Lucene search
K
PtsecurityMost viewed

184497 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.21 views

PT-2026-37951

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitab...

5.3CVSS6.5AI score0.0296EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.21 views

PT-2026-37631

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.21 views

PT-2026-37936

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

5.3CVSS6.5AI score0.08346EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.21 views

PT-2026-38487

Summary Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release: 1. String-literal tokenization on certain unterminated quoted-string input. 2...

7.5CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.21 views

PT-2026-38225

Name of the Vulnerable Software and Affected Versions PicoTronica e-Clinic Healthcare System ECHS version 5.7 Description An issue in the Response Header Handler component within the file '/cdemos/echs/api/v2/' allows for remote information disclosure. Recommendations Upgrade to version 5.7.1...

6.9CVSS6.1AI score0.00292EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.21 views

PT-2026-36966

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr update form action meta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with ...

7.2CVSS6AI score0.00359EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.21 views

PT-2026-37284

Name of the Vulnerable Software and Affected Versions Open edx Enterprise Service versions 7.0.2 through 7.0.4 Description An authenticated user with the Enterprise Admin role can trigger a server-side HTTP request. By using the 'SAMLProviderConfigViewSet' PATCH endpoint, a user can set the...

8.5CVSS5.9AI score0.00301EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.21 views

PT-2026-46983

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On platforms running Arista EOS with tunnel decapsulation configurations—such as VXLAN Virtual Extensible LAN, decap-groups, or GRE Generic Routing Encapsulation tunnel interfaces—the swit...

6.9CVSS6AI score0.00836EPSS
Exploits1References33
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.21 views

PT-2026-37367

These are all security issues fixed in the icinga-php-library-0.19.2-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.21 views

PT-2026-38212

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient policy enforcement in WebApp allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, via a crafted HTML...

9.6CVSS5.8AI score0.00344EPSS
Exploits0References136
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.21 views

PT-2026-37045

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.21 views

PT-2026-36912

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1 FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'makeRequest.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the s...

9.3CVSS6.2AI score0.02707EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.21 views

PT-2026-36754

Name of the Vulnerable Software and Affected Versions PrefectHQ prefect versions prior to 3.6.28.dev2 Description A time-of-check time-of-use TOCTOU issue exists in the validate restricted url function of the Webhook/Notification component. This flaw allows a remote attacker to manipulate the...

5CVSS5.9AI score0.0025EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.21 views

PT-2026-37106

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.31.0 Description Gotenberg fails to properly validate metadata tags passed to ExifTool, a tool used for reading and writing image, audio, and video metadata. While the software blocks specific tags like FileName a...

8.2CVSS6AI score0.00347EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.21 views

PT-2026-36599

Name of the Vulnerable Software and Affected Versions CTMS affected versions not specified CPAS affected versions not specified Description CTMS and CPAS developed by Sunnet contain an arbitrary file upload flaw. This allows privileged remote attackers to upload and execute web shell backdoors,...

8.6CVSS6.4AI score0.00465EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.21 views

PT-2026-36393

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free error exists in the usbtmc release function. This occurs because pending anchored URBs USB Request Blocks are not properly flushed or killed, which can lead to memory...

8.1CVSS5.9AI score0.00205EPSS
Exploits0References420
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.21 views

PT-2026-37139

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description The 'ecard preview.php' endpoint fails to validate that the ecard template POST parameter is a safe filename before it is processed by the getEcardTemplate function. An authenticated user can exploit...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.21 views

PT-2026-35824

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

6.3CVSS4.3AI score0.00418EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.21 views

PT-2026-35542

A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.21 views

PT-2026-35370

Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.0.0 through 4.14.5 Apache Camel versions 4.15.0 through 4.18.1 Apache Camel versions 4.19.0 through 4.19.x Description Certain non-HTTP HeaderFilterStrategy implementations, specifically JmsHeaderFilterStrategy and...

9.9CVSS6.5AI score0.0086EPSS
Exploits1References26
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.21 views

PT-2026-35018

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return value after changing leaf in lookup extent data ref After commit 1618aa3c2e01 "btrfs: simplify return variables in lookup extent data ref", the err and ret variables were merged into a single ret...

5.4AI score0.0012EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.21 views

PT-2026-34948

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the OCFS2 file system where the ocfs2 group extend function assumes that the global bitmap inode block returned from ocfs2 inode lock is already validated. In crafted...

5.5CVSS6AI score0.00133EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.21 views

PT-2026-34946

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A duplicate resource teardown occurs in the PCI endpoint pci-epf-vntb. The function epf ntb epc destroy performs a teardown that the caller is already expected to execute. This redundanc...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References321
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.21 views

PT-2026-34660

Name of the Vulnerable Software and Affected Versions FunnelFormsPro versions n/a through 3.8.1 Description Improper Control of Generation of Code allows Remote Code Inclusion, which enables an attacker to inject and execute arbitrary code. Recommendations At the moment, there is no information...

9.9CVSS6.1AI score0.00364EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.21 views

PT-2026-34047

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.16 Description An issue exists in the Custom Scripts Handler component that allows for cross site scripting. This flaw enables remote exploitation through the manipulation of an unknown functionality within the...

5.1CVSS4.6AI score0.00191EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.21 views

PT-2026-46937

Name of the Vulnerable Software and Affected Versions X.Org X server affected versions not specified Xwayland affected versions not specified Description A use-after-free flaw exists in the miSyncDestroyFence function. This occurs when a client sets up multiple fence triggers, allowing a function...

7.8CVSS5.7AI score0.00142EPSS
Exploits0References108
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.21 views

PT-2026-36836

Name of the Vulnerable Software and Affected Versions D-Link DIR-600L Hardware Revision A1 Description A hardcoded telnet backdoor exists in the device. At boot, the device starts a telnet daemon via the /bin/telnetd.sh script using the username "Alphanetworks" and a static password "wrgn35 dlwbr...

