Lucene search
K
PtsecurityMost viewed

184508 matches found

Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.21 views

PT-2026-35018

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return value after changing leaf in lookup extent data ref After commit 1618aa3c2e01 "btrfs: simplify return variables in lookup extent data ref", the err and ret variables were merged into a single ret...

5.4AI score0.0012EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.21 views

PT-2026-34948

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the OCFS2 file system where the ocfs2 group extend function assumes that the global bitmap inode block returned from ocfs2 inode lock is already validated. In crafted...

5.5CVSS6AI score0.00133EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.21 views

PT-2026-34946

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A duplicate resource teardown occurs in the PCI endpoint pci-epf-vntb. The function epf ntb epc destroy performs a teardown that the caller is already expected to execute. This redundanc...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References321
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.21 views

PT-2026-34660

Name of the Vulnerable Software and Affected Versions FunnelFormsPro versions n/a through 3.8.1 Description Improper Control of Generation of Code allows Remote Code Inclusion, which enables an attacker to inject and execute arbitrary code. Recommendations At the moment, there is no information...

9.9CVSS6.1AI score0.00364EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.21 views

PT-2026-34047

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.16 Description An issue exists in the Custom Scripts Handler component that allows for cross site scripting. This flaw enables remote exploitation through the manipulation of an unknown functionality within the...

5.1CVSS4.6AI score0.00191EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.21 views

PT-2026-46937

Name of the Vulnerable Software and Affected Versions X.Org X server affected versions not specified Xwayland affected versions not specified Description A use-after-free flaw exists in the miSyncDestroyFence function. This occurs when a client sets up multiple fence triggers, allowing a function...

7.8CVSS5.7AI score0.00142EPSS
Exploits0References108
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.21 views

PT-2026-36836

Name of the Vulnerable Software and Affected Versions D-Link DIR-600L Hardware Revision A1 Description A hardcoded telnet backdoor exists in the device. At boot, the device starts a telnet daemon via the /bin/telnetd.sh script using the username "Alphanetworks" and a static password "wrgn35 dlwbr...

9.8CVSS5.8AI score0.00472EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.21 views

PT-2026-33415

Name of the Vulnerable Software and Affected Versions Canto plugin for WordPress versions prior to 3.1.2 Description Missing authorization occurs due to the absence of capability checks or nonce verification in the updateOptions function. This function is exposed via two AJAX hooks: 'wp ajax...

4.3CVSS5.2AI score0.00282EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.21 views

PT-2026-31102

Name of the Vulnerable Software and Affected Versions Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress versions up to and including 2.1.7 Description The Masteriyo LMS plugin is affected by an authorization bypass issue. Insufficient webhook signature...

5.3CVSS5.8AI score0.00375EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.21 views

PT-2026-31292

Name of the Vulnerable Software and Affected Versions The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress versions up to and including 5.1.2 Description The User Registration ...

6.5CVSS5.9AI score0.00306EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.21 views

PT-2026-29602

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP, an asynchronous HTTP client/server framework, is susceptible to excessive memory usage due to an unbounded DNS cache. This can potentially lead to a Denial of Service DoS situation if an...

7.5CVSS5.9AI score0.0044EPSS
Exploits0References303
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.21 views

PT-2026-28610

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.63 Parse Server versions prior to 9.7.0-alpha.7 Description The verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attack...

8.2CVSS5.9AI score0.00303EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.21 views

PT-2026-26466

The Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary...

7.1CVSS5.8AI score0.00178EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.21 views

PT-2026-24729

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups...

8.8CVSS5.8AI score0.00135EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.21 views

PT-2026-24776

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public html/ to write executable code...

8.7CVSS6.1AI score0.00717EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.21 views

PT-2026-23789

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.13 Description Flowise is a drag & drop user interface to build customized large language model flows. A critical Insecure Direct Object Reference IDOR vulnerability, combined with a Business Logic Flaw, exists in...

8.8CVSS7.3AI score0.0045EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.21 views

PT-2026-22722

Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote...

8.7CVSS6AI score0.00421EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.21 views

PT-2026-22214

Name of the Vulnerable Software and Affected Versions Phishing Club versions prior to 1.30.2 Description Phishing Club is a phishing simulation and man-in-the-middle framework. An authenticated SQL injection issue exists in the GetOrphaned recipient listing endpoint. The endpoint builds a SQL que...

