Lucene search
K
PtsecurityMost viewed

184496 matches found

Positive Technologies
Positive Technologies
•added 2000/02/24 12:0 a.m.•21 views

PT-2000-1202 · Zone · Zonealarm

Name of the Vulnerable Software and Affected Versions: ZoneAlarm affected versions not specified Description: The issue concerns ZoneAlarm sending sensitive system and network information in cleartext to the Zone Labs server when a user requests more information about an event. Recommendations: A...

5CVSS6.2AI score0.0144EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 4 days ago•20 views

PT-2026-56575

Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent TSA component allow an unauthenticated attacker with network access to cause a denial of service DoS condition or...

10CVSS6.5AI score0.00557EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•20 views

PT-2026-55668

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck. main .run autograd prof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/04 12:0 a.m.•20 views

PT-2026-55741

Name of the Vulnerable Software and Affected Versions HdrHistogram versions prior to 2.2.3 Description An issue exists in the decodeFromCompressedByteBuffer function within the org.HdrHistogram.AbstractHistogram class. Local manipulation of the lengthOfCompressedContents argument can lead to...

4.8CVSS5.8AI score0.00118EPSS
Exploits0References12
Positive Technologies
Positive Technologies
•added 2026/07/03 12:0 a.m.•20 views

PT-2026-55526

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

4.4CVSS5.9AI score0.00127EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/07/02 12:0 a.m.•20 views

PT-2026-54981

Name of the Vulnerable Software and Affected Versions Motors versions prior to 5.6.81 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass access restrictions. Recommendations Update to a version newer than 5.6.80...

6.5CVSS5.9AI score0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/07/02 12:0 a.m.•20 views

PT-2026-55401

Command injection via dotfiles URI parameter combined with workspace auto-creation Summary The dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a crafted dotfiles uri value for example...

8.1CVSS6.4AI score
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•20 views

PT-2026-54495

The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data title, price, weight, stock status, and...

5.8AI score0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/30 12:0 a.m.•20 views

PT-2026-55180

These are all security issues fixed in the python311-jupyter-server-2.20.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.3CVSS5.8AI score0.00227EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•20 views

PT-2026-53749

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Server and project lookups are not scoped to the current team, which allows any...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•20 views

PT-2026-53443

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•20 views

PT-2026-53448

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

9.1CVSS5.7AI score0.02119EPSS
Exploits0References18
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•20 views

PT-2026-53717

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A malicious website may be able to silently hijack clipboard data. This issue was addressed through...

6.5CVSS5.9AI score0.00245EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•20 views

PT-2026-53251

Name of the Vulnerable Software and Affected Versions Edimax EW-7478APC version 1.04 Description An OS command injection flaw exists in the POST Request Handler component. A remote attacker can exploit this by manipulating the submit-url argument within the formAccept function of the...

6.5CVSS7AI score0.01158EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•20 views

PT-2026-53676

Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs with unsanitized error query parameters. Attackers can exploit the OAuth...

6.1CVSS5.9AI score0.00168EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•20 views

PT-2026-53328

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•20 views

PT-2026-52949

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the soc/tegra: cbb component where a kernel page fault occurs during cross-fabric target timeout lookups. When a fabric receives an error interrupt that originated on ...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•20 views

PT-2026-52860

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•20 views

PT-2026-52958

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The wbt init enable default function uses WARN ON ONCE to check for failures from wbt alloc and wbt init. However, these are expected failure paths: wbt alloc may return NULL during memo...

5.8AI score0.001EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•20 views

PT-2026-52692

Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/26 12:0 a.m.•20 views

PT-2026-52676

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by...

9.8CVSS6.1AI score0.0053EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•20 views

PT-2026-52192

Name of the Vulnerable Software and Affected Versions Dokan Pro versions prior to 5.0.5 Description The Dokan Pro plugin for WordPress contains a time-based SQL Injection flaw. This occurs because the software does not sufficiently escape user-supplied input or properly prepare the SQL query...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•20 views

PT-2026-52518

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description When running pnpm install in non-frozen mode, the package manager may accept new remote package content even after detecting that the downloaded tarball does not match th...

6.8CVSS5.8AI score0.00113EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/25 12:0 a.m.•20 views

PT-2026-52552

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

7.1CVSS6.2AI score0.00239EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•20 views

PT-2026-51894

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component of the Linux kernel, specifically within the Network Address Translation NAT subsystem. The issue stems from improper memory management when...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•20 views

PT-2026-51980

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The bcmgenet timeout handler incorrectly attempts to shut down all transmit tx queues when only a single queue experiences a timeout. This behavior creates race conditions—situations whe...

9.8CVSS5.8AI score0.00386EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/23 12:0 a.m.•20 views

PT-2026-51497

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

9.4CVSS5.9AI score0.0023EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/23 12:0 a.m.•20 views

PT-2026-51536

Name of the Vulnerable Software and Affected Versions Control Builder A versions prior to 1.4/4 800xA for Advant Master versions prior to 6.0.3-1 800xA for Advant Master versions prior to 6.1.1-1 800xA for Advant Master version 6.1.1-3 800xA for Advant Master version 6.2.0-1 Description An...

4.4CVSS5.8AI score0.00083EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•20 views

PT-2026-51319

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•20 views

PT-2026-51304

Name of the Vulnerable Software and Affected Versions Mattermost version 11.7.0 Mattermost version 11.6.2 Mattermost version 11.5.5 Mattermost version 10.11.17 Description Improper authorization in the GitLab connect command handler allows any authenticated user to overwrite the global default...

