Lucene search
K
PtsecurityMost viewed

184484 matches found

Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47589

Summary Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning Kaminsky attack. Details Two factors contribute to this vulnerability in...

6.8CVSS5.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47330

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.4 Description Attachment passwords are hashed using SHA-1, which is a cryptographically broken algorithm susceptible to collision attacks. A collision attack occurs when two different inputs produce the same hash...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47291

Name of the Vulnerable Software and Affected Versions UTT HiPER 2610G versions prior to 3.0.0-171107 Description A remote buffer overflow can occur due to the use of the strcpy function within the /goform/formConfigDnsFilterGlobal file. This issue is triggered by manipulating the GroupName...

9CVSS8AI score0.006EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47260

Name of the Vulnerable Software and Affected Versions VMware Cloud Foundation Operations affected versions not specified Description Stored cross-site scripting issues exist where a malicious actor with privileges to create policies, views, or text-widgets can inject scripts. This allows the...

8CVSS5.2AI score0.00399EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47246

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

7.5CVSS5.4AI score0.00275EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47487

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Views allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after free i...

9.6CVSS6.1AI score0.01654EPSS
Exploits4References85
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47342

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

8.8CVSS6.7AI score0.0057EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47368

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL-pointer dereference occurs during driver unbind in the spi: s3c64xx component. This happens because a DMA channel deallocation was incorrectly left in the remove function after th...

9.8CVSS5.3AI score0.00457EPSS
Exploits1References79
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47379

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the scpsys get bus protection legacy function. The of find node with property function returns a device node with an incremented reference count, but of...

9.1CVSS5.4AI score0.00457EPSS
Exploits1References64
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47372

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.12-1.1 Description A use-after-free issue exists in the topcliff-pch SPI driver. This occurs during the driver unbind process when DMA buffers...

9.1CVSS5.5AI score0.00457EPSS
Exploits1References67
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47283

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An improper access control flaw exists where a limited administrator can bypass Fine-Grained Admin Permissions FGAP, which are detailed permissions that restrict administrative actions to...

7.2CVSS5.5AI score0.00329EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47295

A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction...

6.5CVSS6.1AI score0.00272EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47600

Name of the Vulnerable Software and Affected Versions netty-handler versions prior to 4.1.135.Final netty-handler versions prior to 4.2.15.Final Description An incorrect masking operation in the compareTo function of the IpSubnetFilterRule class allows an attacker to bypass IPv6 subnet rules...

8.1CVSS5.4AI score0.00573EPSS
Exploits0References65
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47351

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.12-1.1 Description An issue exists in the memory management system where page ext is initialized late during the boot process. Consequently, some pages allocated and freed before page ext becomes available ha...

9.8CVSS5.4AI score0.00525EPSS
Exploits6References337
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47311

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read resource of the file src/mysql mcp server/server.py of the component mysql URI Handler. This manipulation of the argument uri str causes sql injection. Remote exploitation of t...

6.5CVSS6.3AI score0.00205EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47301

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator exits upon encountering any error while accepting incoming HTTP or RTR connections. This includes recoverable errors, such as exhausting available file descriptors. An attacker...

8.7CVSS5.5AI score0.00333EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47615

Name of the Vulnerable Software and Affected Versions Poweradmin versions prior to 4.2.4 Poweradmin versions prior to 4.3.3 Poweradmin version 4.4.0 Description The log export functionality is susceptible to CSV Injection Formula Injection, which occurs when user-controlled data is written to...

6.9CVSS5.9AI score0.00229EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47340

Name of the Vulnerable Software and Affected Versions OpenBullet2 versions prior to 0.3.3 Description An authentication bypass exists in the API key authentication middleware. Unauthenticated attackers can gain administrative access to the admin console and all API endpoints by providing an empty...

9.8CVSS5.3AI score0.01509EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47310

A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub 45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be launched remotely...

9CVSS6.1AI score0.00466EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.20 views

PT-2026-47173

$1,000 of compute found 21 zero-days in FFmpeg. An autonomous agent called depthfirst scanned roughly 1.5 million lines of C, then wrote a reproducible proof-of-concept for every bug it reported. The shift is that second half. Not a list of suspicious lines for a human to chase, but 21 crashing...

5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.20 views

PT-2026-47171

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev name results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.20 views

PT-2026-47175

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN 0042e200 of the file /cgi-bin/glc of the component SET USER PWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version...

