Lucene search
K
PtsecurityMost viewed

184315 matches found

Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.33 views

PT-2024-41: Bypass authentication in PT MaxPatrol SIEM, PT MaxPatrol VM, PT MaxPatrol EDR, PT MaxPatrol Carbon и PT MaxPatrol O2

The vulnerability was identified in PT MaxPatrol SIEM, PT MaxPatrol VM, PT MaxPatrol EDR, PT MaxPatrol Carbon и PT MaxPatrol O2 that affects versions that include component PT MC version earlier than 101.4.8813 and component MPX version earlier than 27.2.14850. The discovered vulnerability allows...

9.5CVSS7.3AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/07/29 12:0 a.m.33 views

PT-2021-4234 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 5.13.7 Description: The issue allows an unprivileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This is possible because the protection...

9.8CVSS5.9AI score0.93838EPSS
Exploits337References2143
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.32 views

PT-2026-52440

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.32 views

PT-2026-51630

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Git LFS storage is content-addressed by OID Object Identifier alone, while per-repository authorization is managed in the lfs object table. The serveUpload function skips the re-upload process when an...

7.1CVSS5.8AI score0.00236EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.32 views

PT-2026-51596

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.10.0 through 2.18.7 jackson-databind versions 2.19.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description The BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray function allowlists any...

8.1CVSS5.7AI score0.00695EPSS
Exploits0References43
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.32 views

PT-2026-50661

Name of the Vulnerable Software and Affected Versions MCP Toolbox for Databases affected versions not specified Description An authenticated authorization bypass occurs due to missing scope enforcement in older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces...

8.6CVSS5.9AI score0.0015EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.32 views

PT-2026-50521

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.409 Description An authentication bypass exists in passkey registration endpoints. When HERMES WEBUI PASSKEY=1 is enabled and no credentials exist, unauthenticated remote attackers can register arbitrary...

9.1CVSS6.1AI score0.00579EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.32 views

PT-2026-50134

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description A scope escalation issue exists in the web archive download endpoint. A personal access token with any non-repository scope, such as read:issue or read:misc, can be used to download full...

5.3CVSS5.8AI score0.00403EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.32 views

PT-2026-50141

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow contains a path traversal flaw in the Knowledge Bases API endpoint 'POST /api/v1/knowledge bases'. The issue resides in the create knowledge base function, where the name variable is used t...

6.5CVSS6AI score0.00313EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.32 views

PT-2026-49964

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Metadata Plugin component of the Oracle Enterprise Manager Base Platform. An unauthenticated attacker...

9.6CVSS5.8AI score0.00473EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.32 views

PT-2026-49468

Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway versions prior to 3.1.13 Spring Cloud Gateway versions prior to 4.1.13 Spring Cloud Gateway versions prior to 4.2.9 Spring Cloud Gateway versions prior to 4.3.5 Spring Cloud Gateway versions prior to 5.0.2 Description Spri...

8.6CVSS5.8AI score0.00139EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.32 views

PT-2026-48886

Name of the Vulnerable Software and Affected Versions Yarbo cloud affected versions not specified Description The cloud service fails to enforce per-device or per-user authorization. A client with valid credentials, including shared hard-coded credentials or legitimate per-user credentials, can...

8.6CVSS5.2AI score0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.32 views

PT-2026-48898

Name of the Vulnerable Software and Affected Versions ChromaDB versions 0.4.17 through 0.4.16 Description An authenticated attacker with the UPDATE COLLECTION permission can execute arbitrary code on the server. This occurs by sending a malicious model repository and setting the trust remote code...

9.4CVSS5.9AI score0.00342EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.32 views

PT-2026-47252

Name of the Vulnerable Software and Affected Versions Online Music Site version 1.0 Description An issue exists in the processing of the '/Frontend/Search.php' endpoint. Manipulation of the Category argument allows for SQL injection, which is a technique used to execute malicious SQL statements...

7.5CVSS7.3AI score0.0029EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.32 views

PT-2026-47130

Name of the Vulnerable Software and Affected Versions Essential Addons for Elementor versions prior to 6.6.5 Description The plugin is subject to information exposure due to insufficient restrictions on the posts that can be included within the ajax load more function. This allows unauthenticated...

