Lucene search
K
PtsecurityMost viewed

184315 matches found

Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.31 views

PT-2026-38395

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description Sandboxed code can call the Buffer.alloc function with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, the timeout option cannot...

7.8CVSS6AI score0.00424EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.31 views

PT-2026-5454

Name of the Vulnerable Software and Affected Versions IBM Db2 for Windows versions 12.1.0 through 12.1.3 Description IBM Db2 for Windows versions 12.1.0 through 12.1.3 may allow a local user with filesystem access to escalate their privileges. This is due to the use of an unquoted search path...

8.4CVSS5.2AI score0.00163EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.31 views

PT-2025-52212

Name of the Vulnerable Software and Affected Versions Bitrix24 versions prior to 25.100.301 Description Remote Code Execution is possible because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. The supplier...

6.3CVSS6AI score0.01028EPSS
Exploits3References12
Positive Technologies
Positive Technologies
added 2025/08/31 12:0 a.m.31 views

PT-2025-35402

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar that allows for cross site scripting. The issue is related to the manipulation of the nm tipo argument within the file /intranet/educar tipo...

5.4CVSS3.2AI score0.00217EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.31 views

PT-2025-26000 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the apparmor module. The issue occurs when the copy from user function fails, causing a memory leak due to...

7.8CVSS5.7AI score0.12746EPSS
Exploits16References579
Positive Technologies
Positive Technologies
added 2023/04/13 12:0 a.m.31 views

PT-2023-2756 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.2.13 Description: The issue is related to the qfq change class function in the Linux kernel, which allows an out-of-bounds write because lmax can exceed QFQ MIN LMAX. This can potentially impact the...

10CVSS6.5AI score0.93838EPSS
Exploits85References2220
Positive Technologies
Positive Technologies
added 2022/02/25 12:0 a.m.31 views

PT-2022-10654

Name of the Vulnerable Software and Affected Versions jQuery-Upload-File version 4.0.11 Description A cross-site scripting XSS issue exists due to a vulnerability in the fileNameStr parameter, allowing attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload...

6.1CVSS6.6AI score0.00846EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2019/09/27 12:0 a.m.31 views

PT-2019-4415 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.6 Description: A memory leak in the nfp abm u32 knode replace function in drivers/net/ethernet/netronome/nfp/abm/cls.c allows attackers to cause a denial of service memory consumption. The issue has been...

10CVSS6.4AI score0.98745EPSS
Exploits124References862
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.30 views

PT-2026-51194

Name of the Vulnerable Software and Affected Versions Ezbsystems UltraISO Premium Edition versions prior to 9.77 Description Improper access controls exist within the Kernel Driver component, specifically affecting the bootpt64.sys library. This issue allows for unauthorized access when manipulat...

8.5CVSS7.1AI score0.00113EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-51008

Name of the Vulnerable Software and Affected Versions @microsoft/kiota-http-fetchlibrary versions 1.0.0-preview.97 through 1.0.0-preview.101 Description The RedirectHandler in the library fails to properly remove sensitive headers during cross-origin redirects. While it is intended to strip...

6.9CVSS5.8AI score0.0065EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-50897

Name of the Vulnerable Software and Affected Versions Line Desktop MCP versions prior to 1.1.2 Description Line Desktop MCP allows users to operate the LINE Desktop application on Windows or Mac via Model Context Protocol MCP. When using the --http-mode Streamable HTTP transport, the server binds...

8.8CVSS5.9AI score0.00323EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-50907

Name of the Vulnerable Software and Affected Versions Iperius Remote version 1.7.0 Description An unquoted service path issue exists where the service installation path is not enclosed in quotes. This allows local users to execute arbitrary code with SYSTEM privileges. If the software is installe...

8.5CVSS6.1AI score0.00122EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-51066

Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlab git/handlers.py:91 to enforce the admin-configured excluded paths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive...

7.1CVSS6AI score0.00285EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.30 views

PT-2026-50896

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.5.0 through 3.16.0 Description An authentication bypass issue exists in the opa plugin. An attacker can relay spoofed identity headers to upstream services by exploiting non-default configurations in the opa plugin,...

5.4CVSS5.9AI score0.00359EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.30 views

PT-2026-50401

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.30 views

PT-2026-50185

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...

6.8CVSS5.3AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-50047

Name of the Vulnerable Software and Affected Versions Oracle iSupport versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle iSupport product within Oracle E-Business Suite. A high privileged attacker with network access via HTTP can exploit...