6.5CVSS6AI score0.00332EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.21 views

PT-2026-21416

Name of the Vulnerable Software and Affected Versions D-Link DWR-M960 version 1.01.07 Description A flaw exists in the D-Link DWR-M960 router, specifically in version 1.01.07. This issue is located within the sub 462590 function of the /boafrm/formOpMode component, which is part of the Operation...

9CVSS7.7AI score0.00642EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.21 views

PT-2026-20256

Old vuln, new life: React2Shell CVE-2025-55812 is seeing a surge in active exploitation with reverse shells + cryptominers. If your patching is based on CVSS instead of real-world activity, you’re already behind. https://t.co/2hEOe08JVG CyberSecurity ThreatIntel PatchNow...

5.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.21 views

PT-2026-20251

Name of the Vulnerable Software and Affected Versions IBM Security QRadar EDR versions 3.12 through 3.12.23 Description IBM Security QRadar EDR does not invalidate sessions after they expire. This could allow an authenticated user to impersonate another user on the system. Recommendations Update...

6.3CVSS5.4AI score0.00185EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.21 views

PT-2026-8047

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulk save' AJAX action. This makes it possible for...

5.3CVSS5.7AI score0.00227EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.21 views

PT-2026-7596

Name of the Vulnerable Software and Affected Versions AMD µProf affected versions not specified Description A flaw in permission assignment within AMD µProf could allow a local, privileged attacker to escalate their privileges, potentially leading to arbitrary code execution. Recommendations At t...

7CVSS5.7AI score0.00131EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.21 views

PT-2026-7312

Name of the Vulnerable Software and Affected Versions IntelR NPU Drivers affected versions not specified Description An improper conditions check in some firmware for IntelR NPU Drivers within Ring 1 may allow a denial of service. An unprivileged software adversary with an authenticated user and ...

5.7CVSS5.3AI score0.00086EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.21 views

PT-2026-6963

Name of the Vulnerable Software and Affected Versions Tenda TX3 versions up to 16.03.13.11 multi Description A flaw exists in Tenda TX3 that allows remote attackers to trigger a buffer overflow. The issue is located in the file /goform/SetIpMacBind and involves manipulation of the argument list t...

9CVSS8.4AI score0.00733EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.21 views

PT-2026-6891

Name of the Vulnerable Software and Affected Versions Video Onclick plugin for WordPress versions prior to 0.4.8 Description The Video Onclick plugin for WordPress is susceptible to Stored Cross-Site Scripting through the youtube shortcode. This is due to inadequate input sanitization and output...

6.4CVSS5.4AI score0.0019EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.21 views

PT-2026-6715

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security flaw exists in itsourcecode Student Management System 1.0. The issue involves a SQL injection affecting an unknown function within the file /ramonsys/billing/index.php...

9.8CVSS5.5AI score0.00416EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.21 views

PT-2026-5868

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description IBM Concert is susceptible to HTTP header injection due to inadequate validation of the HOST headers. This issue could enable an attacker to perform various attacks against the system,...

6.5CVSS5.2AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.21 views

PT-2026-6274

Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.19.0 Description An Open Redirect issue exists in Qwik City’s default request handler middleware. This allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation could allow...

6.9CVSS5.7AI score0.00237EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.21 views

PT-2026-5847

Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with...

8.5CVSS6AI score0.00119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.21 views

PT-2026-4012

Name of the Vulnerable Software and Affected Versions merkulove Crumber versions through 1.0.10 Description An authorization issue exists in merkulove Crumber crumber-elementor due to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendation...

5.2AI score0.00275EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.21 views

PT-2026-3143

Name of the Vulnerable Software and Affected Versions Altium Workflow Engine affected versions not specified Description A stored cross-site scripting XSS issue exists because of insufficient server-side input sanitization within workflow form submission APIs. An authenticated user can inject...

8CVSS5.7AI score0.00303EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.21 views

PT-2026-3202

Content removed...

4.6CVSS5.7AI score0.00202EPSS
Exploits1References47
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.21 views

PT-2026-2631

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI...