9.8CVSS5.8AI score0.00472EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.21 views

PT-2026-33415

Name of the Vulnerable Software and Affected Versions Canto plugin for WordPress versions prior to 3.1.2 Description Missing authorization occurs due to the absence of capability checks or nonce verification in the updateOptions function. This function is exposed via two AJAX hooks: 'wp ajax...

4.3CVSS5.2AI score0.00282EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.21 views

PT-2026-32279

Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

5.1CVSS5.8AI score0.00077EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.21 views

PT-2026-31102

Name of the Vulnerable Software and Affected Versions Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress versions up to and including 2.1.7 Description The Masteriyo LMS plugin is affected by an authorization bypass issue. Insufficient webhook signature...

5.3CVSS5.8AI score0.00375EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.21 views

PT-2026-31292

Name of the Vulnerable Software and Affected Versions The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress versions up to and including 5.1.2 Description The User Registration ...

6.5CVSS5.9AI score0.00306EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.21 views

PT-2026-29602

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP, an asynchronous HTTP client/server framework, is susceptible to excessive memory usage due to an unbounded DNS cache. This can potentially lead to a Denial of Service DoS situation if an...

7.5CVSS5.9AI score0.0044EPSS
Exploits0References303
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.21 views

PT-2026-28610

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.63 Parse Server versions prior to 9.7.0-alpha.7 Description The verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attack...

8.2CVSS5.9AI score0.00303EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.21 views

PT-2026-26466

The Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary...

7.1CVSS5.8AI score0.00178EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.21 views

PT-2026-24729

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups...

8.8CVSS5.8AI score0.00135EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.21 views

PT-2026-24776

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public html/ to write executable code...

8.7CVSS6.1AI score0.00717EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.21 views

PT-2026-23789

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.13 Description Flowise is a drag & drop user interface to build customized large language model flows. A critical Insecure Direct Object Reference IDOR vulnerability, combined with a Business Logic Flaw, exists in...

8.8CVSS7.3AI score0.0045EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.21 views

PT-2026-22722

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote...

8.7CVSS6AI score0.00421EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.21 views

PT-2026-22214

Name of the Vulnerable Software and Affected Versions Phishing Club versions prior to 1.30.2 Description Phishing Club is a phishing simulation and man-in-the-middle framework. An authenticated SQL injection issue exists in the GetOrphaned recipient listing endpoint. The endpoint builds a SQL que...

6.5CVSS6AI score0.00332EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.21 views

PT-2026-20256

Old vuln, new life: React2Shell CVE-2025-55812 is seeing a surge in active exploitation with reverse shells + cryptominers. If your patching is based on CVSS instead of real-world activity, you’re already behind. https://t.co/2hEOe08JVG CyberSecurity ThreatIntel PatchNow...

5.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.21 views

PT-2026-20251

Name of the Vulnerable Software and Affected Versions IBM Security QRadar EDR versions 3.12 through 3.12.23 Description IBM Security QRadar EDR does not invalidate sessions after they expire. This could allow an authenticated user to impersonate another user on the system. Recommendations Update...

6.3CVSS5.4AI score0.00185EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.21 views

PT-2026-8047

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulk save' AJAX action. This makes it possible for...

5.3CVSS5.7AI score0.00227EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.21 views

PT-2026-7312

Name of the Vulnerable Software and Affected Versions IntelR NPU Drivers affected versions not specified Description An improper conditions check in some firmware for IntelR NPU Drivers within Ring 1 may allow a denial of service. An unprivileged software adversary with an authenticated user and ...

5.7CVSS5.3AI score0.00086EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.21 views

PT-2026-6963

Name of the Vulnerable Software and Affected Versions Tenda TX3 versions up to 16.03.13.11 multi Description A flaw exists in Tenda TX3 that allows remote attackers to trigger a buffer overflow. The issue is located in the file /goform/SetIpMacBind and involves manipulation of the argument list t...

9CVSS8.4AI score0.00733EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.21 views

PT-2026-6891

Name of the Vulnerable Software and Affected Versions Video Onclick plugin for WordPress versions prior to 0.4.8 Description The Video Onclick plugin for WordPress is susceptible to Stored Cross-Site Scripting through the youtube shortcode. This is due to inadequate input sanitization and output...

6.4CVSS5.4AI score0.0019EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.21 views

PT-2026-6715

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security flaw exists in itsourcecode Student Management System 1.0. The issue involves a SQL injection affecting an unknown function within the file /ramonsys/billing/index.php...

9.8CVSS5.5AI score0.00416EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.21 views

PT-2026-5868

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description IBM Concert is susceptible to HTTP header injection due to inadequate validation of the HOST headers. This issue could enable an attacker to perform various attacks against the system,...

6.5CVSS5.2AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.21 views

PT-2026-6274

Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.19.0 Description An Open Redirect issue exists in Qwik City’s default request handler middleware. This allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation could allow...

6.9CVSS5.7AI score0.00237EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.21 views

PT-2026-4012

Name of the Vulnerable Software and Affected Versions merkulove Crumber versions through 1.0.10 Description An authorization issue exists in merkulove Crumber crumber-elementor due to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendation...

5.2AI score0.00275EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.21 views

PT-2026-3143

Name of the Vulnerable Software and Affected Versions Altium Workflow Engine affected versions not specified Description A stored cross-site scripting XSS issue exists because of insufficient server-side input sanitization within workflow form submission APIs. An authenticated user can inject...

8CVSS5.7AI score0.00303EPSS
Exploits0References4
Total number of security vulnerabilities5000