Lucene search
K
PtsecurityMost viewed

184501 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47715

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description An unrestricted upload of files with dangerous types allows an authenticated user to cause a server process crash. This occurs when a crafted TIFF image triggers excessive memory allocation...

6.5CVSS5.2AI score0.00479EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47873

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Stack Edge allows an authorized attacker to perform spoofing over a network...

8.4CVSS5.4AI score0.00814EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48062

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...

5.4CVSS5.5AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47991

Name of the Vulnerable Software and Affected Versions Windows DHCP Server affected versions not specified Description An issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network, potentially compromising trust within a local area network LAN. Recommendation...

9.4CVSS5.2AI score0.00366EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48236

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48130

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager Forms JEE versions LTS SP1 Adobe Experience Manager Forms JEE versions prior to 6.5.24.0 Description A stored Cross-Site Scripting XSS issue allows an attacker to inject malicious scripts into vulnerable form fields...

9.3CVSS5.2AI score0.00243EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47664

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Spring MVC and WebFlux applications are...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48214

SemCms 5.0 is vulnerable to Cross Site Request Forgery CSRF via crafted POST request to /admin/semcms user.php...

5.5AI score0.00107EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47529

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified SAP ABAP Platform affected versions not specified Description Improper RFC Remote Procedure Call protocol validation in the SAP Kernel allows an unauthenticated attacker to...

9.8CVSS5.5AI score0.00437EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48328

Name of the Vulnerable Software and Affected Versions Spring for Apache Pulsar versions 1.1.0 through 1.1.17 Spring for Apache Pulsar versions 1.2.0 through 1.2.17 Spring for Apache Pulsar versions 2.0.0 through 2.0.5 Description JsonPulsarHeaderMapper uses a prefix check to match type headers...

8.1CVSS5.8AI score0.00347EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47734

Name of the Vulnerable Software and Affected Versions SINEC INS versions prior to V1.0 SP2 Update 6 Description A binary in the system is configured with the cap dac override capability, which allows a process to bypass file system permission checks. This configuration results in unrestricted fil...

8.8CVSS6AI score0.00206EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48343

Description CVE-2024-50340 GHSA-x8vp-gf4q-mw5j addressed an issue where, with register argc argv=On, a crafted query string let an unauthenticated GET change the kernel environment and debug flag by feeding --env/--no-debug through $ SERVER'argv'. The fix shipped in symfony/runtime 5.4.46 / 6.4.1...

7.3CVSS5.8AI score0.63422EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48008

Name of the Vulnerable Software and Affected Versions Microsoft Live Share Canvas SDK affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to elevate privileges over a network...

9CVSS5.2AI score0.00554EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47920

Name of the Vulnerable Software and Affected Versions Windows Win32K - GRFX affected versions not specified Description An integer overflow or wraparound occurs in Windows Win32K - GRFX, which allows an unauthorized attacker to execute arbitrary code locally or remotely, potentially affecting the...

7.8CVSS6.3AI score0.00437EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47855

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A signed integer overflow occurs when sizing the destination buffer for Unicode output in the ASN1 mbstring ncopy function, which can lead to a heap buffer overflow. This happens in ASN1...

8.1CVSS6.1AI score0.00513EPSS
Exploits0References139
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47793

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.12-1.1 Description An off-by-one error exists in the rockchip rkcif media component. The issue occurs due to incorrect comparisons using instead of = when accessing arrays, which can lead to accessing one...

9.8CVSS5.2AI score0.03663EPSS
Exploits29References334
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47259

Name of the Vulnerable Software and Affected Versions VMware Cloud Foundation Operations affected versions not specified Description Stored cross-site scripting issues exist where a malicious actor with privileges to create policies, views, or text-widgets can inject scripts. This allows the...

8CVSS5.2AI score0.00302EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47203

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made publi...

7.5CVSS7AI score0.00263EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47338

A vulnerability was detected in imvks786 student management system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to laun...

5.1CVSS4AI score0.00199EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47611

Name of the Vulnerable Software and Affected Versions netty-transport-sctp versions prior to 4.1.135.Final netty-transport-sctp versions prior to 4.2.15.Final Description Netty is a network application framework for developing protocol servers and clients. A flaw exists where the handler processe...

7.5CVSS5.2AI score0.0038EPSS
Exploits0References137
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47327

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Use-After-Free UAF and Null Pointer Dereference NPD conditions exist in the lifecycle management of hci uart. The issue occurs when workqueues init ready and write work are not flushed o...

9.8CVSS5.3AI score0.00457EPSS
Exploits1References81
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47375

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the NVMe target controller teardown process where a recursive workqueue flush can occur. Specifically, the nvmet tcp release queue work function runs on the nvmet-wq...

9.1CVSS5.4AI score0.00457EPSS
Exploits1References68
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47316

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description A buffer overflow occurs in the mod proxy html module, which can be triggered by an untrusted backend. Recommendations Upgrade to version 2.4.68...

9.8CVSS5.7AI score0.00805EPSS
Exploits0References153
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47441

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An unsafe execution issue exists in the Bazar form field calculator CalcField.php. The application uses a complex recursive regular expression to sanitize user-defined mathematical formulas before th...

9.8CVSS5.9AI score0.00561EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47332

Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decode body/1 and Req.Steps.decompres...

