec function ...

9.9CVSS5.8AI score0.003EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48406

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48466

Name of the Vulnerable Software and Affected Versions Erlang/OTP versions 29.0 through 29.0.1 ssh versions 6.0 through 6.0.0 Description A timing side-channel in password authentication allows unauthenticated remote attackers to enumerate usernames. When the SSH daemon is configured with the user...

6.3CVSS5.9AI score0.00354EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48519

Name of the Vulnerable Software and Affected Versions Metrics::Any::Adapter::Statsd versions prior to 0.04 Description The software does not protect against metric injections. The statsd protocol allows multiple metrics to be sent per packet, separated by newlines. The send method fails to valida...

8.2CVSS5.8AI score0.00323EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48529

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

6.9CVSS5.5AI score0.00115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48380

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description When using aria2c as an external downloader for fragmented manifest formats like HLS or DASH streams, insufficiently sanitized input allows an attacker to perform arbitrary file writes. This occu...

9.6CVSS6AI score0.00406EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48521

Name of the Vulnerable Software and Affected Versions Metrics::Any::Adapter::SignalFx versions prior to 0.04 Description The software does not protect against metric injections. The statsd protocol and its extensions, such as dogstatsd, allow multiple metrics separated by newlines to be sent with...

6.5CVSS5.8AI score0.00264EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48500

In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...

4.3CVSS5.5AI score0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48561

Name of the Vulnerable Software and Affected Versions Pi-hole FTL versions prior to 6.6.1 Description A race condition exists in the HTTP session management subsystem of the embedded CivetWeb-based web server. This issue was introduced during the v6.0 rewrite of the server engine. Recommendations...

8.8CVSS5.2AI score0.0023EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48469

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 27.3.4.12 Erlang OTP versions 28.x prior to 28.5.0.2 Erlang OTP versions 29.x prior to 29.0.2 erl interface versions 3.7.16 through 5.5.2.0 erl interface versions 5.7.x prior to 5.7.0.1 erl interface versions...

6.9CVSS6.3AI score0.00136EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48358

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score0.00331EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•21 views

PT-2026-48508

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. The Container Executor path allows a tenant to directly supply...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•21 views

PT-2026-47723

Name of the Vulnerable Software and Affected Versions Blocksy versions prior to 2.1.36 Description Insufficient input sanitization in the blocksy sanitize post meta options function allows authenticated attackers with contributor-level access or higher to store serialized PHP object strings in po...

8.8CVSS6.4AI score0.00849EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•21 views

PT-2026-47964

Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio Code affected versions not specified Description Improper limitation of a pathname to a restricted directory, known as path traversal, allows an unauthorized attacker to bypass...

8.4CVSS5.8AI score0.00345EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•21 views

PT-2026-48070

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•21 views

PT-2026-47689

Name of the Vulnerable Software and Affected Versions Zephyr affected versions not specified Description A remote, unauthenticated attacker can cause memory corruption in the HTTP server WebSocket upgrade path. The issue occurs because the HTTP/1 header parser uses a bounded copy to move the...

9.8CVSS6AI score0.00643EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•21 views

PT-2026-48192

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00309EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•21 views

PT-2026-48160

🚨 CVE-2025-55657 A NULL pointer dereference in the gf odf vvc cfg write bs function odf/descriptors.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file. šŸŽ–@cveNotify...

7.5CVSS5.2AI score0.00467EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•21 views

PT-2026-47848

Name of the Vulnerable Software and Affected Versions FreeSWITCH versions prior to 1.11.1 Description The mod verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts a Content-Length of up to nearly 10 MiB. Because the body-read loop...

9.8CVSS5.5AI score0.00394EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•21 views

PT-2026-48279

Name of the Vulnerable Software and Affected Versions OpenClinic GA version 5.351.19 Description A reflected cross-site scripting issue exists in the DICOM image upload handler. Attackers can execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata...

6.1CVSS6.7AI score0.00293EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•21 views

PT-2026-48300

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description An authenticated user can cause a server crash or the return of incorrect results by creating documents that interfere with internal metadata processing during query execution. This issue is...

7.1CVSS5.5AI score0.00368EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•21 views

PT-2026-48270

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 through 2025.8 Description Improper input validation allows a low-privileged attacker to bypass security measures and gain unauthorized read and write access. This issue does not require user interaction to be...

8.1CVSS5.2AI score0.0039EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•21 views

PT-2026-47969

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A Time-of-check time-of-use TOCTOU race condition exists in the Program Compatibility Assistant Service. This flaw allows an authorized attacker to elevate privileges locally, enabling them t...

7.8CVSS5.2AI score0.00184EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•21 views

PT-2026-47632

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...

6.9CVSS5.5AI score0.00285EPSS
Exploits0References7
Total number of security vulnerabilities5000