Lucene search
K
PtsecurityMost viewed

184569 matches found

Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43878

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the mtk jpeg release function. The function frees the context structure ctx without cancelling pending or running work in ctx-jpeg work. This creates a race...

7.8CVSS5.8AI score0.00125EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43898

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the ks8851 driver when the ks8851 irq function is executed. If a TX packet has been sent, the driver enables the TX queue via netif wake queue, which schedules a TX...

7.5CVSS5.8AI score0.0037EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43959

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A DMA coherency issue exists in the igorplugusb driver within the media subsystem. In a control request, the USB request...

5.5CVSS5.9AI score0.00122EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-47216

Unknown description...

5.4AI score0.00051EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43787

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 file system where a double decrement of the dirty clusters counter occurs during file system shutdown. This happens in the error path between the ext4 mb mark...

7.8CVSS5.4AI score0.00146EPSS
Exploits0References142
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43812

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Intel VT-d PASID table entry replacement process. The PASID table entry is 512 bits, and the implementation copies a new entry to the table using a single...

8.8CVSS5.2AI score0.00128EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43920

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Reliable Datagram Sockets RDS implementation of the Linux kernel. In the rds rdma map function, memory region MR ownership of scatter-gather lists and pages is...

7.8CVSS6.1AI score0.00129EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/27 12:0 a.m.•21 views

PT-2026-43914

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the QRTR nameservice driver during the remove process. If a packet arrives after destroy workqueue is called but before sock release, the qrtr ns data...

7.8CVSS5.7AI score0.00126EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43352

Name of the Vulnerable Software and Affected Versions Twenty CRM versions 1.7.7 through 1.16.7 Description A Remote Code Execution RCE issue exists via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If the Postgres user is a superuser, any authenticated user can execute arbitrary ...

9.9CVSS6.3AI score0.00483EPSS
Exploits1References5
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43201

Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121...

4.3CVSS5.8AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43196

Name of the Vulnerable Software and Affected Versions CODESYS Development System affected versions not specified Description The software creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary fil...

8.5CVSS5.9AI score0.00123EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43287

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Lack of output escaping in the feed modules allows for a Cross-Site Scripting XSS vector. XSS is a flaw where an application includes untrusted data in a web pag...

6.9CVSS5.9AI score0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43620

Name of the Vulnerable Software and Affected Versions radvd versions prior to 2.21 Description The radvdump utility contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the print ff function copies up to 2032 bytes of...

8.8CVSS6.1AI score0.00203EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43192

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...

6.5CVSS6.3AI score0.01803EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/26 12:0 a.m.•21 views

PT-2026-43302

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A null pointer dereference exists in the Bluetooth L2CAP component. This occurs within the l2cap sock state change cb...

9.8CVSS5.8AI score0.03663EPSS
Exploits17References284
Positive Technologies
Positive Technologies
•added 2026/05/25 12:0 a.m.•21 views

PT-2026-42989

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/add order.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customer name results in cross...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/25 12:0 a.m.•21 views

PT-2026-42979

A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be...

10CVSS7AI score0.01732EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/24 12:0 a.m.•21 views

PT-2026-42942

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the formPPTPSetup function located in the '/goform/formPPTPSetup' endpoint when manipulating...

9CVSS7.5AI score0.00542EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/24 12:0 a.m.•21 views

PT-2026-43107

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x through 1.7.0 Description Insecure code evaluation logic exists within the LDAP autovalues option, which could lead to code injection. Recommendations Update to...

7.5CVSS5.9AI score0.00414EPSS
Exploits0References20
Positive Technologies
Positive Technologies
•added 2026/05/24 12:0 a.m.•21 views

PT-2026-42934

A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is associated with this...

6.3CVSS5.1AI score0.00357EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/24 12:0 a.m.•21 views

PT-2026-42915

A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. VulDB is withholding an extended...

5.1CVSS4.3AI score0.00279EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/22 12:0 a.m.•21 views

PT-2026-42851

Name of the Vulnerable Software and Affected Versions Azure Resource Manager affected versions not specified Description Improper authentication in Azure Resource Manager ARM allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no informati...

10CVSS5.8AI score0.00494EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42699

Name of the Vulnerable Software and Affected Versions libp2p versions prior to 15.0.23 Description Three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node using default options, leading to an Out-Of-Memory OOM crash...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42468

Name of the Vulnerable Software and Affected Versions Trend Micro TrendAI Apex One affected versions not specified TrendAI Apex One as a Service affected versions not specified Description An origin validation issue in the Apex One/SEP agent allows a local attacker to escalate privileges. This fl...

7.8CVSS6AI score0.00246EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42469

Name of the Vulnerable Software and Affected Versions Apex One/SEP agent affected versions not specified Description An origin validation error in the process protection mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must first have the ability to...

7.8CVSS7.1AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42441

Honeywell Control Network Module CNM contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data...

5.9CVSS5.8AI score0.00041EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42702

Name of the Vulnerable Software and Affected Versions KnpSnappyBundle affected versions not specified Description An issue exists that allows Server-Side Request Forgery SSRF and local file read. This occurs when applications allow user-supplied input to be passed directly to the Snappy library,...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42519

Name of the Vulnerable Software and Affected Versions Open ISES Tickets versions prior to 3.44.2 Description The software contains hardcoded MySQL database credentials within the loader.php file, which is a public-facing database utility committed to the source repository. An unauthenticated...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42685

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description The Fission router registers internal routes '/fission-function/' and '/fission-function//' for every function object, regardless of whether an HTTPTrigger exists. Because these routes are mounted o...

