Lucene search
K
PtsecurityMost viewed

184462 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.20 views

PT-2026-40721

Name of the Vulnerable Software and Affected Versions Prometheus versions 2.49.0 through 3.5.2 Prometheus versions 3.11.0 through 3.11.2 Description In the legacy web UI, which is enabled via the --enable-feature=old-ui command-line flag, the histogram heatmap chart view fails to escape label...

6.1CVSS7.5AI score0.00182EPSS
Exploits0References202
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.20 views

PT-2026-37106

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.31.0 Description Gotenberg fails to properly validate metadata tags passed to ExifTool, a tool used for reading and writing image, audio, and video metadata. While the software blocks specific tags like FileName a...

8.2CVSS6AI score0.00347EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.20 views

PT-2026-36907

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An open source workflow automation platform contains an issue where the Snowflake node and the legacy MySQL v1 node construct SQL queries by...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.20 views

PT-2026-36763

Name of the Vulnerable Software and Affected Versions osrg GoBGP versions prior to 4.4.0 Description A remote denial of service can occur in the SRv6 L3 Service component. The issue exists within the SRv6L3ServiceAttribute.DecodeFromBytes function located in the pkg/packet/bgp/prefix sid.go file,...

7.5CVSS6.3AI score0.00464EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.20 views

PT-2026-36697

A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. Executing a manipulation of the argument fCircuitids can lead to sql injection. The...

7.5CVSS6.8AI score0.00325EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.20 views

PT-2026-36646

Name of the Vulnerable Software and Affected Versions Starlet versions prior to 0.32 Description Starlet for Perl allows HTTP Request Smuggling due to improper header precedence. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present i...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.20 views

PT-2026-36816

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17.1 Description An authenticated user with project.add permission can import a specially crafted project backup ZIP file. If the components/.json file within the ZIP contains a repo URL pointing to a private addres...

8.1CVSS5.8AI score0.00371EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.20 views

PT-2026-35369

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.19.0 through 4.19.x Apache Camel versions 4.18.0 through 4.18.1 Description The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using...

7.8CVSS6.6AI score0.00342EPSS
Exploits1References26
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.20 views

PT-2026-35359

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.20 views

PT-2026-35360

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.20 views

PT-2026-35533

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed...

9CVSS7.7AI score0.03269EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.20 views

PT-2026-35518

Name of the Vulnerable Software and Affected Versions Pimcore version 12.3.3 Description An authenticated administrative user with permissions to import or save DataObject class definitions can inject malicious composite index metadata. This action allows the execution of unintended SQL commands ...

7CVSS6AI score0.00346EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.20 views

PT-2026-35436

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.20 views

PT-2026-34651

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user...

9.8CVSS5.8AI score0.00451EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.20 views

PT-2026-37150

Name of the Vulnerable Software and Affected Versions i18next-http-middleware versions prior to 3.9.3 Description An unauthenticated HTTP client can pollute Object.prototype in the Node.js process hosting the middleware. This occurs via two unvalidated entry points: getResourcesHandler and...

8.6CVSS6.4AI score0.0031EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.20 views

PT-2026-34581

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

4.9CVSS5.9AI score0.00356EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.20 views

PT-2026-36652

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The built-in SSH server uses default configurations that advertise weak or broken key exchange, MAC, and host key algorithms. Specifically, the server supports the ecdh-sha2-nistp256,...

6.3CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.20 views

PT-2026-34193

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update,...

6.3CVSS5.9AI score0.0026EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.20 views

PT-2026-34214

Name of the Vulnerable Software and Affected Versions free5GC UDR versions prior to 1.4.3 Description A fail-open request handling flaw exists in the UDR service. The POST handler for the endpoint '/nudr-dr/v2/policy-data/subs-to-notify' continues to process requests even after encountering error...

6.9CVSS5.4AI score0.09955EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.20 views

PT-2026-34035

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their password via the profile edit page, or when a password reset is completed via the reset link, neither operation invalidates existing authenticated sessions for that user. A server-side session store...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.20 views

PT-2026-37130

rk Identity Point Panic in Transaction Verification Summary Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero" value, however, the orchard crate which is used to verify...

9.2CVSS5.8AI score0.00268EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.20 views

PT-2026-37134

Name of the Vulnerable Software and Affected Versions Wish versions 2.0.0 through 2.0.0 Description The SCP middleware in charm.land/wish/v2 is subject to path traversal. A malicious SCP client can read and write arbitrary files, as well as create directories outside the configured root directory...

9.6CVSS5.9AI score0.00393EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.20 views

PT-2026-33592

Name of the Vulnerable Software and Affected Versions Apache Airflow affected versions not specified Description An example of BashOperator in the documentation suggested a method of passing dag run.conf that allows unsanitized user input to be used. This can lead to a privilege escalation where ...

8.8CVSS5.9AI score0.00771EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.20 views

PT-2026-32859

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to cause a local denial of service, which can lead to system crashes or connection failures...