5.3CVSS5.5AI score0.0515EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.32 views

PT-2026-45821

Name of the Vulnerable Software and Affected Versions GoClaw versions prior to 3.11.4 Description An issue in the Webhook Verification Handler component allows for missing authentication. This occurs within the resolveAuth function located in the internal/http/auth.go file, enabling remote...

7.5CVSS7.2AI score0.00399EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.32 views

PT-2026-45587

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00082EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.32 views

PT-2026-43976

Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.0 Description Sensitive information is stored in log files, which may allow a local user to read this data. Recommendations At the moment, there is no information about a newer versio...

5.5CVSS5.8AI score0.001EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.32 views

PT-2026-43442

Name of the Vulnerable Software and Affected Versions Yeoman Environment versions 2.9.0 through 6.0.0 Description Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. The installLocalGenerators function calls...

8.6CVSS5.9AI score0.00139EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.32 views

PT-2026-43026

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...

5.2CVSS5.8AI score0.00125EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.32 views

PT-2026-40166

Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network...

6.5CVSS5.8AI score0.00782EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.32 views

PT-2026-38594

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description A server-side request forgery SSRF issue exists in the notebook viewer. This occurs due to URL parser confusion between the validation layer and the HTTP request library, where the...

7.9CVSS5.8AI score0.00377EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.32 views

PT-2026-23098

Name of the Vulnerable Software and Affected Versions IDC SFX2100 satellite receiver affected versions not specified Description The /sbin/ip utility is installed with the setuid bit set on the IDC SFX2100 satellite receiver. This configuration allows any local user who can execute the binary to...

9.2CVSS5.8AI score0.00148EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.32 views

PT-2026-22887

Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.1 Description The SEPPmail Secure Email Gateway does not properly handle PDF encryption passwords, potentially allowing for operating system command execution. The issue arises from...

9.8CVSS5.9AI score0.0031EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.32 views

PT-2026-5883

Name of the Vulnerable Software and Affected Versions MyRewards – Loyalty Points and Rewards for WooCommerce plugin versions prior to 5.6.1 Description The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress does not properly verify user authorization when performing actio...

6.5CVSS5.6AI score0.00274EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.32 views

PT-2025-50332

Hi All, Looking at the Action1 reports, and unable to see anything which would be useful to for reporting from for the vulnerability of devices. I'm looking for an export with the data similar to the below DeviceName, CveId, Severity, CVSS, PatchAvailable, Product, OS, LastSeen PC-001,...

6.5CVSS6.8AI score0.01593EPSS
Exploits13References1
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.32 views

PT-2024-6815 · Unknown · Zangi Private Messenger

Name of the Vulnerable Software and Affected Versions: Zangi Private Messenger affected versions not specified Description: The issue is related to weaknesses in the session key generation mechanism of the application. This could allow a remote attacker to implement a "man-in-the-middle" attack...

7.8CVSS6.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/20 12:0 a.m.32 views

PT-2024-40259 · Passbolt · Passbolt

Name of the Vulnerable Software and Affected Versions: Passbolt affected versions not specified Description: The issue concerns the /auth/verify.json endpoint, which returns a JSON containing the cookies sent in the request. This could allow an attacker who exploits an XSS vulnerability to retrie...

3.7CVSS5.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/11 12:0 a.m.32 views

PT-2022-17911 · Intel · Intel Xmm 7560 Modem

Name of the Vulnerable Software and Affected Versions: IntelR XMMTM 7560 Modem software versions prior to M2 7560 R 01.2146.00 Description: The issue is related to an out-of-bounds write in the IntelR XMMTM 7560 Modem software, which may allow an unauthenticated user to potentially enable...

9.6CVSS9.4AI score0.00276EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2016/12/29 12:0 a.m.32 views

PT-2022-13726 · Phpipam +1 · Phpipam +1

Name of the Vulnerable Software and Affected Versions: phpipam/phpipam versions prior to 1.4.6 Description: The issue is related to improper access control, which can lead to incorrect authorization. Recommendations: For versions prior to 1.4.6, update to version 1.4.6 or later to resolve the iss...

9.8CVSS6.4AI score0.99714EPSS
Exploits84References75
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.31 views

PT-2026-52968

Name of the Vulnerable Software and Affected Versions relibc affected versions not specified Description A Denial of Service DoS issue exists in the parse month function located in /time/strptime.rs. An attacker can cause the system to crash by providing a specially crafted input. This issue is...