8.6CVSS7.1AI score0.00228EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.21 views

PT-2026-1664

Name of the Vulnerable Software and Affected Versions EFACEC EV chargers affected versions not specified Description A large number of ARP requests can cause a denial of service on a control board within the EV charger, impacting the EV interfaces. The affected board's proper operation is essenti...

9.2CVSS6.5AI score0.0034EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.21 views

PT-2026-4493

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the idpf driver related to RSS LUT handling after a soft reset. Specifically, a NULL pointer dereference can occur if an ethtool command accessing...

5.5CVSS5.4AI score0.00115EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.21 views

PT-2026-8163

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the flexible proportions code. A lockdep splat can occur due to a race condition within the fprop new period function. Specifically, the issue arises...

5.5CVSS6.4AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.21 views

PT-2026-5077

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 147.0.1 Thunderbird versions prior to 140.7.1 Description A flaw exists that could allow for CSS-based exfiltration of content from partially encrypted emails when remote content is permitted. This could potential...

9.8CVSS7.4AI score0.09348EPSS
Exploits2References132
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.21 views

PT-2025-54216

Name of the Vulnerable Software and Affected Versions Serverless Framework versions 4.29.0 through 4.29.2 Description The Serverless Framework includes a command injection issue within the built-in MCP server package @serverless/mcp. This affects users utilizing the experimental MCP server featur...

7.5CVSS6.5AI score0.01944EPSS
Exploits2References9
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.21 views

PT-2025-53034

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the ext4 subsystem related to inode eviction with dioread nolock. Specifically, a warning could occur when evicting an inode, potentially due to...

7.8CVSS6.2AI score0.00462EPSS
Exploits2References894
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.21 views

PT-2025-49835

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...

6.3CVSS6.9AI score0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.21 views

PT-2025-49499

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The encryption algorithms within the kernel’s virt/coco/sev-guest component directly read from and write to shared unencrypted memory. This practice could potentially expose information...

7.8CVSS6.8AI score0.00462EPSS
Exploits2References844
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.21 views

PT-2025-47588

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo...

4.3CVSS7.2AI score0.00258EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.21 views

PT-2025-43999

Name of the Vulnerable Software and Affected Versions Rubikon Banking Solution version 4.0.3 Description A reflected cross-site scripting issue exists in the "Search For Customers Information" endpoints of Rubikon Banking Solution. This allows for the injection of malicious scripts through...

5.4CVSS6.4AI score0.00158EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.21 views

PT-2025-42179

Name of the Vulnerable Software and Affected Versions Illustrator versions 29.7 and earlier Illustrator version 28.7.9 and earlier Description The software contains an out-of-bounds write issue that may lead to arbitrary code execution with the privileges of the current user. Successful...

7.8CVSS7.6AI score0.00198EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.21 views

PT-2025-40114

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak issue was identified and resolved in the Linux kernel related to reference counting within the of lpddr3 get ddr timings function. The issue occurs when iterating through...

8CVSS7.2AI score0.21314EPSS
Exploits4References860
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.21 views

PT-2025-33690 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: The device contains a command injection issue via the bupload.html component. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

6.5CVSS7.6AI score0.00818EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.21 views

PT-2025-31874 · Unknown · Liquidfiles

Name of the Vulnerable Software and Affected Versions: LiquidFiles versions prior to 4.1.2 Description: LiquidFiles versions prior to 4.1.2 support FTP SITE CHMOD for mode 6777 setuid and setgid. This allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature an...

9.9CVSS7.5AI score0.0052EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.21 views

PT-2025-31474 · WordPress · Ai Engine Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: AI Engine plugin for WordPress versions 2.9.3 and 2.9.4 Description: The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest simpleFileUpload function. This allows authenticat...

8.8CVSS6.9AI score0.01057EPSS
Exploits2References14
Positive Technologies
Positive Technologies
added 2025/07/15 12:0 a.m.21 views

PT-2025-29613 · Cyberark · Secrets Manager +1

Name of the Vulnerable Software and Affected Versions: Conjur OSS versions 1.19.5 through 1.21.1 Secrets Manager, Self-Hosted versions 13.1 through 13.4.1 Description: Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who can inject secrets ...

8.6CVSS7.1AI score0.01972EPSS
Exploits0References7
Total number of security vulnerabilities5000