5.5CVSS6.2AI score0.00366EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.20 views

PT-2026-32279

Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

5.1CVSS5.8AI score0.00077EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.20 views

PT-2026-30730

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

6.3CVSS5.1AI score0.00188EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.20 views

PT-2026-30726

lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script execution, but the issue is...

5.3CVSS6AI score0.00299EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.20 views

PT-2026-30491

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...

6.9CVSS5.9AI score0.00173EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.20 views

PT-2026-29521

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

6AI score0.00255EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.20 views

PT-2026-29555

Name of the Vulnerable Software and Affected Versions Cisco IMC affected versions not specified Description A flaw exists in the web-based management interface of Cisco IMC that may allow a remote attacker with administrative privileges to perform a stored Cross-Site Scripting XSS attack against ...

4.8CVSS6.2AI score0.00237EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.20 views

PT-2026-28659

Name of the Vulnerable Software and Affected Versions itsourcecode Payroll Management System version 1.0 Description A security flaw exists in itsourcecode Payroll Management System version 1.0. The issue affects an unknown function within the /index.php file. Manipulation of the page argument ca...

5.3CVSS5AI score0.00269EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.20 views

PT-2026-27167

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...

7.5CVSS5.7AI score0.00234EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.20 views

PT-2026-26773

Name of the Vulnerable Software and Affected Versions goxmlsig versions prior to 1.6.0 goxmlsig versions prior to 1.22 when using older Go versions or go.mod versions Description The validateSignature function in validate.go has a loop variable capture issue in Go versions before 1.22, or when...

9.8CVSS5.9AI score0.00299EPSS
Exploits1References186
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.20 views

PT-2026-35967

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.4.0 through 4.14.3 Description A path traversal issue exists in the cluster synchronization extraction routine, specifically within the decompress files function. This allows an authenticated cluster peer to write arbitrary...

9.9CVSS6.5AI score0.00399EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.20 views

PT-2026-25842

DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.20 views

PT-2026-25544

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Manipulation of the mode argument can lead to operating system command injection. This attack can be...

7.5CVSS7AI score0.0114EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.20 views

PT-2026-24744

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered...

8.2CVSS5.8AI score0.00118EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.20 views

PT-2026-24832

A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error...

6.9CVSS6.1AI score0.00095EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.20 views

PT-2026-24446

In mfc dec dqbuf of mfc dec v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00081EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.20 views

PT-2026-23660

Name of the Vulnerable Software and Affected Versions AppEngine affected versions not specified Description An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical...

9.8CVSS6AI score0.00886EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.20 views

PT-2026-26006

Summary A local process can capture the OpenClaw Gateway auth token from Chrome CDP probe traffic on loopback. Details Affected versions inject x-openclaw-relay-token for loopback CDP URLs, and CDP reachability probes send that header to /json/version. If an attacker controls the probed loopback...

6.1CVSS5.9AI score0.00126EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.20 views

PT-2026-21622

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

4.9CVSS5.5AI score0.01124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.20 views

PT-2026-20773

Reflected Cross-site Scripting XSS in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vulnerability can be exploited to steal sensitive user...

5.1CVSS5.8AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.20 views

PT-2026-8309

Name of the Vulnerable Software and Affected Versions Tosei Self-service Washing Machine version 4.02 Description A flaw exists in Tosei Self-service Washing Machine version 4.02. The issue impacts an unknown function within the /cgi-bin/tosei datasend.php file. Manipulation of the adr txt 1...

7.5CVSS7.1AI score0.02268EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.20 views

PT-2026-8310

Name of the Vulnerable Software and Affected Versions Comfast CF-N1 V2 version 2.6.0.2 Description A remote command injection issue exists in Comfast CF-N1 V2 2.6.0.2. The issue is located in the sub 44AC4C function within the /cgi-bin/mbox-config file. Manipulation of the bandwidth argument in t...

6.5CVSS6.7AI score0.13525EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.20 views

PT-2026-8246

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough networks parameter in vpn ipsec settings.php. Attackers can craft POST requests with JavaScript payloads in the passthrough networks parameter to...

6.1CVSS5.7AI score0.00319EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.20 views

PT-2026-8024

Name of the Vulnerable Software and Affected Versions lakeFS versions prior to 1.77.0 Description lakeFS, an open-source tool for transforming object storage into Git-like repositories, contains path traversal issues in its local block adapter pkg/block/local/adapter.go. The verifyRelPath functio...

9.9CVSS5.4AI score0.27661EPSS
Exploits45References125
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.20 views

PT-2026-7964

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions a...

6CVSS5.5AI score0.00191EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.20 views

PT-2026-7969

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package for CENTU...

6CVSS5.2AI score0.00171EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.20 views

PT-2026-7435

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from hash may allow for executing arbitrary Ruby code...

6.9CVSS5.6AI score0.00196EPSS
Exploits0References2
Total number of security vulnerabilities5000