Lucene search
K
PtsecurityMost viewed

184501 matches found

Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43898

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the ks8851 driver when the ks8851 irq function is executed. If a TX packet has been sent, the driver enables the TX queue via netif wake queue, which schedules a TX...

7.5CVSS5.8AI score0.0037EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43920

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Reliable Datagram Sockets RDS implementation of the Linux kernel. In the rds rdma map function, memory region MR ownership of scatter-gather lists and pages is...

7.8CVSS6.1AI score0.00129EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43959

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A DMA coherency issue exists in the igorplugusb driver within the media subsystem. In a control request, the USB request...

5.5CVSS5.9AI score0.00122EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-47216

Unknown description...

5.4AI score0.00051EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43857

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the slub allocator where the krealloc and kvrealloc functions can cause data loss or buffer overflows. This occurs during the reallocation fallback path when forcing a...

5.5CVSS6.2AI score0.00133EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43939

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The run unpack function in the ntfs3 driver fails to verify if the size size and offset size bytes read via run unpack s64 fit within the remaining buffer, despite checking run buf run...

5.5CVSS5.9AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43680

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the bareudp fill metadata dst function. The function passes bareudp-sock to udp tunnel6 dst lookup in the IPv6 path without performing a NULL check...

5.5CVSS5.9AI score0.00115EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43914

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the QRTR nameservice driver during the remove process. If a packet arrives after destroy workqueue is called but before sock release, the qrtr ns data...

7.8CVSS5.7AI score0.00126EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43812

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Intel VT-d PASID table entry replacement process. The PASID table entry is 512 bits, and the implementation copies a new entry to the table using a single...

8.8CVSS5.2AI score0.00128EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43352

Name of the Vulnerable Software and Affected Versions Twenty CRM versions 1.7.7 through 1.16.7 Description A Remote Code Execution RCE issue exists via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If the Postgres user is a superuser, any authenticated user can execute arbitrary ...

9.9CVSS6.3AI score0.00483EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-44501

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A Server-Side Template Injection SSTI issue exists in the template rendering system. Administrators with access to features that render Twig templates—such as email templates, mass mail campaigns...

9.4CVSS6.2AI score0.01892EPSS
Exploits1References13
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43201

Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121...

4.3CVSS5.8AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43317

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An improper access check allows privilege escalation through the com users batch task. Recommendations At the moment, there is no information about a newer versi...

9.8CVSS5.8AI score0.00234EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43196

Name of the Vulnerable Software and Affected Versions CODESYS Development System affected versions not specified Description The software creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary fil...

8.5CVSS5.9AI score0.00123EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43287

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Lack of output escaping in the feed modules allows for a Cross-Site Scripting XSS vector. XSS is a flaw where an application includes untrusted data in a web pag...

6.9CVSS5.9AI score0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43620

Name of the Vulnerable Software and Affected Versions radvd versions prior to 2.21 Description The radvdump utility contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the print ff function copies up to 2032 bytes of...

8.8CVSS6.1AI score0.00203EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43192

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...

6.5CVSS6.3AI score0.01803EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43453

Name of the Vulnerable Software and Affected Versions Kata Containers version 3.28.0 Description Kata Containers allows pod creators to inject arbitrary command-line arguments into the virtiofsd process via the io.katacontainers.config.hypervisor.virtio fs extra args pod annotation. Because the...

6.5CVSS6AI score0.00057EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43302

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A null pointer dereference exists in the Bluetooth L2CAP component. This occurs within the l2cap sock state change cb...

9.8CVSS5.8AI score0.03663EPSS
Exploits17References284
Positive Technologies
Positive Technologies
•added 2026/05/25 12:0 a.m.•21 views

PT-2026-43024

Name of the Vulnerable Software and Affected Versions Cargo versions 1.68 through 1.95 Description Cargo incorrectly normalized URLs of third-party registries using the sparse index protocol. In scenarios where a hosting provider allows multiple registries to be hosted with arbitrary names within...

6.8CVSS5.9AI score0.00328EPSS
Exploits0References22
Positive Technologies
Positive Technologies
•added 2026/05/25 12:0 a.m.•21 views

PT-2026-42989

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer name results in cross...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/25 12:0 a.m.•21 views

PT-2026-42979

A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be...

10CVSS7AI score0.01732EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/24 12:0 a.m.•21 views

PT-2026-42942

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the formPPTPSetup function located in the '/goform/formPPTPSetup' endpoint when manipulating...

9CVSS7.5AI score0.00542EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/24 12:0 a.m.•21 views

PT-2026-43107

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x through 1.7.0 Description Insecure code evaluation logic exists within the LDAP autovalues option, which could lead to code injection. Recommendations Update to...

7.5CVSS5.9AI score0.00414EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/05/24 12:0 a.m.•21 views

PT-2026-42972

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the formWanTcpipSetup function located in the '/goform/formWanTcpipSetup' endpoint when the...

9CVSS7.5AI score0.00445EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/24 12:0 a.m.•21 views

PT-2026-42934

A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is associated with this...

6.3CVSS5.1AI score0.00357EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/24 12:0 a.m.•21 views

PT-2026-42915

A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. VulDB is withholding an extended...

5.1CVSS4.3AI score0.00279EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/22 12:0 a.m.•21 views

PT-2026-42851

Name of the Vulnerable Software and Affected Versions Azure Resource Manager affected versions not specified Description Improper authentication in Azure Resource Manager ARM allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no informati...