8.2CVSS5.5AI score0.00438EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47438

Name of the Vulnerable Software and Affected Versions Tenda F451 versions 1.0.0.7 through 1.0.0.9 Description A stack-based buffer overflow exists in the Web Management Interface. This issue occurs within the fromNatlimit function located in the /goform/Natlimit file. A remote attacker can trigge...

9CVSS8.8AI score0.00476EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47244

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An SQL injection issue exists that can be initiated remotely. The flaw is located in an unknown function within the '/archive5.php' endpoint, where manipulation of the sy...

7.5CVSS7.5AI score0.0029EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the of unittest changeset function. The variable parent and nchangeset both point to the same struct device node. When of node putnchangeset is called, i...

9.8CVSS5.3AI score0.03663EPSS
Exploits15References340
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47301

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator exits upon encountering any error while accepting incoming HTTP or RTR connections. This includes recoverable errors, such as exhausting available file descriptors. An attacker...

8.7CVSS5.5AI score0.00333EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.21 views

PT-2026-47189

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 0.12.1 Description An authorization bypass exists in the resume endpoint. The issue occurs within the resolve session by title function located in the hermes state.py file. A remote attacker can...

6.5CVSS6.6AI score0.00225EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.21 views

PT-2026-47198

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such manipulation of the...

5.5CVSS5.5AI score0.00323EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.21 views

PT-2026-47200

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

5.8CVSS5AI score0.00232EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.21 views

PT-2026-47199

A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=room types. Performing a manipulation of the argument room results in cross site scripting. The attack is possible to be carried out...

4.8CVSS3.9AI score0.00214EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.21 views

PT-2026-47190

Name of the Vulnerable Software and Affected Versions BeikeShop versions prior to 1.6.0.22 Description Improper authorization exists in the Stripe Plugin component. A remote attacker can manipulate the Request argument within the callback function of the file...

7.5CVSS7.2AI score0.00294EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.21 views

PT-2026-47158

Name of the Vulnerable Software and Affected Versions Mage AI versions prior to 0.9.80 Description A cross-site scripting issue exists in the Sign-in Flow component within the useMutation function of the file mage ai/frontend/components/Sessions/SignForm/index.tsx. Manipulation of the...

5.3CVSS5.2AI score0.00263EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.21 views

PT-2026-47134

Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin for Create and Sell Online Courses versions prior to 4.3.7 Description An issue exists that allows unauthenticated attackers to extract sensitive data through an unrestricted SELECT fallback query. By sending ...

5.3CVSS5.5AI score0.00353EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.21 views

PT-2026-47141

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.21 views

PT-2026-47131

Name of the Vulnerable Software and Affected Versions WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More versions prior to 1.10.0.2 Description The plugin is subject to insufficient verification of data authenticity. The PayPal Commerce webhook endpoint...

5.3CVSS5.5AI score0.00202EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.21 views

PT-2026-47140

Name of the Vulnerable Software and Affected Versions SEO Plugin by Squirrly SEO versions prior to 12.4.17 Description The plugin fails to properly verify if a user is authorized to perform specific actions. This allows authenticated attackers with contributor-level access or higher to execute...

4.3CVSS5.4AI score0.00296EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.21 views

PT-2026-47144

Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions prior to 1.8.42 Description Insufficient escaping of user-supplied parameters and lack of proper preparation of SQL queries allow authenticated attackers...

6.5CVSS5.6AI score0.00325EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-47047

Name of the Vulnerable Software and Affected Versions Arista Edge Threat Management - Arista Next Generation Firewall NGFW affected versions not specified Description A command injection issue exists in the Captive Portal Custom Handler. An administrative account logged into the user interface ca...

7CVSS5.8AI score0.0988EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-46950

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description An unauthenticated stored cross-site scripting issue exists in the log viewer due to unescaped template variables. This allows attackers to execute arbitrary scripts in users' browsers by injecting...

7.2CVSS5.5AI score0.00183EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-46976

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboard page/forms/fetch.php. The manipulation of the argument department...

5.3CVSS4AI score0.00273EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-47011

Name of the Vulnerable Software and Affected Versions Cloudburst Network versions prior to 1.0.0.CR3-20260417.085727-30 Description An issue in the network components allows an attacker to stall the netty event loop, which is the core mechanism that handles network events, rendering it inoperable...

7.5CVSS5.5AI score0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-47079

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS5.5AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-46904

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

6.1CVSS5.5AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-46955

Six live production platforms were compromised during responsible disclosure testing. LiteLLM CVE-2026-30623, Critical, patched, Windsurf CVE-2026-30615, Critical, reported, Bisheng CVE-2026-33224, Critical, patched, and DocsGPT CVE-2026-26015, Critical, patched…...

10CVSS5.7AI score0.01168EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-47084

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A flaw in the token-exchange flow allows two concurrent requests using the same OAuth authorization code to each generate a distinct valid access token and refresh token pair. This occurs because...

6.3CVSS6AI score0.00197EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-46952

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

6.9CVSS5.6AI score0.00294EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-47016

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. Sixteen file-manager endpoints fail to verify if the requesting user owns the SSH...

8.1CVSS5.5AI score0.00282EPSS
Exploits1References6
Total number of security vulnerabilities5000