Lucene search
K
PtsecurityMost viewed

184253 matches found

Positive Technologies
Positive Technologies
added 2022/08/15 12:0 a.m.31 views

PT-2022-24294 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.04 Description: The issue is related to a use-after-free problem in the JBIG2Stream::close function, located in the JBIG2Stream.cc file. This can be triggered by sending a crafted PDF file to the pdfimages binary, for example. ...

9.1CVSS5.9AI score0.01618EPSS
Exploits22References67
Positive Technologies
Positive Technologies
added 2019/09/27 12:0 a.m.31 views

PT-2019-4415 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.6 Description: A memory leak in the nfp abm u32 knode replace function in drivers/net/ethernet/netronome/nfp/abm/cls.c allows attackers to cause a denial of service memory consumption. The issue has been...

10CVSS6.4AI score0.98745EPSS
Exploits124References862
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.30 views

PT-2026-51514

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description A command injection issue exists in the SVG decoder. This allows attackers to inject arbitrary Magick Vector Graphics MVG drawing commands by crafting...

9.2CVSS6AI score0.00895EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.30 views

PT-2026-51194

Name of the Vulnerable Software and Affected Versions Ezbsystems UltraISO Premium Edition versions prior to 9.77 Description Improper access controls exist within the Kernel Driver component, specifically affecting the bootpt64.sys library. This issue allows for unauthorized access when manipulat...

8.5CVSS7.1AI score0.00113EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-51008

Name of the Vulnerable Software and Affected Versions @microsoft/kiota-http-fetchlibrary versions 1.0.0-preview.97 through 1.0.0-preview.101 Description The RedirectHandler in the library fails to properly remove sensitive headers during cross-origin redirects. While it is intended to strip...

6.9CVSS5.8AI score0.0065EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-50897

Name of the Vulnerable Software and Affected Versions Line Desktop MCP versions prior to 1.1.2 Description Line Desktop MCP allows users to operate the LINE Desktop application on Windows or Mac via Model Context Protocol MCP. When using the --http-mode Streamable HTTP transport, the server binds...

8.8CVSS5.9AI score0.00323EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-50907

Name of the Vulnerable Software and Affected Versions Iperius Remote version 1.7.0 Description An unquoted service path issue exists where the service installation path is not enclosed in quotes. This allows local users to execute arbitrary code with SYSTEM privileges. If the software is installe...

8.5CVSS6.1AI score0.00122EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-51066

Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlab git/handlers.py:91 to enforce the admin-configured excluded paths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive...

7.1CVSS6AI score0.00285EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-50896

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.5.0 through 3.16.0 Description An authentication bypass issue exists in the opa plugin. An attacker can relay spoofed identity headers to upstream services by exploiting non-default configurations in the opa plugin,...

5.4CVSS5.9AI score0.00359EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.30 views

PT-2026-50401

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-50047

Name of the Vulnerable Software and Affected Versions Oracle iSupport versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle iSupport product within Oracle E-Business Suite. A high privileged attacker with network access via HTTP can exploit...

9.1CVSS5.8AI score0.00462EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-49965

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Oracle Management Service component of the Oracle Enterprise Manager Base Platform. This flaw allows a...

9.8CVSS5.8AI score0.00508EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-49943

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: End User Self Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Identity...

6.5CVSS5.1AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-49705

Name of the Vulnerable Software and Affected Versions FactoryTalk Historian Site Edition affected versions not specified Description An authentication bypass issue exists where an attacker can obtain a valid authentication token by continually sending requests to the login endpoint. Recommendatio...

9.2CVSS5.9AI score0.0029EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.30 views

PT-2026-49074

Name of the Vulnerable Software and Affected Versions abrt-dbus affected versions not specified Description A race condition exists in the ChownProblemDir method of the abrt-dbus D-Bus service. The ChownProblemDir method opens the dump directory using DD OPEN READONLY and executes dd chown to...

7CVSS5.2AI score0.00091EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.30 views

PT-2026-48932

Summary A NoSQL injection vulnerability existed in MongoDBSaver where checkpoint identifier fields from config.configurable were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads for example MongoDB operators like $gt and $ne coul...

6.7CVSS5.4AI score0.00022EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.30 views

PT-2026-49030

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.26 Description An information disclosure issue exists in sandboxed session spawning that exposes the real workspace path to child prompts. This allows attackers to reveal the host workspace location or related...

4.3CVSS5.2AI score0.00187EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.30 views

PT-2026-48822

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A path traversal issue exists in certain devices running UniFi OS. A malicious actor with network access can exploit this to obtain data from the affected devices or instances. Path traversa...

