Lucene search
K
PtsecurityMost viewed

184484 matches found

Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48477

Affected: @hulumi/baseline 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-1059 Insufficient Technical Documentation / Behavioral Inconsistency Summary The S3 bucket that AccountFoundation creates to receive CloudTrail and AWS Config audit logs is meant to be tamper-resistant — if someone with...

7.1CVSS5.5AI score0.00041EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48454

A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges...

8.5CVSS6AI score0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48398

Name of the Vulnerable Software and Affected Versions Newsletters plugin for WordPress versions prior to 4.14 Description The plugin is susceptible to time-based SQL Injection, a technique where an attacker sends queries that force the database to wait a specific amount of time before responding,...

7.5CVSS5.6AI score0.01382EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48371

Name of the Vulnerable Software and Affected Versions QuMagie versions prior to 2.9.0 Description A missing authorization issue allows remote attackers to access unauthorized data or perform unauthorized actions. Recommendations Update to version 2.9.0 or later...

8.7CVSS5.3AI score0.00322EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48373

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.04.09.08.11.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp contains a command execution policy bypass within its Agent code search tools. The Grep and FileGlob actions, which are authorized as read or sear...

7.8CVSS6.1AI score0.00177EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48508

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. The Container Executor path allows a tenant to directly supply...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48550

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate post action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

5.1CVSS5.3AI score0.00104EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48452

A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...

5.1CVSS5.5AI score0.00171EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48411

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes...

8.8CVSS6.3AI score0.0071EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48451

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS6AI score0.00108EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48415

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...

8.4CVSS6AI score0.00215EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48363

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.2.9.3410 build 20260214 QuTS hero versions prior to h5.2.9.3410 build 20260214 QuTS hero versions prior to h5.3.4.3500 build 20260520 QuTS hero versions prior to h6.0.0.3397 build 20260206 Description A NULL pointer...

7.2CVSS6AI score0.00456EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48389

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

5.5AI score0.00426EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48393

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48540

Due to the combination of checking out PR head branches attacker-controlled, reading .mcp.json from the working directory via default setting sources, and unconditionally enabling all project MCP servers via enableAllProjectMcpServers, it was possible for an attacker who opened a PR containing a...

5.3CVSS6.3AI score0.00069EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48491

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.4 Splunk Enterprise versions prior to 10.0.7 Splunk Enterprise versions prior to 9.4.12 Splunk Enterprise versions prior to 9.3.13 Splunk Cloud Platform versions prior to 10.3.2512.12 Splunk Cloud...

8.8CVSS5.9AI score0.00575EPSS
Exploits1References10
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•20 views

PT-2026-48399

An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from G...

5.1CVSS5.5AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48316

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Spring Data Commons versions 3.3.0 through 3.3.16 Spring Data Commons versions 3.2.0 through...

5.9CVSS5.8AI score0.0028EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48256

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 through 26.001.21651 Description An out-of-bounds read issue exists where the software reads data outside the intended boundary of a buffer, which can lead to the disclosure of sensitive memory. An attacker...

5.5CVSS4.8AI score0.00243EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47794

Name of the Vulnerable Software and Affected Versions Netcad Software Inc. E-İmar versions 2.10.1.0 through 3.0.1 Description Improper neutralization of special elements used in an SQL command allows for SQL injection, a technique where malicious SQL statements are inserted into entry fields for...

9.8CVSS5.8AI score0.00275EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48072

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...

5.4CVSS5.5AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48315

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.23 Spring Security versions 5.8.0 through 5.8.25 Spring Security versions 6.3.0 through 6.3.16 Spring Security versions 6.4.0 through 6.4.16 Spring Security versions 6.5.0 through 6.5.10 Spring Securi...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47846

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48019

Name of the Vulnerable Software and Affected Versions Windows BitLocker affected versions not specified Description A protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature. This issue requires physical access to the device to be exploited...

7.8CVSS5.3AI score0.00295EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47667

Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity...

6.3CVSS5.5AI score0.00067EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47733

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended fil...

