Lucene search
K
PtsecurityMost viewed

184508 matches found

Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46955

Six live production platforms were compromised during responsible disclosure testing. LiteLLM CVE-2026-30623, Critical, patched, Windsurf CVE-2026-30615, Critical, reported, Bisheng CVE-2026-33224, Critical, patched, and DocsGPT CVE-2026-26015, Critical, patched…...

10CVSS5.7AI score0.01168EPSS
Exploits1References1
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47084

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A flaw in the token-exchange flow allows two concurrent requests using the same OAuth authorization code to each generate a distinct valid access token and refresh token pair. This occurs because...

6.3CVSS6AI score0.00197EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46952

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

6.9CVSS5.6AI score0.00294EPSS
Exploits2References3
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47016

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. Sixteen file-manager endpoints fail to verify if the requesting user owns the SSH...

8.1CVSS5.5AI score0.00282EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46977

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

4.8CVSS3.6AI score0.0021EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47041

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An improper session termination issue exists where authentication tokens remain valid after a user logs out. This allows an attacker who possesses a valid token to maintain persistent access to...

5.3CVSS5.5AI score0.00311EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47037

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 11.0.3 Description A flaw in the access control logic allows an attacker to submit a crafted HTTPS POST request to set a session variable used for authorization decisions. In installations including the optional Job...

5.3CVSS5.5AI score0.00236EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46946

Name of the Vulnerable Software and Affected Versions onnx onnx-mlir versions prior to 0.5.0.0 Description The Placeholder Node Cache Handler component contains an issue within the generate hash key function located in the src/Runtime/python/torch onnxmlir/src/torch onnxmlir/backend.py file. This...

3.6CVSS4.7AI score0.00078EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-46947

A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack c...

3.6CVSS4.7AI score0.00075EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/05 12:0 a.m.•21 views

PT-2026-47078

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...

6.8CVSS5.5AI score0.00163EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46154

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...

7.2CVSS5.8AI score0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46156

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

8.8CVSS5.8AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46211

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

9.8CVSS6.4AI score0.00638EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46387

Name of the Vulnerable Software and Affected Versions WP Meta Sort Posts versions prior to 1.0 Description The WP Meta Sort Posts plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a type of attack where an unauthorized user tricks a victim into performing actions they did not...

4.3CVSS5.2AI score0.00128EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46204

Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint...

5.1CVSS5.8AI score0.00887EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46205

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger SEH-based code...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46870

Impact The limit container paths directive in singularity.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed. For exampl...

4.8CVSS5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46858

Summary AVideo stores category descriptions from user input and later renders category description as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page...

5.4CVSS5.9AI score0.00162EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46206

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.ex...

8.6CVSS6.4AI score0.00146EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46232

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description The Shareable Playground also known as Public Flows feature allows unauthenticated users to execute workflows via a link. A flaw in the '/api/v1/build public tmp' endpoint enables attackers to execu...

9.6CVSS6.2AI score0.00688EPSS
Exploits1References15
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46885

Summary A low-privilege admin user with user recovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...

6.8CVSS5.8AI score0.00034EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46774

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient policy enforcement in CustomTabs allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References437
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46817

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An integer overflow in WebView allows a local attacker to cause a denial of service by using a malicious file. An integer overflow occurs when an arithmetic operation attempt...

9.6CVSS5.5AI score0.00456EPSS
Exploits0References437
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46147

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The software lacks handler call depth tracking when specific functions are called from within handlers during a policy violation. This can lead to a use-after-free condition, which occurs when a...

5.9CVSS5.2AI score0.00218EPSS
Exploits0References21
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46392

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description When operating in 802.1X mode, multi-auth unauthenticated hosts may be granted unauthorized access to a switch port if an EAPOL Extensible Authentication Protocol over LAN capable device i...

6.5CVSS5.4AI score0.00143EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46213

Name of the Vulnerable Software and Affected Versions Soliloquy Lite version 2.5.6 Description A persistent cross-site scripting issue allows authenticated attackers to inject malicious scripts by inserting script tags into the post title field. This is achieved by submitting POST requests to the...

5.4CVSS4.8AI score0.00171EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46393

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start 6rd tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6 6rd borderrelay leads to os command injection. It is possible to launch the attack remotely. The...

8.6CVSS6.7AI score0.02199EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46186

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...

3.1CVSS5.9AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46874

SVG files are in the allowed extensions whitelist and can be uploaded by any admin user via the media manager. There is zero SVG content sanitization anywhere in the upload pipeline. A malicious SVG with JavaScript onload, , executes in the context of the Shopware domain when accessed. The Proble...

4.9CVSS5.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46212

Name of the Vulnerable Software and Affected Versions Zoner Real Estate version 4.1.1 Description A persistent cross-site scripting issue exists where authenticated agents can inject malicious JavaScript payloads through the Address input field during property creation. These scripts execute when...