5.4CVSS5.8AI score0.0017EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•20 views

PT-2026-51333

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description A path traversal issue exists when using the configName parameter. This allows a local attacker to utilize malicious configuration files for snapper, which can lead to a denial of service or potenti...

7.3CVSS5.8AI score0.00159EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•20 views

PT-2026-51454

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description An authentication bypass exists in the Budibase server route POST /api/attachments/:datasourceId/url because it lacks the authorized... middleware. An anonymous attacker who can enumerate a workspa...

9.4CVSS6AI score0.00415EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2026/06/22 12:0 a.m.•20 views

PT-2026-51381

Name of the Vulnerable Software and Affected Versions phpseclib versions 0.1.1 through 1.0.29 phpseclib versions 2.0.0 through 2.0.54 phpseclib versions 3.0.0 through 3.0.53 Description An insecure default in the library allows an unauthenticated attacker to perform Server-Side Request Forgery...

5.8CVSS5.8AI score0.00133EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•20 views

PT-2026-51237

phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser and updateUserRights endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit user permission can set is superadmin flag or grant arbitrary rights to escalate to...

8.8CVSS6AI score0.00251EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•20 views

PT-2026-51253

Name of the Vulnerable Software and Affected Versions OFFIS DCMTK versions prior to 3.7.1 Description A heap-based buffer overflow can occur in the XMLNode::parseFile function within the ofstd/libsrc/ofxml.cc library. This issue allows a remote attacker to execute a manipulation that leads to the...

7.5CVSS6.8AI score0.00279EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•20 views

PT-2026-51261

Name of the Vulnerable Software and Affected Versions Comfast CF-WR631AX V3 versions prior to 2.7.0.8 Description A remote OS command injection flaw exists in the API Endpoint component. The issue occurs within the system function of the '/cgi-bin/mbox-config?section=ping config' endpoint when th...

6.5CVSS6.9AI score0.01182EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•20 views

PT-2026-51233

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.13 Craft CMS versions 4.0.0-RC1 through 4.17.7 Description An authorization bypass exists in the 'assets/preview-file' endpoint. The system fails to enforce per-asset view authorization before returning...

5.3CVSS5.9AI score0.00221EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•20 views

PT-2026-51203

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description A buffer overflow can be triggered remotely via the POST Request Handler. The issue exists within the formWlSiteSurvey function located in the /goform/formWlSiteSurvey file, specifically through the...

9CVSS7.6AI score0.00455EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/21 12:0 a.m.•20 views

PT-2026-51232

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.7 Craft CMS versions 5.0.0-RC1 through 5.9.13 Description A missing authorization issue exists in the 'assets/preview-thumb' endpoint. A Control Panel user lacking permissions to view a specific privat...

5.3CVSS6AI score0.00193EPSS
Exploits0References11
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•20 views

PT-2026-51128

Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions prior to 1.5.2 Description Insufficient file path validation in the view page function allows unauthenticated attackers to delete arbitrary files on the server...

8.1CVSS6.3AI score0.00662EPSS
Exploits0References14
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•20 views

PT-2026-51045

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description Authenticated users can modify the mutable public.users.email variable to arbitrary addresses. The SSO provisioning endpoint trusts this value as an account-merge key. This allows an attacker to...

8.7CVSS5.9AI score0.00228EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•20 views

PT-2026-51161

Name of the Vulnerable Software and Affected Versions Prefect version 3.6.23 Description Remote code execution is possible due to improper handling of user-controlled input within the GitRepository storage class. The commit sha parameter is passed to git commands without validation or the use of ...

9.9CVSS6.6AI score0.00874EPSS
Exploits3References4
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•20 views

PT-2026-51191

Name of the Vulnerable Software and Affected Versions EaseUS Partition Master versions prior to 14.5 Description An issue exists in the Kernel Driver component within the epmntdrv.sys library. A local attacker can manipulate an unknown function to cause improper access controls, which occurs when...

8.5CVSS7.1AI score0.00112EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/20 12:0 a.m.•20 views

PT-2026-51145

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.8 Description Insufficient input filtering in chat messages and custom agent functions allows for cross-site scripting XSS, a flaw where malicious scripts are injected into trusted websites. An attacker can execut...

6.1CVSS5.8AI score0.00222EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•20 views

PT-2026-50871

Name of the Vulnerable Software and Affected Versions FFmpeg affected versions not specified Description A use-after-free issue exists in the RASC video decoder. The decode move function initializes a read pointer into a decompressed buffer; however, a subsequent reallocation of that buffer durin...

6.5CVSS6AI score0.00245EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•20 views

PT-2026-50875

Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...

9.8CVSS5.9AI score0.00365EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•20 views

PT-2026-50974

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.18.0 Description The OIDC authenticator fails to validate the JWT audience aud claim when no audience is configured. In environments where a single identity provider issues tokens for multiple services, a token...

6.8CVSS5.8AI score0.00298EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•20 views

PT-2026-51010

Name of the Vulnerable Software and Affected Versions AWX affected versions not specified Description A flaw exists in the GitHub webhook integration where the controller stores the pull request.statuses url value from a pull request webhook payload without validating if it points to a trusted...

6.3CVSS5.9AI score0.00204EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•20 views

PT-2026-51038

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A flaw exists in the Enforce Password Policy feature. When a Super Admin enables this policy and updates their password to a compliant one, the backend fails to update the password-compliance state...

6.9CVSS5.9AI score0.00299EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/19 12:0 a.m.•20 views

PT-2026-50890

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description A NULL pointer dereference occurs in the data moniker service of NI grpc-device. A NULL pointer dereference is a condition where a program attempts to read or write to a memory address that i...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References5
Total number of security vulnerabilities5000