8.6CVSS5.2AI score0.00355EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.30 views

PT-2026-48481

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.0.13 Description A cross-site request forgery CSRF issue exists where a cross-site GET request can trigger stored cron commands on a victim's agents. The dashboard exposes a manual-trigger action via t...

7.1CVSS5.2AI score0.00123EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.30 views

PT-2026-48176

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wl radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

5.5AI score0.00329EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.30 views

PT-2026-48327

Name of the Vulnerable Software and Affected Versions Spring for Apache Kafka versions 4.0.0 through 4.0.5 Spring for Apache Kafka versions 3.3.0 through 3.3.15 Spring for Apache Kafka versions 3.2.0 through 3.2.13 Spring for Apache Kafka versions 2.9.0 through 2.9.13 Spring for Apache Kafka...

8.1CVSS6AI score0.00489EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.30 views

PT-2026-46910

Name of the Vulnerable Software and Affected Versions ansible-core affected versions not specified Red Hat Ansible Automation Platform affected versions not specified Description An argument injection flaw exists in the ansible-galaxy role install command. The issue occurs because dependency...

7.8CVSS6.1AI score0.00156EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.30 views

PT-2026-46001

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to unauthenticated adjacent network attackers...

4.3CVSS5.9AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 2:48 p.m.30 views

PT-2026-07: Local Privilege Escalation Vulnerability in the Linux Kernel (Copy Fail)

This security advisory provides information regarding a Linux kernel vulnerability, CVE-2026-31431 , informally known as Copy Fail. This vulnerability allows for local privilege escalation to the superuser root level and affects the Linux kernel module: algifaead. Vulnerability status : PT NGFW i...

8.5CVSS5.9AI score0.96267EPSS
Exploits229References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.30 views

PT-2026-45456

FlexRIC v2.0.0 contains reachable assert0 calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type e.g., E2nodeConfigurationUpdate to crash the near-RT RIC process port...

5.8AI score0.00415EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.30 views

PT-2026-45443

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

6.3AI score0.00254EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.30 views

PT-2026-44244

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the DAMON sysfs interface. Direct reads and writes of the memcg path and path files can race, as the write operation deallocates the buffer pointed to by...

9.8CVSS6.1AI score0.00513EPSS
Exploits5References290
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.30 views

PT-2026-42166

The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view sensitive data...

6.5CVSS5.8AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.30 views

PT-2026-45478

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11 Linux kernel versions prior to 6.18.34 Linux kernel versions prior to 6.12.92 Linux kernel versions prior to 6.6.142 Linux kernel versions prior to 6.1.175 Linux kernel versions prior to 5.15.209 Linux...

7.8CVSS6.8AI score0.00353EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.30 views

PT-2026-41986

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.703.2 Description Incorrect default permissions in nsjail sandbox configuration files allow the /etc directory to be bind-mounted without read-write restrictions. This enables authenticated users to write arbitrary...

9.6CVSS5.9AI score0.0024EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.30 views

PT-2026-41658

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description An issue exists where public/private permissions are not properly verified, allowing members who lack...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.30 views

PT-2026-41421

Name of the Vulnerable Software and Affected Versions jsondiffpatch versions prior to 0.7.6 Description Improper sanitization of JSON values and property names in the annotated formatter allows for Cross-site Scripting XSS. This occurs when an application compares untrusted JSON or object data an...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.30 views

PT-2026-40831

Name of the Vulnerable Software and Affected Versions Web::Passwd version 0.03 Description Web::Passwd, a small CGI application for managing htpasswd files via the htpasswd command, allows remote code execution. The user parameter is not validated or escaped before being used as the final argumen...

9.8CVSS6.2AI score0.01653EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.30 views

PT-2026-39415

Name of the Vulnerable Software and Affected Versions JeecgBoot version 3.9.1 Description A flaw in the 'mLogin' endpoint within the LoginController.java file of the jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ component allows for remote authorization...

6.3CVSS5.8AI score0.00463EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.30 views

PT-2026-38316

Name of the Vulnerable Software and Affected Versions Angular SSR versions 19.0.0-next.0 through 19.2.24 Angular SSR versions 20.x through 20.3.24 Angular SSR versions 21.x through 21.2.8 Angular SSR versions 22.0.0-next.0 through 22.0.0-next.6 Description An issue exists in the processing logic ...

6.9CVSS5.8AI score0.00203EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.30 views

PT-2026-35782

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.2 Description An improper access control issue exists in the iOS A2UI bridge, which incorrectly treats generic local-network pages as trusted origins. This allows attackers to inject unauthorized agent.request...