7.5CVSS5.8AI score0.00446EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.31 views

PT-2026-52590

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A length-confusion issue exists in the wolfSSL OCSP resp find status function. The lookup process compares serial-number bytes without verifying that the two serial numbers are of equal lengt...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.31 views

PT-2026-51514

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description A command injection issue exists in the SVG decoder. This allows attackers to inject arbitrary Magick Vector Graphics MVG drawing commands by crafting...

9.2CVSS6AI score0.00895EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.31 views

PT-2026-51430

Name of the Vulnerable Software and Affected Versions motionEye version 0.43.1 Description An absolute path traversal issue exists in the picture and movie API endpoints, such as '/picture/id/preview/filename'. The vulnerability occurs because the API handlers and functions get media preview and...

6.5CVSS6AI score0.00418EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.31 views

PT-2026-50736

Impact Hydro contains an insufficient session expiration vulnerability in its session recreation logic. When a session is recreated, including during logout or other session renewal flows, Hydro creates a new session token but does not delete the previous server-side session token. As a result, a...

6.9CVSS5.4AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.31 views

PT-2026-50703

Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...

9.8CVSS5.9AI score0.00427EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.31 views

PT-2026-50258

Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network attacker with registration access can introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the Hostname field of the configuration fil...

4.8CVSS6.2AI score0.00293EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.31 views

PT-2026-49942

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.1CVSS5.1AI score0.00397EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.31 views

PT-2026-50083

Name of the Vulnerable Software and Affected Versions TL-WR940N version 6 Description An authenticated OS command injection exists in the IPv6 PPPoE configuration handler due to improper sanitization of user input. An attacker with administrative access can exploit this to execute arbitrary syste...

8.5CVSS6.2AI score0.02787EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.31 views

PT-2026-49979

Name of the Vulnerable Software and Affected Versions MySQL Shell Shell for VS Code version 2026.2.0+9.6.1 Description A flaw in the Shell for VS Code component of Oracle MySQL allows a low-privileged attacker with network access via multiple protocols to compromise the system. Successful...

6.5CVSS5.9AI score0.00261EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.31 views

PT-2026-49055

Name of the Vulnerable Software and Affected Versions Fabric.js versions prior to 7.4.0 Description Improper escaping of user-controlled input during SVG serialization via the toSVG method can lead to Cross-Site Scripting XSS. Specifically, the color field within the colorStops array of a...

6.1CVSS6AI score0.00194EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.31 views

PT-2026-49030

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.26 Description An information disclosure issue exists in sandboxed session spawning that exposes the real workspace path to child prompts. This allows attackers to reveal the host workspace location or related...

4.3CVSS5.2AI score0.00187EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.31 views

PT-2026-48647

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...

9.4CVSS5.5AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.31 views

PT-2026-48272

Name of the Vulnerable Software and Affected Versions ColdFusion versions prior to 2023.20 ColdFusion versions prior to 2025.9 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, allows an attacker to bypass security features and access unauthorize...

9.6CVSS5.2AI score0.07624EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.31 views

PT-2026-48299

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A flaw in the BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The issue stems from uncontrolled mutual recursio...

8.7CVSS5.5AI score0.00345EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.31 views

PT-2026-47132

Name of the Vulnerable Software and Affected Versions Click to Chat – WA Widget versions prior to 4.39 Description The plugin is subject to Stored Cross-Site Scripting. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occurs because...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.31 views

PT-2026-46001

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to unauthenticated adjacent network attackers...

4.3CVSS5.9AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.31 views

PT-2026-45492

Name of the Vulnerable Software and Affected Versions Vitest versions prior to 4.1.0 Description A flaw in the UI/API server on Windows allows remote attackers to bypass file access restrictions and read arbitrary files when the server is exposed to the network. The issue occurs because the API...

9.8CVSS6.5AI score0.00232EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.31 views

PT-2026-42166

The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view sensitive data...

6.5CVSS5.8AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.31 views

PT-2026-40941

Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser controller copies raw POST username values into the display name field before sanitization occurs. Attackers can submit HTML and script markup in the username field duri...

6.1CVSS5.8AI score0.00218EPSS
Exploits0References4
Total number of security vulnerabilities5000