5.3CVSS5.4AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48136

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47796

1 Local Privilege Escalation via DYLIB Injection CVE-2026-24064 2 Local Privilege Escalation via Insecure XPC Client Validation CVE-2026-24065 Multiple Local Privilege Escalation Vulnerabilities in Waves Audio Waves Central https://t.co/fkys4ePhWy...

5.4AI score0.00323EPSS
Exploits1References1
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47920

Name of the Vulnerable Software and Affected Versions Windows Win32K - GRFX affected versions not specified Description An integer overflow or wraparound occurs in Windows Win32K - GRFX, which allows an unauthorized attacker to execute arbitrary code locally or remotely, potentially affecting the...

7.8CVSS6.3AI score0.00437EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48319

Name of the Vulnerable Software and Affected Versions Spring Data MongoDB versions 5.0.0 through 5.0.5 Spring Data MongoDB versions 4.5.0 through 4.5.11 Spring Data MongoDB versions 4.4.0 through 4.4.14 Spring Data MongoDB versions 4.3.0 through 4.3.16 Spring Data MongoDB versions 4.2.0 through...

8.1CVSS6.3AI score0.00328EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48311

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Description Applications may be subject to denial of service through resource exhaustion. This...

7.5CVSS5.8AI score0.00363EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47748

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 14.0.0 through 14.3.3 Description Backend users with write access to the form definition database table can directly create, update, or delete form definition records using the DataHandler. This process bypasses the Form...

8.7CVSS5.7AI score0.00244EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48260

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 and 26.001.21651 and earlier Description An Uncontrolled Search Path Element issue exists where the application does not properly validate the paths used to search for files. This can lead to arbitrary code...

7.7CVSS6AI score0.00151EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48138

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.1AI score0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48191

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

5.9AI score0.00397EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48266

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

5.4CVSS5.5AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47858

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation. Recommendations At the moment, there ...

8.8CVSS5.9AI score0.00235EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47657

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Spring MVC applications that accept...

6.1CVSS5AI score0.0014EPSS
Exploits0References9
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47639

Name of the Vulnerable Software and Affected Versions Product Filter Widget for Elementor versions prior to 1.0.7 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. This is achieved via a CSRF-style form auto-submission...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47630

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS6.7AI score0.00401EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47774

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint...

9.8CVSS6.1AI score0.00559EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47845

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

5.3CVSS5.4AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47914

Name of the Vulnerable Software and Affected Versions Windows Push Notifications affected versions not specified Description A race condition occurs in Windows Push Notifications due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges...

7.8CVSS5.2AI score0.00173EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48283

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials versions c2pa-v0.80.1 and earlier Description Improper Input Validation allows an attacker to crash the application, resulting in a denial-of-service condition...

7.5CVSS5.2AI score0.00407EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-47844

Name of the Vulnerable Software and Affected Versions OpenSSL version 4.0 OpenSSL version 3.6 OpenSSL version 3.5 OpenSSL version 3.4 OpenSSL version 3.0 OpenSSL version 1.1.1 OpenSSL version 1.0.2 Description A use-after-free condition occurs during PKCS7 signature verification when processing a...

8.8CVSS6.1AI score0.02719EPSS
Exploits0References207
Positive Technologies
Positive Technologies
•added 2026/06/09 12:0 a.m.•20 views

PT-2026-48007

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Description An untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute arbitrary code...

7.8CVSS6.1AI score0.00372EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•20 views

PT-2026-47607

Name of the Vulnerable Software and Affected Versions Netty ionetty:netty-handler affected versions not specified Description An uncontrolled memory allocation issue exists in the SslClientHelloHandler.decode function. When a ClientHello does not fit in the first record, the system eagerly...

7.5CVSS5.5AI score0.00461EPSS
Exploits0References64
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•20 views

PT-2026-47610

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. In the buildAliasMap function within...

10CVSS5.2AI score0.00224EPSS
Exploits0References64
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•20 views

PT-2026-47585

Summary Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported response type and supplies an attacker-controlled redirect uri. The vulnerable behavior happens before client lookup and before any redirect URI validation. As...

5.4CVSS5.6AI score
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/08 12:0 a.m.•20 views

PT-2026-47551

Summary Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains like .co.uk. Details In...

8.7CVSS5.5AI score
Exploits0References5
Total number of security vulnerabilities5000