4.6CVSS5.8AI score0.00112EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.30 views

PT-2026-31260

Name of the Vulnerable Software and Affected Versions The Publisher Desk ads.txt versions n/a through 1.5.0 Description A missing authorization issue exists in PublisherDesk The Publisher Desk ads.txt, allowing exploitation due to incorrectly configured access control security levels...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.30 views

PT-2026-28590

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A flaw exists in the Docker daemon’s privilege validation process during docker plugin install. The daemon does not fully enforce plugin privilege checks, potentially allowing unintended...

9.4CVSS5.9AI score0.00387EPSS
Exploits0References139
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.30 views

PT-2026-27473

Name of the Vulnerable Software and Affected Versions Zabbix versions prior to 7.4 Description A design flaw in Zabbix Server/Proxy related to JavaScript Duktape context reuse can result in data leakage. Specifically, a regular Zabbix administrator may unintentionally expose data for hosts they a...

7.1CVSS5.7AI score0.00154EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.30 views

PT-2026-4146

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes PartyMaker partymaker allows PHP Local File Inclusion.This issue affects PartyMaker: from n/a through = 1.1.15...

5.5AI score0.00512EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.30 views

PT-2026-4329

Name of the Vulnerable Software and Affected Versions HPE Alletra 6000/5000 and Nimble Storage versions prior to 6.1.2.800 HPE Alletra 6000/5000 and Nimble Storage versions prior to 6.1.3.300 Description A privilege escalation flaw exists in HPE Alletra 6000/5000 and Nimble Storage arrays. An...

9CVSS5.3AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/11/23 12:0 a.m.30 views

PT-2025-47837

Name of the Vulnerable Software and Affected Versions ashraf-kabir travel-agency versions prior to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 Description A security issue exists in ashraf-kabir travel-agency. The manipulation of the edit pack argument in the /admin area/index.php file leads to SQL...

7.2CVSS4.7AI score0.00334EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.30 views

PT-2025-11089 · Unknown · Softether Vpn

Name of the Vulnerable Software and Affected Versions: SoftEther VPN version 5.02.5187 Description: The issue is related to a Buffer Overflow in the Command.c file, specifically via the PtMakeCert and PtMakeCert2048 functions. Recommendations: For SoftEther VPN version 5.02.5187, consider disabli...

9.8CVSS6.2AI score0.00582EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.30 views

PT-2023-9427 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the xhci component in the Linux kernel, where a NULL pointer dereference can occur when the host controller is not responding, causing a kernel panic. This...

8.8CVSS6.5AI score0.0193EPSS
Exploits16References1697
Positive Technologies
Positive Technologies
added 2022/02/25 12:0 a.m.30 views

PT-2022-10654

Name of the Vulnerable Software and Affected Versions jQuery-Upload-File version 4.0.11 Description A cross-site scripting XSS issue exists due to a vulnerability in the fileNameStr parameter, allowing attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload...

6.1CVSS6.6AI score0.00846EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2021/10/21 12:0 a.m.30 views

PT-2021-4560 · Php +10 · Php +10

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.31 PHP versions 7.4.x through 7.4.24 PHP versions 8.0.x through 8.0.11 Description: The issue is related to the PHP FPM SAPI component, where child worker processes can access and modify memory shared with the...

9.8CVSS6.6AI score0.9947EPSS
Exploits101References372
Positive Technologies
Positive Technologies
added 2021/07/29 12:0 a.m.30 views

PT-2021-4234 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 5.13.7 Description: The issue allows an unprivileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This is possible because the protection...

9.8CVSS5.9AI score0.93838EPSS
Exploits337References2143
Positive Technologies
Positive Technologies
added 2017/07/17 12:0 a.m.30 views

PT-2017-11760 · Bolt · Bolt Cms

Name of the Vulnerable Software and Affected Versions: Bolt CMS version 3.2.14 Description: The issue allows for stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. This can be exploited by uploading a malicious SVG file. Recommendations: For Bolt CMS version...

5.4CVSS5.5AI score0.00551EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.29 views

PT-2026-50873

Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...

10CVSS5.9AI score0.00416EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.29 views

PT-2026-50696

Name of the Vulnerable Software and Affected Versions Grav version 2.0.0-rc.9 with Admin2 version 2.0.0-rc.14 Description A stored cross-site scripting XSS issue exists in the Admin2 Pages API save flow due to a missing XSS safety check during partial validation. Stored XSS occurs when an...

5.1CVSS5.8AI score0.00299EPSS
Exploits0References8
Total number of security vulnerabilities5000