9.1CVSS5.8AI score0.00462EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-49965

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Oracle Management Service component of the Oracle Enterprise Manager Base Platform. This flaw allows a...

9.8CVSS5.8AI score0.00508EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-49943

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: End User Self Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Identity...

6.5CVSS5.1AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-49705

Name of the Vulnerable Software and Affected Versions FactoryTalk Historian Site Edition affected versions not specified Description An authentication bypass issue exists where an attacker can obtain a valid authentication token by continually sending requests to the login endpoint. Recommendatio...

9.2CVSS5.9AI score0.0029EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.30 views

PT-2026-49074

Name of the Vulnerable Software and Affected Versions abrt-dbus affected versions not specified Description A race condition exists in the ChownProblemDir method of the abrt-dbus D-Bus service. The ChownProblemDir method opens the dump directory using DD OPEN READONLY and executes dd chown to...

7CVSS5.2AI score0.00091EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.30 views

PT-2026-48932

Summary A NoSQL injection vulnerability existed in MongoDBSaver where checkpoint identifier fields from config.configurable were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads for example MongoDB operators like $gt and $ne coul...

6.7CVSS5.4AI score0.00022EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.30 views

PT-2026-48822

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A path traversal issue exists in certain devices running UniFi OS. A malicious actor with network access can exploit this to obtain data from the affected devices or instances. Path traversa...

8.6CVSS5.2AI score0.00355EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.30 views

PT-2026-48481

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.0.13 Description A cross-site request forgery CSRF issue exists where a cross-site GET request can trigger stored cron commands on a victim's agents. The dashboard exposes a manual-trigger action via t...

7.1CVSS5.2AI score0.00123EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.30 views

PT-2026-48176

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wl radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

5.5AI score0.00329EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.30 views

PT-2026-48327

Name of the Vulnerable Software and Affected Versions Spring for Apache Kafka versions 4.0.0 through 4.0.5 Spring for Apache Kafka versions 3.3.0 through 3.3.15 Spring for Apache Kafka versions 3.2.0 through 3.2.13 Spring for Apache Kafka versions 2.9.0 through 2.9.13 Spring for Apache Kafka...

8.1CVSS6AI score0.00489EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.30 views

PT-2026-46910

Name of the Vulnerable Software and Affected Versions ansible-core affected versions not specified Red Hat Ansible Automation Platform affected versions not specified Description An argument injection flaw exists in the ansible-galaxy role install command. The issue occurs because dependency...

7.8CVSS6.1AI score0.00156EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2026/06/01 2:48 p.m.30 views

PT-2026-07: Local Privilege Escalation Vulnerability in the Linux Kernel (Copy Fail)

This security advisory provides information regarding a Linux kernel vulnerability, CVE-2026-31431 , informally known as Copy Fail. This vulnerability allows for local privilege escalation to the superuser root level and affects the Linux kernel module: algifaead. Vulnerability status : PT NGFW i...

8.5CVSS5.9AI score0.96267EPSS
Exploits229References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.30 views

PT-2026-45456

FlexRIC v2.0.0 contains reachable assert0 calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type e.g., E2nodeConfigurationUpdate to crash the near-RT RIC process port...

5.8AI score0.00415EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.30 views

PT-2026-45443

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

6.3AI score0.00254EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.30 views

PT-2026-44244

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the DAMON sysfs interface. Direct reads and writes of the memcg path and path files can race, as the write operation deallocates the buffer pointed to by...

9.8CVSS6.1AI score0.00513EPSS
Exploits6References290
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.30 views

PT-2026-41986

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.703.2 Description Incorrect default permissions in nsjail sandbox configuration files allow the /etc directory to be bind-mounted without read-write restrictions. This enables authenticated users to write arbitrary...

9.6CVSS5.9AI score0.0024EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.30 views

PT-2026-45478

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11 Linux kernel versions prior to 6.18.34 Linux kernel versions prior to 6.12.92 Linux kernel versions prior to 6.6.142 Linux kernel versions prior to 6.1.175 Linux kernel versions prior to 5.15.209 Linux...

7.8CVSS6.8AI score0.00353EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.30 views

PT-2026-41658

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description An issue exists where public/private permissions are not properly verified, allowing members who lack...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.30 views

PT-2026-41421

Name of the Vulnerable Software and Affected Versions jsondiffpatch versions prior to 0.7.6 Description Improper sanitization of JSON values and property names in the annotated formatter allows for Cross-site Scripting XSS. This occurs when an application compares untrusted JSON or object data an...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.30 views

PT-2026-40831

Name of the Vulnerable Software and Affected Versions Web::Passwd version 0.03 Description Web::Passwd, a small CGI application for managing htpasswd files via the htpasswd command, allows remote code execution. The user parameter is not validated or escaped before being used as the final argumen...