7.5CVSS6.8AI score0.01681EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.20 views

PT-2026-47179

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS6.8AI score0.00329EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.20 views

PT-2026-47196

Name of the Vulnerable Software and Affected Versions songquanpeng one-api versions prior to 0.6.11-preview.7 Description A business logic error exists in the Redemption Code Top-Up Endpoint. The issue is located within the Redeem function of the model/redemption.go file. This flaw allows for...

3.1CVSS5.2AI score0.0022EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.20 views

PT-2026-47153

Name of the Vulnerable Software and Affected Versions JingDong JD Cloud Box AX6600 version 4.5.3.r4546 Description A stack-based buffer overflow occurs in the set macfilter function within the /sbin/jdcweb rpc file. This issue allows a remote attacker to initiate an attack by manipulating the...

9CVSS8.1AI score0.00481EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.20 views

PT-2026-47451

CVE-2026-36229 - VMware Aria Operations For Logs Directory Traversal CVE ID :CVE-2026-36229 Published : June 6, 2026, 9:16 p.m. | 2 hours, 14 minutes ago Description :Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further...

5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46968

A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboard page/admin page.php of the component Admin Interface. The manipulation of the argument...

6.5CVSS6.1AI score0.00214EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46930

In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user...

8.4CVSS5.5AI score0.00541EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46912

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46993

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description An authenticated user with columnAdd permission on a Postgres-backed base can perform SQL injection within the formula engine. The issue occurs via the optional direction argument of the...

6CVSS6AI score0.00215EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46902

Name of the Vulnerable Software and Affected Versions Graphite versions prior to 1.3.15 Description An integer underflow occurs via Graphite actions because the slotat function fails to ensure that an offset remains within the allowed slot-map range, leading to an out-of-bounds write...

7.3CVSS5.4AI score0.00112EPSS
Exploits0References32
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-47032

Name of the Vulnerable Software and Affected Versions WP Captcha PRO versions prior to 5.39 Description The plugin is susceptible to arbitrary file upload, which can lead to remote code execution. The issue stems from a flawed capability check in the save ajax function within the licensing module...

8.8CVSS5.9AI score0.00449EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46905

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...

6.1CVSS5.5AI score0.00144EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-47078

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...

6.8CVSS5.5AI score0.00163EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46924

Name of the Vulnerable Software and Affected Versions Samsung Auto versions prior to 3.1.2.61 in Android 15 Samsung Auto versions prior to 3.2.0.38 in Android 16 Description Improper export of android application components allows a local attacker to change the audio configuration. Recommendation...

4.8CVSS5.9AI score0.00084EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46213

Name of the Vulnerable Software and Affected Versions Soliloquy Lite version 2.5.6 Description A persistent cross-site scripting issue allows authenticated attackers to inject malicious scripts by inserting script tags into the post title field. This is achieved by submitting POST requests to the...

5.4CVSS4.8AI score0.00171EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46863

Summary The /api/ action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

4.1CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46392

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description When operating in 802.1X mode, multi-auth unauthenticated hosts may be granted unauthorized access to a switch port if an EAPOL Extensible Authentication Protocol over LAN capable device i...

6.5CVSS5.4AI score0.00143EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46314

Name of the Vulnerable Software and Affected Versions Open vSwitch version 3.6.90 Description A missing upper-bound check in the udpif set threads function allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can lead to a denial of...

6.5CVSS5.4AI score0.00328EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46404

Name of the Vulnerable Software and Affected Versions Microsoft Graph affected versions not specified Description Exposure of sensitive information in Microsoft Graph allows an authorized attacker to disclose information over a network. Recommendations At the moment, there is no information about...

6.5CVSS5.8AI score0.00756EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46155

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.8AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46321

Unauthenticated Cross Site Scripting XSS in Qreatix = 1.9.4 versions...

7.1CVSS5.1AI score0.00237EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46250

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...

5.3CVSS5.8AI score0.00417EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46580

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.53 Description An out of bounds read in ANGLE allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. An out of bounds read occu...

9.6CVSS5.8AI score0.00985EPSS
Exploits0References433
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46244

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments...

5.8AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46564

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in Custom Tabs allows a local attacker to perform privilege escalation by using a crafted XML file. Recommendations Update to version...

9.6CVSS5.8AI score0.00985EPSS
Exploits0References436
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46884

Summary A non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/ action/sync. The regular integration endpoint POST /api/integration correctly blocks this, but the Sync API bypasses th...

6.5CVSS5.9AI score0.00034EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46150

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46152

The debugging routine SCREEN CLICK5053 enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface...

9.4CVSS5.8AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46846

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

2.1CVSS5.8AI score
Exploits0References6
Total number of security vulnerabilities5000