5.4CVSS4.9AI score0.00171EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46425

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description A use after free issue allows a remote attacker to execute arbitrary code through a crafted HTML page. Use after free occurs when an application continues to use a pointer after ...

9.6CVSS6.3AI score0.00985EPSS
Exploits0References434
Positive Technologies
Positive Technologies
•added 2026/06/04 12:0 a.m.•21 views

PT-2026-46297

Name of the Vulnerable Software and Affected Versions BarTender 2010 BarTender 2016 versions prior to R10 BarTender 2019 versions prior to R11 Description An unauthenticated remote code execution issue exists in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The...

9.8CVSS6.4AI score0.00729EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•21 views

PT-2026-46127

Name of the Vulnerable Software and Affected Versions Docling versions prior to 2.94.0 Description The HTML backend fails to perform sufficient validation during resource handling. This allows local file system access via file:// URIs when enable local fetch is set to True, and enables path...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•21 views

PT-2026-45931

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

4.3CVSS5.8AI score0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•21 views

PT-2026-46045

Name of the Vulnerable Software and Affected Versions OP-TEE versions prior to 4.11.0 Description OP-TEE is a Trusted Execution Environment designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. In several ECDH shared secret paths, the publi...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•21 views

PT-2026-46047

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.2 Description PHP Object Injection occurs due to the use of unserialize calls within the Workflow, Form block, and File/Set components that do not implement the allowed classes restriction. This allows an...

8.4CVSS5.9AI score0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•21 views

PT-2026-45935

Name of the Vulnerable Software and Affected Versions lwext4 version 1.0.0 Description An out-of-bounds read exists in the ext4 ext binsearch idx function within the src/ext4 extent.c file. This occurs because extent header fields are not sufficiently validated before a binary search is performed...

6.5CVSS5.4AI score0.0028EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•21 views

PT-2026-46105

Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity XXE attacks to read local files or cause denial of service - Decompression bombs zip bombs to exhaust memory and disk space - Unbounded archive extraction...

5.5CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•21 views

PT-2026-46099

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

6.4CVSS6.1AI score0.00128EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•21 views

PT-2026-46011

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ath12k wifi driver where a stale link mapping is retained in ahvif-links map. This occurs when an arvif is initialized in non-AP STA mode but MLO connection...

5.8AI score0.00121EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•21 views

PT-2026-46021

In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle create In linehandle create, there is a statement like this: retain and null ptrlh; Soon after, there is a debug printout that dereferences "lh", which will crash things. Avoid the...

5.8AI score0.001EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•21 views

PT-2026-45925

Name of the Vulnerable Software and Affected Versions dali-devconfig affected versions not specified Description A remote attacker with user privileges can exploit a stack buffer overflow in the dali-devconfig method to gain full system access with root privileges. A stack buffer overflow occurs...

8.8CVSS6.5AI score0.00456EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/03 12:0 a.m.•21 views

PT-2026-46019

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the NFS LOCALIO, an optimization for loopback mounts that bypasses the network for READ, WRITE, and COMMIT operations when the client and server are on the same system...

5.7CVSS5.2AI score0.00099EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•21 views

PT-2026-45849

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

8.4CVSS5.9AI score0.00107EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•21 views

PT-2026-45723

Name of the Vulnerable Software and Affected Versions Wirtualna Uczelnia versions prior to wu2016.437.295020260327 105545 Description Server-Side Template Injection SSTI occurs when an unauthenticated attacker injects arbitrary template expressions into the server, which are then executed. This...

9.3CVSS6AI score0.00557EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•21 views

PT-2026-45707

Name of the Vulnerable Software and Affected Versions Easy Cart versions prior to 1.9 Description The Easy Cart plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occu...

6.4CVSS5.5AI score0.00243EPSS
Exploits0References19
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•21 views

PT-2026-46493

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow in V8 allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. V8 is the open-source high-performance JavaScript a...

9.6CVSS6.4AI score0.00456EPSS
Exploits0References438
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•21 views

PT-2026-45805

Name of the Vulnerable Software and Affected Versions Dell ThinOS 10 versions prior to 2602 10.0765 Description An improper access control issue exists where a low privileged attacker with local access could potentially achieve privilege escalation. Recommendations Update to version 2602 10.0765 ...

7.8CVSS5.4AI score0.001EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•21 views

PT-2026-45676

A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can...

4.8CVSS4.1AI score0.0021EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/02 12:0 a.m.•21 views

PT-2026-46565

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Document Object Model DOM, a programming interface for web documents, allows a remote attacker to bypass the same origin policy through the use of...

9.6CVSS5.8AI score0.00493EPSS
Exploits1References437
Total number of security vulnerabilities5000