9.8CVSS6.2AI score0.01653EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.30 views

PT-2026-39945

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.30 views

PT-2026-39415

Name of the Vulnerable Software and Affected Versions JeecgBoot version 3.9.1 Description A flaw in the 'mLogin' endpoint within the LoginController.java file of the jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ component allows for remote authorization...

6.3CVSS5.8AI score0.00463EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.30 views

PT-2026-38316

Name of the Vulnerable Software and Affected Versions Angular SSR versions 19.0.0-next.0 through 19.2.24 Angular SSR versions 20.x through 20.3.24 Angular SSR versions 21.x through 21.2.8 Angular SSR versions 22.0.0-next.0 through 22.0.0-next.6 Description An issue exists in the processing logic ...

6.9CVSS5.8AI score0.00203EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.30 views

PT-2026-35782

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.2 Description An improper access control issue exists in the iOS A2UI bridge, which incorrectly treats generic local-network pages as trusted origins. This allows attackers to inject unauthorized agent.request...

4.6CVSS5.8AI score0.00112EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.30 views

PT-2026-31260

Name of the Vulnerable Software and Affected Versions The Publisher Desk ads.txt versions n/a through 1.5.0 Description A missing authorization issue exists in PublisherDesk The Publisher Desk ads.txt, allowing exploitation due to incorrectly configured access control security levels...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.30 views

PT-2026-28590

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A flaw exists in the Docker daemon’s privilege validation process during docker plugin install. The daemon does not fully enforce plugin privilege checks, potentially allowing unintended...

9.4CVSS5.9AI score0.00387EPSS
Exploits0References139
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.30 views

PT-2026-27473

Name of the Vulnerable Software and Affected Versions Zabbix versions prior to 7.4 Description A design flaw in Zabbix Server/Proxy related to JavaScript Duktape context reuse can result in data leakage. Specifically, a regular Zabbix administrator may unintentionally expose data for hosts they a...

7.1CVSS5.7AI score0.00154EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.30 views

PT-2026-4146

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes PartyMaker partymaker allows PHP Local File Inclusion.This issue affects PartyMaker: from n/a through = 1.1.15...

5.5AI score0.00512EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.30 views

PT-2026-4329

Name of the Vulnerable Software and Affected Versions HPE Alletra 6000/5000 and Nimble Storage versions prior to 6.1.2.800 HPE Alletra 6000/5000 and Nimble Storage versions prior to 6.1.3.300 Description A privilege escalation flaw exists in HPE Alletra 6000/5000 and Nimble Storage arrays. An...

9CVSS5.3AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/11/23 12:0 a.m.30 views

PT-2025-47837

Name of the Vulnerable Software and Affected Versions ashraf-kabir travel-agency versions prior to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 Description A security issue exists in ashraf-kabir travel-agency. The manipulation of the edit pack argument in the /admin area/index.php file leads to SQL...

7.2CVSS4.7AI score0.00334EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.30 views

PT-2025-26088 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A possible refcount leak in the if usb probe function has been resolved. The issue occurs because usb get dev is called before lbs get firmware async, which means usb put dev needs to ...

7.8CVSS5.8AI score0.12746EPSS
Exploits16References587
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.30 views

PT-2025-11089 · Unknown · Softether Vpn

Name of the Vulnerable Software and Affected Versions: SoftEther VPN version 5.02.5187 Description: The issue is related to a Buffer Overflow in the Command.c file, specifically via the PtMakeCert and PtMakeCert2048 functions. Recommendations: For SoftEther VPN version 5.02.5187, consider disabli...

9.8CVSS6.2AI score0.00582EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.30 views

PT-2023-9427 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the xhci component in the Linux kernel, where a NULL pointer dereference can occur when the host controller is not responding, causing a kernel panic. This...

8.8CVSS6.5AI score0.0193EPSS
Exploits16References1697
Positive Technologies
Positive Technologies
added 2021/10/21 12:0 a.m.30 views

PT-2021-4560 · Php +10 · Php +10

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.31 PHP versions 7.4.x through 7.4.24 PHP versions 8.0.x through 8.0.11 Description: The issue is related to the PHP FPM SAPI component, where child worker processes can access and modify memory shared with the...

9.8CVSS6.6AI score0.9947EPSS
Exploits101References372
Total number of security vulnerabilities5000