9.8CVSS5.8AI score0.00353EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42632

Summary lmdeploy hardcodes trust remote code=True in multiple HuggingFace model-loading call sites. The affected code paths are in: text lmdeploy/archs.py lmdeploy/utils.py The vulnerable call sites pass trust remote code=True into HuggingFace Transformers APIs such as AutoConfig.from pretrained,...

7.8CVSS6.7AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42557

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description The OAuth 2.0 Authorization-Code Handler fails to verify account status. This allows users who are suspended, banned, or terminated employees, specifically those with the uIsActive variable set ...

2.3CVSS5.8AI score0.00172EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42395

Name of the Vulnerable Software and Affected Versions mlflow/mlflow versions prior to 3.10.0 Description When basic authentication is enabled, the 'SearchModelVersions' REST API endpoint and the 'mlflowSearchModelVersions' GraphQL query lack proper per-model authorization checks. This allows any...

6.5CVSS6.6AI score0.00441EPSS
Exploits1References10
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42480

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id POST parameter directly into an HTML form input value attribute. Attackers ca...

5.4CVSS5.8AI score0.00172EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42459

Name of the Vulnerable Software and Affected Versions Apache Camel K versions 2.0.0 through 2.8.0 Apache Camel K versions 2.9.0 through 2.9.1 Apache Camel K versions 2.10.0 Description Authorized users in a Kubernetes namespace can create a Build resource to control Pod generation in a namespace ...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42467

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One/SEP agent affected versions not specified Description An origin validation error in the agent's named pipe communication mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must...

7.8CVSS7.1AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/21 12:0 a.m.•21 views

PT-2026-42497

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm add str POST parameter directly into an HTML form hidden input value attribute...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/20 12:0 a.m.•21 views

PT-2026-42386

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/20 12:0 a.m.•21 views

PT-2026-42070

Name of the Vulnerable Software and Affected Versions ProSolution WP Client versions prior to 2.0.1 Description The ProSolution WP Client plugin for WordPress allows unauthenticated attackers to upload malicious PHP files, potentially leading to remote code execution. This occurs due to an array...

9.8CVSS6.1AI score0.00978EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2026/05/20 12:0 a.m.•21 views

PT-2026-42385

Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia...

5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/19 12:0 a.m.•21 views

PT-2026-41884

Name of the Vulnerable Software and Affected Versions Piotnet Forms versions prior to 2.1.41 Description An arbitrary file upload issue exists due to missing file type validation within the piotnetforms ajax form builder function. The software employs an incomplete extension blacklist that blocks...

9.8CVSS6.2AI score0.0081EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/19 12:0 a.m.•21 views

PT-2026-41826

Name of the Vulnerable Software and Affected Versions Samsung Open Source Walrus version f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9 Description A NULL pointer dereference allows pointer manipulation. A NULL pointer dereference occurs when a program attempts to read or write to a memory address that...

7.5CVSS5.4AI score0.00209EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/05/18 12:0 a.m.•21 views

PT-2026-41694

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.0 Description The unauthenticated 'GET /api/app-images/logo' endpoint reflects a user-supplied color query parameter into the body of an SVG document using strings.ReplaceAll without proper escaping. This...

8.2CVSS5.8AI score0.00185EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/05/18 12:0 a.m.•21 views

PT-2026-41732

Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12 Description Local attackers can execute arbitrary commands on Windows systems by manipulating the COMSPEC environment variable. By setting COMSPEC to an arbitrary binary path before the software perform...

7.8CVSS6.2AI score0.0051EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/05/16 12:0 a.m.•21 views

PT-2026-41422

Name of the Vulnerable Software and Affected Versions jsondiffpatch versions prior to 0.7.6 Description Prototype Pollution occurs when attacker-controlled property names and path segments are used to traverse and modify objects without restricting access to special properties like proto or...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/05/15 12:0 a.m.•21 views

PT-2026-41375

Name of the Vulnerable Software and Affected Versions radare2 version 6.1.5 Description A use-after-free issue exists in the gdbr pids list function within the GDB client core. Remote attackers can cause a denial of service or potentially execute arbitrary code by sending malformed thread...

9.8CVSS6.1AI score0.00603EPSS
Exploits1References11
Positive Technologies
Positive Technologies
•added 2026/05/15 12:0 a.m.•21 views

PT-2026-41419

Name of the Vulnerable Software and Affected Versions Funnel Builder affected versions not specified Description An SQL injection flaw in the Funnel Builder plugin allows attackers to inject payment skimmers into WooCommerce checkout pages. This issue enables script propagation across all checkou...

9.3CVSS5.9AI score0.00283EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/05/15 12:0 a.m.•21 views

PT-2026-41247

An out of bounds write within the AMD Platform Management Framework PMF could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability...

8.4CVSS6.2AI score0.00114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/14 12:0 a.m.•21 views

PT-2026-41162

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description The profile image url field on the user profile update form accepts arbitrary data: URI values without MIME-type validation, leading to Cross-Site Scripting XSS. This occurs because the applicatio...

5.4CVSS6AI score0.00199EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/14 12:0 a.m.•21 views

PT-2026-40969

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.82.0 Description A flaw in the Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. The software validates JWT JSON Web Token signatures using Microsoft's multi-tenant JWKS...

8.2CVSS5.8AI score0.00381EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/05/14 12:0 a.m.•21 views

PT-2026-41169

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description The "POST /api/v1/notes/id/pin" endpoint performs a write operation by toggling the is pinned field but incorrectly validates only for read permission. This allows users who have read-only access ...

3.5CVSS5.8AI score0.00218EPSS
Exploits1References7
Total number of security vulnerabilities5000