10CVSS5.8AI score0.00494EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42699

Name of the Vulnerable Software and Affected Versions libp2p versions prior to 15.0.23 Description Three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node using default options, leading to an Out-Of-Memory OOM crash...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42468

Name of the Vulnerable Software and Affected Versions Trend Micro TrendAI Apex One affected versions not specified TrendAI Apex One as a Service affected versions not specified Description An origin validation issue in the Apex One/SEP agent allows a local attacker to escalate privileges. This fl...

7.8CVSS6AI score0.00246EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42469

Name of the Vulnerable Software and Affected Versions Apex One/SEP agent affected versions not specified Description An origin validation error in the process protection mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must first have the ability to...

7.8CVSS7.1AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42441

Honeywell Control Network Module CNM contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data...

5.9CVSS5.8AI score0.00041EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42702

Name of the Vulnerable Software and Affected Versions KnpSnappyBundle affected versions not specified Description An issue exists that allows Server-Side Request Forgery SSRF and local file read. This occurs when applications allow user-supplied input to be passed directly to the Snappy library,...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42519

Name of the Vulnerable Software and Affected Versions Open ISES Tickets versions prior to 3.44.2 Description The software contains hardcoded MySQL database credentials within the loader.php file, which is a public-facing database utility committed to the source repository. An unauthenticated...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42685

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description The Fission router registers internal routes '/fission-function/' and '/fission-function//' for every function object, regardless of whether an HTTPTrigger exists. Because these routes are mounted o...

9.8CVSS5.8AI score0.00353EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42497

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm add str POST parameter directly into an HTML form hidden input value attribute...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42557

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description The OAuth 2.0 Authorization-Code Handler fails to verify account status. This allows users who are suspended, banned, or terminated employees, specifically those with the uIsActive variable set ...

2.3CVSS5.8AI score0.00172EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42395

Name of the Vulnerable Software and Affected Versions mlflow/mlflow versions prior to 3.10.0 Description When basic authentication is enabled, the 'SearchModelVersions' REST API endpoint and the 'mlflowSearchModelVersions' GraphQL query lack proper per-model authorization checks. This allows any...

6.5CVSS6.6AI score0.00441EPSS
Exploits1References10
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42480

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id POST parameter directly into an HTML form input value attribute. Attackers ca...

5.4CVSS5.8AI score0.00172EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42632

Summary lmdeploy hardcodes trust remote code=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trust remote code=True into HuggingFace Transformers APIs such as AutoConfig.from pretrained,...

7.8CVSS6.7AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42459

Name of the Vulnerable Software and Affected Versions Apache Camel K versions 2.0.0 through 2.8.0 Apache Camel K versions 2.9.0 through 2.9.1 Apache Camel K versions 2.10.0 Description Authorized users in a Kubernetes namespace can create a Build resource to control Pod generation in a namespace ...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/05/20 12:0 a.m.•21 views

PT-2026-42386

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/20 12:0 a.m.•21 views

PT-2026-42070

Name of the Vulnerable Software and Affected Versions ProSolution WP Client versions prior to 2.0.1 Description The ProSolution WP Client plugin for WordPress allows unauthenticated attackers to upload malicious PHP files, potentially leading to remote code execution. This occurs due to an array...

9.8CVSS6.1AI score0.00978EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/05/20 12:0 a.m.•21 views

PT-2026-42385

Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia...

5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/19 12:0 a.m.•21 views

PT-2026-41884

Name of the Vulnerable Software and Affected Versions Piotnet Forms versions prior to 2.1.41 Description An arbitrary file upload issue exists due to missing file type validation within the piotnetforms ajax form builder function. The software employs an incomplete extension blacklist that blocks...

9.8CVSS6.2AI score0.0081EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/19 12:0 a.m.•21 views

PT-2026-41826

Name of the Vulnerable Software and Affected Versions Samsung Open Source Walrus version f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9 Description A NULL pointer dereference allows pointer manipulation. A NULL pointer dereference occurs when a program attempts to read or write to a memory address that...

7.5CVSS5.4AI score0.00209EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/18 12:0 a.m.•21 views

PT-2026-41694

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.0 Description The unauthenticated 'GET /api/app-images/logo' endpoint reflects a user-supplied color query parameter into the body of an SVG document using strings.ReplaceAll without proper escaping. This...

8.2CVSS5.8AI score0.00185EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/05/15 12:0 a.m.•21 views

PT-2026-41375

Name of the Vulnerable Software and Affected Versions radare2 version 6.1.5 Description A use-after-free issue exists in the gdbr pids list function within the GDB client core. Remote attackers can cause a denial of service or potentially execute arbitrary code by sending malformed thread...

9.8CVSS6.1AI score0.00603EPSS
Exploits1References11
Positive Technologies
Positive Technologies
•added 2026/05/15 12:0 a.m.•21 views

PT-2026-41419

Name of the Vulnerable Software and Affected Versions Funnel Builder affected versions not specified Description An SQL injection flaw in the Funnel Builder plugin allows attackers to inject payment skimmers into WooCommerce checkout pages. This issue enables script propagation across all checkou...

9.3CVSS5.9AI score0.00283EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/15 12:0 a.m.•21 views

PT-2026-41247

An out of bounds write within the AMD Platform Management Framework PMF could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability...

8.4CVSS6.2AI score0.00114EPSS
Exploits0References2
Total number of security vulnerabilities5000